(Dec. 10, 2014) Recently the vulnerability of Japan’s cybersecurity has been a subject of concern. (Yuriy Humber & Gearoid Reidy, Yahoo Hacks Highlight Cyber Flaws Japan Rushing to Thwart, BLOOMBERG (July 8, 2014).) In order to enhance the nation’s cybersecurity, in November 2014 Japan adopted the Cybersecurity Basic Act (Act No. 104 of 2014; text of the legislation that became an Act without amendment available at the House of Representatives website (in Japanese)).
In addition to requiring the national and local governments to take measures to boost cybersecurity (id. arts. 4 & 5), the new law obligates businesses related to infrastructure and cyber-businesses to endeavor to take voluntary measures to enhance cybersecurity and cooperate with the government on implementation of relevant measures. (Id. arts. 6 & 7.) The government provides support for cybersecurity measures for infrastructure businesses. (Id. art. 14.)
The Act prescribes that the government must establish uniform cybersecurity standards for government agencies, monitor the government information network system, and detect and analyze unauthorized activities or attacks. (Id. art. 13.) The new law obligates the government to take measures to enhance cooperation between relevant organizations on cybersecurity and to make those organizations’ responsibilities clear, in order to counter cyber-attacks that may affect the nation’s security. (Id. art. 18.) The government also must take measures to improve the skills of those who work in the cybersecurity field. (Id. art. 21.)
The government is also mandated to reorganize the Information Security Policy Council, which will become the Cybersecurity Strategy Headquarters. (Id. art. 24; see also Cybersecurity Basic Act Adopted, NIKKEI BP (Oct. 31, 2014) (in Japanese).) The Headquarters, to be led by the chief Cabinet secretary, will draw up a strategy to crack down on cyber-attacks and prevent any damage from such attacks from spreading. (Cybersecurity Basic Act, arts. 25 & 27.) Members of the Headquarters include the foreign minister, the defense minister, the trade and economy minister, the internal affairs minister, the chairman of the National Public Safety Commission, and others members and experts appointed by the Prime Minister. (Id. art. 29.)
A supplemental provision of the new law requires the government to strengthen the legal authority of the National Security Information Center (NISC), which analyzes and counters cyber-attacks across government bodies. The NISC will serve as secretariat for the new Headquarters. (Id. Supp., art. 2; see also Ayako Mie, New Cybersecurity Bill Would Require All Ministries to Report Attacks, JAPAN TIMES (May 7, 2014).)