- Risk Management
- January 31, 2025
Preparing for Active Cyber Defense (ACD)
Ret. Adm. Ichida’s Insights for Japanese Businesses
What is Active Cyber Defense?
Japan’s Active Cyber Defense (ACD) policy introduces substantial changes to the way businesses approach cyber security, particularly for those in critical infrastructure sectors. Retired Admiral Akira Ichida’s analysis highlights both the opportunities and challenges of this transformative initiative, providing businesses with key considerations as they prepare for its implementation.
Disclaimer: NCD defines “Active Cyber Defense” in accordance with the UK National Cyber Security Centre (NCSC) definition – “… services that are designed to reduce high-volume commodity cyber attacks.”
This initiative aims to prevent cyber intrusions from spreading on a large scale by establishing a collaborative framework between the government and the private sector for sharing threat intelligence. With a proposed legal framework set for submission to the National Diet in 2025, this marks a pivotal moment in Japan’s efforts to defend its critical infrastructure and digital economy.
Proposed Framework of Government
- Targeted Monitoring of Foreign-Related Communications: The government will legally monitor suspicious foreign-related communications for signs of potential cyber threats.
- Mandatory Reporting for Critical Infrastructure: Water, electricity, and other essential infrastructure operators will be required to report cyber incidents to the government.
- Utilization of the Security Clearance System: To ensure effective information sharing, the framework proposes granting access to sensitive information via a security clearance system.
- Learning from International Models: Inspired by systems like the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and its Joint Cyber Defense Collaborative (JCDC), Japan aims to emulate global best practices.
Insights for Businesses
- Navigating Increased Responsibilities with Clear Guidance
Ichida acknowledges the progress of establishing a collaborative council and mandatory reporting obligations for critical infrastructure. However, businesses must be proactive in understanding and meeting these new requirements.
Actionable Takeaways
Companies should strengthen their cyber threat monitoring systems by creating a real-time, two-way information-sharing framework between the public and private sectors. This will enable faster, more effective responses to emerging threats. Additionally, establishing clear incident reporting protocols will ensure a smooth and efficient response process.
For critical infrastructure operators, compliance with these new mandates is non-negotiable, and early adoption of reporting frameworks will ease the transition.
- Addressing Challenges in Foreign Communications Monitoring
The ACD’s plan to focus on “foreign communications” monitoring raises practical challenges. Ichida points out the complexity of distinguishing between foreign and domestic data flows. The term “foreign” lacks clarity—whether it refers to the source of the attack, the communication itself, or both. If the focus is on monitoring communications at Japan’s entry points, there is a risk that attacks initiated by foreign entities within the country may be overlooked. This issue impacts businesses, particularly those involved in global operations.
Actionable Takeaways
Companies must collaborate with the government and ISPs to ensure that their networks comply with monitoring requirements without compromising operational efficiency.
Leveraging AI-powered threat detection technologies, as well as implementing solutions such as SIEM and MFA that contribute to a zero-trust framework, will enhance network security and strengthen the safety of the system environment.
- Aligning Cyber security Measures with Legal and Constitutional Protections
Ichida emphasizes the importance of aligning ACD-related initiatives with Japan’s constitutional protections for communication privacy (Article 21). Businesses must remain vigilant about protecting customer and stakeholder data while meeting new government mandates.
Actionable Takeaways:
Companies must review their data handling and privacy policies to ensure compliance with domestic laws and international regulations.
Transparency with customers about how their data is protected in light of new cyber security policies will be critical in maintaining trust.
- Strengthening Organizational and Human Resource Capacity
Ichida highlights the need for skilled personnel and robust organizations capable of rapid responses to ensure the effective implementation of ACD by the government. Businesses, especially those in critical sectors, will need to address similar challenges internally.
Actionable Takeaways
Companies should invest in training cyber security professionals and creating dedicated teams to manage compliance and threat response.
Leveraging external expertise, such as from firms like Nihon Cyber Defence, can fill gaps in knowledge and resources.
- Leveraging Lessons from International Models
Ichida points to the U.S. model (e.g., CISA’s JCDC) as a reference for Japan’s ACD framework. Businesses involved in these global initiatives provide valuable insights for others looking to adapt.
Actionable Takeaways:
Businesses should study best practices from countries with established proactive cyber defense systems to anticipate potential challenges.
Participating in international or domestic threat-sharing councils will provide an opportunity to stay ahead of emerging threats.
- Opportunities for Innovation and Collaboration
Ichida underscores the need for collaboration across public and private sectors, with ISPs and other entities playing a critical role. For businesses, this presents both a challenge and an opportunity.
Actionable Takeaways:
Companies should actively participate in public-private partnerships to share intelligence and enhance their own security capabilities.
Cyber security providers and tech firms should seize the chance to innovate solutions that align with the government’s monitoring and response needs.
Looking Ahead
Japan’s proactive approach to cyber security represents a critical step forward, but the road ahead is not without hurdles. The implementation of ACD-related legislation indicates progress in clarifying legal interpretations and potential amendments concerning the protection of communications confidentiality. Based on the assumption that actions taken by the relevant authorities is considered legitimate, the implementation will require transforming government cyber defence capabilities, fostering public-private cooperation, and building organizational and technical capacity.
Ichida’s insights underscore the complexity of the task, reminding us that while the foundations are being laid, continuous adaptation and vigilance will be required to meet the ever-evolving landscape of cyber threats. The next few years will be pivotal as Japan navigates these challenges to secure its digital future. Addressing these challenges and protecting Japan’s digital society will require sustained collaboration between the public and private sectors.
Retired Admiral, Japan Maritime Self-Defense Force, Senior Advisor @ Nihon Cyber Defence
Retired JMSDF Admiral, Ichida led MSDF cyber operations, intelligence enhancements, advancing cyber defence, information sharing, and overseas training for Japan’s military.
Cyber Maturity Assessment
Nihon Cyber Defence (NCD) offers comprehensive Cyber Maturity Assessments designed to evaluate an organisations current cyber security capabilities, identify areas for improvement, and develop a strategic roadmap to enhance overall security posture.
Cyber Security Framework (NIST)
National Institute of Standards and Technology
Cyber Assessment Framework (CAF)
National Cyber Security Centre
Explore more of the NCD suite: Cyber Security Consultancy, Protective Services, Network Monitoring & Security Operations, SIEM, Incident Management
