With a national election nearing, Prime Minister Shigeru Ishiba's minority government rushed to enact cyber defense legislation in May, aiming to show leadership after a series of serious attacks exposed major digital vulnerabilities.
The legislation marks a bold shift from a reactive to a preemptive cyber defense posture. As threats from state-backed hackers grow, the private sector is being urged to take more proactive steps to protect key systems and sensitive industrial data.
Most of Japan's infrastructure — such as energy, transport and communications — is run by private firms, where safety risks remain. As the assets are targets for cyberattacks, the government stresses that private-sector cooperation is vital.
The government is expected to continue working on cybersecurity regardless of the outcome of the upcoming House of Councillors election, as it plans to draw up a new strategy by the end of this year in a bid to introduce a full-fledged preemptive defense system by 2027.
The legislation allows the government to track basic data on online communications in Japan and take early action to shut down harmful servers, using police and the Self-Defense Forces, while obliging companies to report cyberattacks.
Provided by Kyodo News
Pacific Square, an advisory firm providing strategic analysis for business leaders, said the law encourages cross-border collaboration, underscoring Japan's intention to play a more assertive role in shaping international cybersecurity standards.
Japan has come under cyber threats mainly from China, North Korea and Russia, along with criminal groups, said Michael Daniel, CEO of the Cyber Threat Alliance, a nonprofit organization that helps the private sector share intelligence to safeguard clients and themselves.
One serious warning came around 2019. A group called "MirrorFace," also known as "Earth Kasha," began attacking computer systems in critical sectors, including semiconductors, IT and academia, by taking advantage of weak spots in the software.
Japanese authorities suspect the attacks were organized with Chinese involvement. In an apparent response, the industry ministry is trying to more than double the number of trained workers, from 24,000 to 50,000, by 2030.
An expert at NEC Corp., an information technology giant, said in a recent interview that it is now easier than ever to launch a cyberattack, as tools for hacking and online scams are available on websites, even to people with little or no computer skills.
Takahiro Kakumaru, director of cyber intelligence at NEC's cybersecurity technology department, said, "A number of groups compete to deliver more user-friendly ransomware products with a high success rate at a reasonable price."
With hackers using artificial intelligence to carry out more attacks at once, NEC plans to use AI to fight back. The new system can contribute to protecting social infrastructure and government agencies from the year through March 2026.
Noboru Nakatani, chief security officer of NEC and a former executive committee member of Interpol, said the goal is for Japan's online safety to reach a level "on par" with that of the United States through the company's initiative.
NEC has joined the Cyber Threat Alliance, led by Daniel, a former special assistant to the U.S. president and cybersecurity coordinator, as strengthening cross-sector security measures through cooperation between firms has become increasingly important.
Provided by Kyodo News
Private organizations can improve their cyber defenses by adopting basic practices. For example, they should use two-step logins instead of just passwords and ensure crucial information is locked or encrypted, making it harder for hackers to read or steal.
Another useful method is called "microsegmentation," meaning the network is divided into smaller parts. Even if hackers break in, they can access only a limited area, reducing the impact on the rest of the system, Kakumaru said.
Japanese companies are also being prompted to work with partners both at home and abroad to exchange cyber threat information like hash values — digital fingerprints that help find and identify harmful software.
Daniel said the "real opportunity exists in building better connections" between Japanese and U.S. industries to boost cybersecurity collaboration, adding even solid intergovernmental ties still have room for improvement.