The Japanese government has formally adopted a new cybersecurity strategy that will guide national policy over the next five years. The decision was approved at a cabinet meeting on Tuesday and aims at strengthening Japanese cybersecurity coordination across civilian, law enforcement, and defense institutions.
Under the new cybersecurity strategy, Japan will establish a framework that enables closer cooperation between the police, the Defense Ministry, and the Self-Defense Forces when responding to serious cyber incidents. The goal is to ensure faster detection, analysis, and neutralization of attacks that could affect national security or critical infrastructure.
Officials described the move as a response to a severe threat environment, particularly from state-backed cyber actors.
State-Sponsored Attacks and AI-Driven Risks
The strategy explicitly identifies cyber operations linked to China, Russia, and North Korea as “serious threats” to Japan. Government officials noted that these attacks have grown in both scale and technical prowess, targeting public institutions, private companies, and essential services. The document also warned that cyberattacks leveraging artificial intelligence technologies are a new and dangerous risk.
This assessment builds on earlier concerns raised by Japan’s security agencies, which have observed a steady rise in ransomware attacks, financial fraud, and data breaches. In 2023 alone, online banking fraud in Japan resulted in losses exceeding 8.7 billion yen, underscoring the economic impact of cybercrime alongside its national security implications.
Government-Centered Cybersecurity Strategy
A central pillar of the new Japanese cybersecurity approach is the concept of “government-centered defense and deterrence.” This policy direction follows the enactment earlier this year of legislation introducing active cyber defense, which allows authorities to monitor communications in cyberspace during peacetime to prevent cyberattacks before they cause damage.
As part of this framework, all cybersecurity-related intelligence and incident data will be consolidated at the National Cybersecurity Office, which was established following the new law enactment. Centralizing information is intended to allow swift and accurate identification, analysis, and assessment of cyber incidents, reducing delays caused by fragmented reporting across agencies.
The government is also committed to strengthening human resources by developing specialized talent, improving technical systems, and conducting regular training and simulation exercises. Officials emphasized that technical capability and skilled personnel are critical components of any effective cybersecurity strategy.
Public-Private and International Cooperation
Recognizing that cyber threats do not respect national or sectoral boundaries, the strategy places strong emphasis on collaboration beyond government agencies. It includes plans to enhance cooperation between the public and private sectors, with operators of critical infrastructure invited to participate in a government-led council designed for two-way information sharing.
The strategy also stresses the importance of international cooperation. “No country could handle cyberattacks alone,” the document noted, calling for deeper engagement with allied and like-minded nations to share intelligence, coordinate responses, and build collective resilience.
At a news conference on Tuesday, Hisashi Matsumoto, Japan’s minister in charge of cybersecurity, said Prime Minister Sanae Takaichi had instructed him to prioritize public-private collaboration, strengthen international partnerships, and ensure unified action across government agencies. “We must work together with the private sector and cooperate with other countries to address cyber threats,” Matsumoto said. “This is the core of our new strategy.”
Legislative Challenges and Ongoing Debate
Despite the adoption of the strategy, Japan’s broader cybersecurity agenda has faced political and legal challenges. Plans to introduce a comprehensive cybersecurity bill centered on active cyber defense have been delayed following political upheaval, including a change in prime minister and the ruling coalition’s loss of its parliamentary majority in the October general election.
The proposed bill has generated debate over privacy and constitutional protections, particularly Japan’s strong safeguards for the secrecy of communications. Legal experts and some officials have raised concerns that active monitoring could conflict with these protections. As a result, momentum behind the legislation has slowed, with officials indicating that the earliest possible submission may be during the next regular Diet session.