The gist of Japan’s Cybersecurity Strategy adopted in June 2013

Initial Disclosure Date: Jun 13, 2013

On June 10, 2013, the Information Security Policy Council adopted the Cybersecurity Strategy. The Japanese government used to employ the wording, information security,” for its policy and Basic Plans. Since there is an increasing number of cyber threats which are beyond information security such as sabotage against critical infrastructure, Tokyo decided to use cybersecurity in order to address all of these issues for the first time.

The strategy aims to develop “world-leading,” “resilient,” and “dynamic” cyberspace and make Japan a global leader for cybersecurity. The document has four basic concepts to realize this.

  • Ensure the free flow of information
  • Provide new response to risks that are becoming more serious
  • Respond to cyber threats on a risk base
  • Take actions and cooperate with others based on their own social responsibility

The strategy lists the following entities as cybersecurity actors. The government plans to give moreauthority to the National Information Security Center (NISC) in order to enable them serve as a cybersecurity command and reorganize the NISC to Cybersecurity Center by the end of March 2016.

  • Nation
  • Critical infrastructure-related companies
  • The industry and academia
  • Users, SMBs
  • Cyberspace-related companies

The Japanese government has to take following actions to make cyberspace “resilient”:

  • Improve the level of information security: raise the security level to minimize supply chain risks
  • Strengthen the capability to counter cyber-attacks: conduct annual exercise/simulation; recruit/hire capable mid-career experts; and enhance the information assurance system

Japan has to take following actions to protect critical infrastructure:

  • Establish an institute to evaluate and issue certificate for industrial control systems
  • Add more categories to critical infrastructure if cyber-attacks on them may bring significant impacts on the lives of citizens and their socioeconomic activities

The academia and industry have to take following actions:

  • Provide information and consultation for SMBs
  • Provide incentives such as lower taxes so that SMBs can invest more in information security
  • Invite SMBs to exercises

Hygiene for cyberspace:

  • Launch “Cyber Clean Day” to raise awareness among users
  • Create a database regarding malicious websites
  • Improve the liability for software quality

Counter cyber-crimes:

  • Establish a Japanese-version of the National Cyber-Forensics and Training Alliance (NCFTA), which the FBI has
  • Start discussions on log saving, taking the secrecy of communication into consideration under the constitution

Cyber defense:

  • Cyberspace is a new “domain” in addition to the other four --- land, sea, air, and space
  • The Self-Defense Forces (SDF) are responsible for countering cyber-attacks when they constitute part of armed attacks
  • Establish Cyber Defense Unit under the SDF

Japan has to take following actions to make cyberspace “dynamic”:

  • Revitalize the industry: clarify how much the Copyright Law is applicable to reverse engineering for cybersecurity; and create advanced services based on big data analysis
  • Research and development
  • Education and training
  • Improvement of literacy

Japan has to take following actions to develop “world-leading” cyberspace:

  • Diplomacy: keep studying how international law such as the Charter of the United Nations and the international humanitarian law is applicable to cyberspace; establish confidence-building to avoid any escalation of tensions; and prioritize cooperation with the United States as the ally
  • International cooperation: strengthen cooperation with developing countries such as the ASEAN; and strengthen cooperation with foreign law enforcement


※ Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.