As Rob Sheldon and Mihoko Matsubara have noted in previous guest posts, there has been a great deal of cybersecurity policy activity in Japan over the last year, both on the domestic and international fronts. In June 2013, Japan’s Information Security Policy Council released a new cybersecurity strategy. In October, the United States and Japan announced a new Cyber Defense Policy Working Group, and in the same month Japan released its first International Strategy on Cybersecurity.
I am just back from a few days in Tokyo, and my conversations with Japanese officials and analysts outside of government suggested that now might be the time for Japan to take an even larger role in international discussions about cyberspace. These conversations highlighted five major issues:
1. Shift from information security to cybersecurity: As the June 2013 strategy notes, there was a conscious decision to replace “information security” with “cybersecurity.” The strategy itself is not particularly clear on why that matters. Japanese officials told me “information security” was too broad, and I always thought that in the previous strategies cyberattacks had the feeling of a natural disasters—something that happened with no real source of direction or agency. The new strategy is very clear about the threat of state-backed attackers. One analyst brought up the much more sensitive possibility that the term cybersecurity was used because it can embrace both defense and offense but of course officials waved off the idea that Japan could conduct cyberattacks.
2. Uncertainty about the National Information Security Center: The Diet passed a bill creating a National Security Council (NSC) in November, and the new council is expected to start operating as early as January. Once that happens, it looks like the National Information Security Center’s role will remain crisis management in case of a widespread cyber event, but that mid- to long-term planning for cyber as part of a national strategy will shift to the NSC. While the NSC will be small compared to the U.S. version, it is assumed they will take a strong lead in cyber.
3. Need for talent: This is not unique to Japan, as the necessary computer expertise appears to be scarce across the region—one report, for example, suggests India has only 556 experts—but at every talk I gave, someone came up to me after and asked how the United States was addressing the skills gap.
4. The importance of ASEAN: Officials from every ministry I met with noted Japan’s partnership with ASEAN as an especially important development. Officials hope to help develop local capabilities and create market opportunities for Japanese companies as Southeast Asian countries lay more fiber optic cable. But they also acknowledged that China is developing a similar partnership with ASEAN, and that a positive outcome was not guaranteed.
5. Two-way street with the United States: While everyone I spoke with was enthusiastic about expanded bilateral cooperation with the United States, there was a good deal of questioning about what Japan would bring to the table. It is inevitable that Japan will follow the United States to some degree, given that the United States has been at this longer than Japan, at a much larger scale. The cyber unit in Japan’s Self Defense Forces may total only one hundred compared to one thousand in South Korea and four thousand in U.S. Cyber Command. Still, as one official put it, the relationship can be like “teacher and student” for only so long before it becomes counterproductive. One analyst suggested that Tokyo had unique intelligence capabilities in East Asia that it could share more closely with Washington.
Given my visit coincided with Beijing’s declaration of an air defense identification zone in the East China Sea, there was surprisingly little discussion of Japan’s large neighbor. But Tokyo should be thinking bigger in cyber, not just about China. At almost every meeting I heard references to Tokyo’s desire to build a rule-based system for the region’s economy and security, and this is Tokyo’s message for cyberspace as well. Washington and Tokyo’s interests overlap, but because of the Snowden revelations, many are unlikely to follow Washington’s lead right now. This is a perfect time for Japan to step up and promote a global, open, and secure cyberspace.