Book - Japan's Active Cyber Defense - A new direction for National Security Strategy

New Book - Japan’s Active Cyber Defense

Excited to to announce the publication of a book titled “Japan’s Active Cyber Defense - A new direction for National Security” from Nikkei BP (written in Japanese). This book delves into Japan’s evolving cybersecurity posture, particularly its adoption of an active cyber defense (ACD) concept. Followings are takeaways from the preface of the book.

• This book aims to examine Japan’s active cyber defense concept and how Japan’s cyber-related policies evolved, what they encompassed. Particulary it focuses on how the concept has been integrated into the broader context of national security strategy, defense policy, and cybersecurity frameworks.
• In the two decades following the cyber attacks on Japanese government agencies in 2000, Japan’s approach to cybersecurity has undergone a significant evolution. While the government announced an active cyber defense policy as part of its national security strategy in 2020, the path to a coherent cybersecurity framework remains complex and challenging. Despite numerous security strategies, cyber-related initiatives, and defense policies developed in response to domestic and international cyber threats—including measures surrounding the Tokyo Olympics and Paralympics—Japan still struggles to establish a clear and effective cybersecurity posture.
  
• The persistent vulnerability to ransomware attacks and data breaches, despite ongoing countermeasures by both government and private sectors, underscores a fundamental challenge: there is no definitive solution to cybersecurity threats. Japan’s historical vulnerability in the cyber domain appears to be a continuing concern that requires persistent attention and adaptation.
  
• The 2010s marked a crucial shift as cybersecurity emerged as a critical component of Japan’s national security framework. Prior to this period, while the government acknowledged the strategic significance of the cyber domain, it had not elevated cybersecurity to a priority political issue. The intersection of information and communication technology with national security presented a unique challenge: despite its clear importance, the question of who would secure Japan’s information infrastructure, and how, remained largely unaddressed in political discourse.
  
• Since 2000, the landscape of information and cybersecurity has involved complex interactions between political entities, government agencies, and industry stakeholders. These relationships manifest in industrial policy, defense strategy, and law enforcement initiatives, all requiring dedicated cybersecurity budgets and personnel. However, persistent challenges—including bureaucratic silos, workforce shortages, and insufficient resources—have remained unresolved for over two decades.