You are using an outdated browser. Please upgrade your browser to improve your experience
This assessment was issued to clients of Dragonfly’s Security Intelligence & Analysis Service (SIAS) on 21 December 2022.
As part of its new national security strategy, the government is advancing efforts to monitor foreign cyber attackers and preempt attacks by hacking their systems. This would be a significant change in Japan’s largely defensive cyber posture thus far. Any offensive cyber operations would be likely to target adversary hacker groups and their network infrastructure, particularly in China. And so these would probably not raise the threat of hostile cyber activity to organisations globally.
The new strategy by Japan is its most significant move so far to bolster its defence and deterrence capabilities in cyberspace. It has advanced international cyber cooperation and collaboration in recent years; Japan joined NATO’s Cooperative Cyber Defence Centre of Excellence in November, and it has worked with its ‘Quad’ partners – Australia, India and the US – to bolster the cyber security of critical infrastructure. According to the new strategy published by the government, some of the measures that it aims to advance efforts on include:
Worsening geopolitical tensions in the Indo-Pacific in recent years have almost certainly accelerated Japan’s plans to develop its defence capabilities, including in cyberspace. In its national security strategy, Japan highlighted China, North Korea and Russia as contributing to tensions in the region. It also said that for the first time it will obtain ‘counter-strike capabilities’ and boost annual military expenditure to around 2% of GDP. The Financial Times has also reported that Japan will form a 20,000-person team within its Self-Defense Force to ‘prevent cyber attacks before they occur’.
Based on the national security strategy and constitutional restraints on Japan using force, any offensive cyber operations would likely be preemptive against the systems or networks of its adversaries. And although the government has not clarified what would constitute a ‘serious cyberattack’ that would prompt it to pursue preemptive offensive cyber operations (probably to ensure strategic ambiguity), this would probably be prompted by any specific intelligence of foreign hackers preparing disruptive cyberattacks on critical infrastructure.
A former UK national cyber security source told us last week that although they were unaware whether Japan would be ‘actively attacking in order to gain intelligence’, it would ‘be one way in which intelligence agencies get one step ahead of their attackers’. This would be similar to how other Western powers, such as the UK and US, appear to have conducted such operations in the past. The latter, for example, has said it conducted cyber operations to identify and disrupt foreign adversary network infrastructure to secure recent midterm elections.
Preemptive or retaliatory cyber operations by Japan would most likely target the network infrastructure, such as servers, of adversary hacker groups. These are particularly likely against groups in China, North Korea and Russia, which all pose strategic threats to Japan. These states sponsor cyber groups capable of infiltrating and disrupting critical network infrastructure or conducting pervasive intelligence collection. The Japanese authorities in 2021 accused hackers linked to the Chinese military of a cyberespionage campaign that had breached more than 200 Japanese companies and organisations since 2016.
Even if geopolitical and military tensions in the Indo-Pacific significantly worsen over the coming years, we doubt that Japan would seek to engage in tit-for-tat disruptive cyber operations on the critical infrastructure of its adversaries. This has often been the case between countries such as Iran and Israel in recent years. The wording of the national security strategy suggests that any offensive cyber operations would be specifically targeted against the network infrastructure of adversary hacker groups, rather than to cause wider disruption on the critical infrastructure of its adversaries outside of wartime.
Any offensive operations by Japan would be unlikely to raise the exposure of organisations to cyber threats. The country does not appear intent on pursuing a campaign of cyber espionage or intellectual property theft against organisations to gain a competitive advantage in key industries, much like China has done. In Japan itself, the finance, defence, education and media industries are likely to remain attractive targets for cyber operations by hostile nation states and cybercriminal groups over the coming years.
Image: Japan’s Prime Minister, Fumio Kishida, attends a press conference in Tokyo on December 16, 2022. Photo by David Mareuil via Getty Images.