Rob Sheldon: Advancing U.S.-Japan Collective Cyber Capabilities (Part I: Context)

Rob Sheldon is a 2013-2014 Mansfield Fellow based in Tokyo. Follow him at @shorttelegrams. Also see Part II and Part III of this series.

After several years of incremental improvements, Washington and Tokyo are now more purposefully advancing their alliance into the cyber age. During the October 3, 2013, Security Consultative Committee (“2+2”) meeting in Tokyo, cabinet members from both sides agreed to establish a new Cyber Defense Policy Working Group (CDPWG), intended to promote cyber cooperation between their respective defense establishments and governments. Official statements following the dialogue indicate that each side views this as a central achievement of the meeting and a key forum for future cooperation. More generally, cybersecurity has the potential to be a key manifestation of the alliance over the coming decades. But Washington and Tokyo must first overcome various constraints, both domestically and within the alliance. This piece, the first of a three-part series, surveys recent developments in Japanese cyber policy within the context of more fundamental changes in Japan’s defense policy.

Japan’s cyber policy

Over the past few years, Japan has taken a number of significant steps—domestic, bilateral, multilateral, and international—to modernize its cybersecurity policy. In 2011, the United States and Japan held their first working-level meeting of the bilateral Strategic Policy Dialogue on Cyber Security. The pace increased notably last year. In April, the topic of cyber rose to the head-of-state level, when both parties agreed at a summit in Washington to coordinate on a whole-of-government basis. The third (March) and fourth (October) sessions of the U.S.-Japan Policy Cooperation Dialogue on the Internet Economy, included cybersecurity broadly and information sharing in particular as key topics of discussion. In September, Japan’s Ministry of Defense released a white paper, Toward Stable and Effective Use of Cyberspace. And in July, Japan deposited the instrument of ratification of the Budapest Convention on Cybercrime, becoming the thirty-sixth country to do so.

In 2013, developments continue apace. The first U.S.-Japan Cyber Dialogue between the U.S. Department of State and the Japanese Ministry of Foreign Affairs took place in May. Japan’s Information Security Policy Council adopted a cybersecurity strategy in June, the same month Japan participated in the fifteen-member United Nations Group of Governmental Experts meeting, which concluded that international law (e.g., the UN Charter), and its attendant norms on the permissibility of self-defense against armed attack, applies in cyberspace. Defense of Japan 2013, the annual defense white paper released in July, included lengthy remarks on cyber. And this month, Japan released its first International Strategy for Cyberspace. Collectively, these statements articulate a Japanese view on cybersecurity that is even-handed and characteristically comprehensive. They have also set in motion a series of organizational changes, within both military and civilian agencies, to better meet emerging cyber challenges.

The bigger picture

Cybersecurity policy reforms are occurring amid a fundamental shift in Japan’s defense policy. Inspired by an increasingly severe threat environment, a number of incremental changes over of the coming months could yield a Japan with greater flexibility to defend its interests—in traditional domains as well as space and cyberspace. The most significant potential reform would be a revision of the prevailing constitutional interpretation to enable Japan to engage in collective self-defense. In parallel, the Guidelines for U.S.-Japan Defense Cooperation, originally written in 1978 and last revised in 1997, will soon be reviewed, according to the October 2+2 statement, with the intent of modifying the agreement to better cope with the current security environment.

Other developments over the near term will also have important implications. Japan’s National Diet commenced an extraordinary session this month and is expected to pass legislation establishing a National Security Council in order to improve decision-making processes. A “secrets bill,” intended to improve standards for handling classified information, is also slated for consideration. By the end of the year, the National Defense Posture Review Commission, which evaluates Japanese defense capabilities, will release its report on how to revise the National Defense Program Guidelines. (An interim report, released in July, suggests a focus on cyber.) A Committee for the Deliberations on the Ministry of Defense Reform, established in February 2013, will, among other issues, address how to improve joint operations. And a new national security strategy, certain to include material on cyber, is expected by the end of the year.

In the aggregate, these changes provide an important window for enhancing Japanese and U.S.-Japan cyber policy. The next installment of this series suggests practical steps for increasing cooperation. The third piece will discuss how these suggestions can be operationalized and identifies some areas for caution.

The views expressed here are personal and do not necessarily reflect those of the Maureen and Mike Mansfield Foundation, nor any other institution with which the author is affiliated.