Japan enacted a new Active Cyberdefense Law on Friday May 16th to bolster security. This law permits authorities to preemptively engage adversaries using offensive cyber operations. Its main goal is to suppress serious cyber threats before they cause significant damage. The new legislation was first proposed and seriously discussed by officials back in 2022. It is intended to help Japan strengthen its overall national cyber defense capabilities. Japan now aims to reach a cyber defense level equal to major Western powers. This law clearly marks a significant break from Japan’s traditional cyber defense approach. Previously Japan’s cyber defense closely tracked its Article 9 constitutional commitment to pacifism.
The new Active Cyberdefense Law mirrors recent reinterpretations of the constitutional Article 9.
This now provides Japan’s Self-Defence Forces with the important right to support allies. The justification is that failing to do so could endanger the entire country. It explicitly allows law enforcement to infiltrate and neutralize any hostile foreign servers. This can be done preemptively before any malicious online activity has actually taken place.
These offensive actions must occur below the threshold of an armed attack against Japan. Meanwhile Japan’s Self-Defence Forces will tackle particularly sophisticated and complex cyber incidents.
This proactive stance should enable Japan to respond to cyberattacks more quickly and effectively.
This new law also provides the Japanese government with power to analyze foreign internet traffic. This includes all traffic entering the country or even just transiting through its networks. However officials stressed the government will not collect or analyze the actual traffic contents. Furthermore the analysis of any internet traffic generated domestically by citizens is not permitted. The government argues most cyberattacks Japan faces originate from various international hostile sources.
This law has caused some controversy over potential infringement on constitutional Article 21 rights. An independent oversight panel will be established to give prior authorization for data collection. This panel will also approve any planned offensive operations intended to target attackers’ servers.
This legal shift comes as attacks targeting Japan are reportedly at an all-time high. Both financially-motivated and state-sponsored cyberattacks are increasing according to official government reports. For instance suspected Chinese hackers breached Japan’s cybersecurity agency according to a 2023 report.
Reference:
