Japan's efforts to elevate its cybersecurity are transforming its defence capabilities across land, sea, air, and outer space, marking a shift in its national and regional security strategy
Japan's engagement with cybersecurity as a critical domain has evolved significantly since the year 2000 when the government first acknowledged the issue in its Action Plan for Establishing Information Systems Protection. This recognition spurred a series of initiatives aimed at bolstering Japan's cyber defences, including the Special Action Plan on Cyber-terrorism and the inaugural National Strategy on Information Security, which primarily adopted a preventive approach focusing on crime prevention and infrastructure development. The foundation for Japan's cybersecurity infrastructure was further strengthened through the enactment of The Basic Act on Cybersecurity in 2014, which led to the creation of the Cybersecurity Strategic Headquarters and a Cybersecurity Council. Subsequently, the landscape of Japan's cybersecurity strategy underwent a significant shift in 2015 with the introduction of the Cybersecurity Strategy, marking the domain's emergence as a standalone field critical to technological advancement, and foreign and defence policies.
The foundation for Japan's cybersecurity infrastructure was further strengthened through the enactment of The Basic Act on Cybersecurity in 2014, which led to the creation of the Cybersecurity Strategic Headquarters and a Cybersecurity Council.
Tokyo's Cybersecurity Strategy emphasises a strong research and development (R&D) focus to address the growing complexity of cyber threats while advocating for collaborative efforts with various stakeholders across industries to enhance cybersecurity technologies in networks, hardware, and software, particularly with the rise of the Internet of Things (IoT). This strategy aims at bolstering detection and defence mechanisms against advanced cyber-attacks and supports multidisciplinary research that spans legal, policy, and technological domains, highlighting the interconnectedness of cyberspace and physical reality. Securing core technologies for an autonomous cyber defence capability is prioritised, along with fostering international cooperation for developing forward-looking cybersecurity solutions. The Council for Science, Technology, and Innovation, among others, has promoted industry-academia-public coordination to navigate the changing cyber threat landscape and align with stakeholder interests.
To meet the requirements for bolstering its cybersecurity plans, Japan has significantly increased its defence budget to improve cybersecurity capabilities and personnel. In the fiscal year 2020, approximately 25.6 billion yen (US$ 237.12 million) was allocated to cybersecurity, including the development of an AI-driven system to detect malicious emails and assess cyber threats, and the expansion of the Cyber Defence Group's staff. This investment is part of a consecutive nine-year increase in the defence budget, underscoring the ongoing investment in cybersecurity. Additionally, the deployment of an advanced vehicle-mounted Network Electronic Warfare System (NEWS) in March 2020 and the establishment of an electronic warfare capability unit in March 2021 highlight Japan's commitment to enhancing its electronic warfare capabilities, recognising the strategic importance of the electromagnetic spectrum in national defence.
Securing core technologies for an autonomous cyber defence capability is prioritised, along with fostering international cooperation for developing forward-looking cybersecurity solutions.
The 2017 Global Cybersecurity Index (GCI) assesses the commitment of nations to cybersecurity across five pillars—legal, technical, organisational, capacity building, and cooperation—based on responses to a questionnaire featuring 157 questions. Japan ranked 12th in this index with a score of 0.786, indicating a strong national commitment to cybersecurity, although the country's cyber defence capabilities were identified as areas for further development and maturity. Nonetheless, Japan's efforts align with 16 action items of the GCI's ‘dynamic’ stage, showcasing its progress in strengthening its cybersecurity posture.
In a strategic move to enhance its cyber defence capabilities, the Japanese government approved crucial security documents, including the National Security Strategy (NSS) and the Defence Buildup Programme (DBP), on 16 December 2022. These documents outline Japan's diplomatic and defence strategies for the coming decade, responding to the evolving security landscape, notably China's military expansion. The revised NSS marks significant changes, advocating for an increased defence budget, the procurement of extended-range missiles, and support for the export of defence equipment. It notably emphasises enhancing cybersecurity, highlighting the development of information warfare capabilities and the adoption of active cyber defence measures.
In line with these initiatives, the Ministry of Foreign Affairs and the Ministry of Defence are set to leverage artificial intelligence (AI) for superior monitoring and analysis of the information space and an increase in its cyber personnel and training programmes to meet the objectives of the DBP. The National Centre for Incident Readiness and Strategy for Cybersecurity (NISC) was formed in 2015 as a restructured centre to coordinate policy and command cyber units alongside the Japan Self-Defence Force (JSDF) and the police. These developments underscored the government's commitment towards fortifing its cyber defences through comprehensive legal frameworks. However, despite these advancements, Japan has yet to formulate a distinct strategy specifically for cyber defence, opting instead to integrate these considerations within broader national defence frameworks such as the Defence White Paper and the National Defence Program Guidelines.
The National Centre for Incident Readiness and Strategy for Cybersecurity (NISC) was formed in 2015 as a restructured centre to coordinate policy and command cyber units alongside the Japan Self-Defence Force (JSDF) and the police.
Japan is actively leading efforts to create a counter-cyber-attack grid in the Indo-Pacific region, aiming to enhance its alliances and protect against cyber threats. This ambitious initiative involves setting up a collaborative network of cyber defence across Pacific islands, enhancing cybersecurity cooperation with neighbouring countries. This move is in line with Japan's vision for a free and open Indo-Pacific, designed to counterbalance the rising influence of powers like Russia, North Korea, and particularly China. Japan's goal is to pre-empt cyberattacks, thus ensuring national security and maintaining stability in the region. To this end, the Foreign Ministry of Japan has proposed a substantial investment of US$75 billion in the 2024 draft budget to bolster cyber capabilities through strengthened partnerships with South and Southeast Asian nations, thereby promoting peace, connectivity, and security in the Indo-Pacific. Moreover, Japan is expanding its cyber capabilities within the Quad and the Association of Southeast Asian Nations (ASEAN). Its partnership with NATO has also deepened over the years, focusing on securing cyberspace and enhancing cooperation through various joint activities, seminars, and participation in exercises. A milestone in this collaborative effort was the signing of the Individual Partnership and Cooperation Programme in 2020, exemplifying Japan's commitment to international cooperation in cybersecurity.
These advances signal Tokyo’s intent to become a leading “cyber power,” a vision that gained momentum under former Prime Minister Abe Shinzo's administration, which recognised the critical security implications of rising cyber threats. Japan has not only enhanced its domestic policy framework and defensive cybersecurity capabilities but is also aligning its strategies with those of the United States (US), its key ally, to jointly address cyber threats, notably from China. The increased emphasis on cybersecurity underscores a significant shift in Japan’s security posture, acknowledging the essential role of cybersecurity in defence and strategy. With initiatives aimed at integrating ‘cross-domain’ operations, Japan's efforts to elevate its cybersecurity are transforming its defence capabilities across land, sea, air, and outer space, marking a transformation in its national and regional security strategy.
Pratnashree Basu is an Associate Fellow at the Observer Research Foundation
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.
Pratnashree Basu is an Associate Fellow, Indo-Pacific at Observer Research Foundation, Kolkata, with the Strategic Studies Programme and the Centre for New Economic Diplomacy. She ...
Read More +
PREV
