Japan’s Cybersecurity Policy: An Introduction

Japan’s cybersecurity policy and international engagements on cybersecurity have been developing rapidly. The paper aims to give a current (2018–2019) state of affairs taking into account that the field of cybersecurity and Japan’s approach towards solving cybersecurity challenges are changing fast. It therefore aims to provide a bigger picture in order to introduce scholars, policymakers and interested individuals to different aspects of how Japan approaches cybersecurity challenges. It is an easy first introduction to important issues in fostering international engagement with Japanese stakeholders. The paper starts with an overview of Japan’s main policies—strategies implemented in 2018 and 2019—and analyses which issues drive cybersecurity policy development in Japan. This is followed by a visual of main stakeholders, focusing on the relationships between them. Finally, the paper touches on the extensive international activities of Japanese stakeholders, highlighting that Japan’s international work on cybersecurity is vast and ownership is taken by domestic ministries as much as the Ministry of Foreign Affairs.

Key points:

• Japan’s cybersecurity policies and architecture have been advancing since 2015, with the Tokyo 2020 Olympic and Paralympic Games (now rescheduled for 2021) and the vision for a Society 5.0 being the main catalysts for rapid actions addressing vulnerabilities and threats.
• The Japanese government relies on Public Private Partnerships and Public Civil Partnerships to tackle cybersecurity challenges such as a lack of cybersecurity workforce, information sharing and incident response.
• Japan is applying similar policy instruments to those of the EU and the US to address common challenges of Internet of Things (IoT) security and supply chain security, such as certifications, minimum standards and transparency requirements. In the development of policies, Japan already puts particular emphasis on building mutual recognition systems among the US and Europe, aiming to prevent the spread of unique rules that distort private entities’ activities. This is done by allowing international comments on draft frameworks and developing correspondence tables to other standards.
• Domestically, Japan is piloting some new approaches to address cybersecurity challenges, for example its distinct use of cybersecurity workforce training programs and rotation of staffers among ministries and its information security agency to tackle the workforce shortage as well as testing preventative scanning of IoT devices more broadly to achieve password security.
• Japan’s international cybersecurity policy and engagements are shaped by domestic and foreign priorities of different ministries that address cybersecurity vulnerabilities and threats in Japan and abroad.