Japan Aims to Implement Proactive Cyber Defense Strategies Following New Legislation
Japan's Active Cyber Defense Act, set to take effect in 2026, marks a significant shift in the country's cybersecurity strategy. This new legislation, passed by the Japanese Diet on May 16, 2025, aims to transition from a passive defense to an active one, empowering authorities to conduct proactive and pre-emptive cyber operations [1][3][5].
The strategy is structured around four pillars: strengthened public-private sector collaboration, monitoring communications data for threat detection, counter-access and disruption of cyberattack sources, and reinforcing cyber security institutions [1][3][5]. This shift is partly a response to past significant cyber incidents and criticism of Japan’s cyber defenses [1].
However, a major challenge in implementing this law is the shortage of skilled cybersecurity professionals. Effective active cyber defense requires highly skilled individuals who can manage complex preemptive operations, analyze threats, and coordinate cross-sector responses [3]. Japan, like many countries, faces a shortage of specialized cybersecurity talent, posing difficulties in staffing its enhanced cyber defense institutions and sustaining continuous high-level operations [3].
The government plans to address this human resource challenge by doubling the number of registered information security specialists who possess advanced information security capabilities by 2030, raising their number to 50,000 [6]. Additionally, a "Cyber Threat Information Sharing Council" will be established to enhance cooperation and regularize information sharing between the government and the private sector [2].
While technologies such as AI can improve threat detection and response speed, they come with challenges such as the potential for misuse by adversaries and the need for responsible oversight and human decision-making [4]. Ensuring Japan's active cyber defenses are both effective and ethically governed requires addressing these technological and human capital constraints in parallel.
In summary, Japan's Active Cyber Defense Act strengthens its cyber defense by enabling proactive measures and comprehensive institutional collaboration. However, it faces significant implementation challenges, especially in building and maintaining the expert human resources necessary to operate a complex active defense framework effectively [1][3][4][5]. The focus of defense in the future will be on disrupting the adversary's operations, requiring advanced technical capabilities and enhanced judgment and analytical capabilities. An independent cyber communications supervisory board will be established to monitor government operations and ensure respect for communication secrecy.
[1] "Japan's Active Cyber Defense Act: A New Era in Cybersecurity" (2025) [2] "Establishment of the Cyber Threat Information Sharing Council" (2025) [3] "Addressing the Human Resource Challenge in Active Cyber Defense" (2024) [4] "Ethical and Legal Considerations in Active Cyber Defense" (2023) [5] "The Four Pillars of Japan's Active Cyber Defense Strategy" (2022) [6] "METI's Strategy to Double the Number of Information Security Specialists" (2020)
- The government's strategy to address the shortage of skilled cybersecurity professionals in Japan includes doubling the number of registered information security specialists with advanced capabilities by 2030.
- The establishment of a "Cyber Threat Information Sharing Council" is intended to enhance cooperation and regularize information sharing between the government and private sector, thereby improving Japan's active cyber defense.
