Join myFT Daily Digest to be the first to know about Japanese news.
Two days before Prime Minister Yoshihide Suga announced his resignation, Japan finally began launching its flagship Digital Agency – a new cybernetic government arm created by analogous panic over the large amount of paperwork involved in daily government.
Due to the need to create such a body and to equip it with political capital that could possibly disappear by the time a new leader is elected, the third largest economy in the world has embarrassed the project.
Japan will pay a reputational price for its decades of footsteps. The more successful the agency is in modernizing the country’s digital hesitant bureaucracy and economy, the more disturbing are the shortcomings that emerge and the more overdue the effort will be.
But the sense of urgency that accompanies the birth of the Digital Agency, say people near the cabinet office, masks a fear likely to be inherited by Suga’s successor. Japan knows that its private as well as the public sector is not ready for cyber warfare, and strongly suspects that its potential enemies – especially China – are among them.
This makes it an interesting moment for the founder and former head of Britain’s National Cyber Security Center (NCSC), Ciaran Martin, to become part of the board of a small Japan – based cyber defense consultant who has the ear of the highest classes of the Japanese. government. Other advisers of the firm, Nihon Cyber Defense, includes the former military officer of Japan and the former chief of the General Staff of Taiwan.
The addition of Martin as adviser, his new colleagues say, coincides with the government’s efforts to put together a complete cyber defense strategy by December and a shift in perceptions of the risks facing the country. The attack on ransomware which closed America’s largest petroleum pipeline in May was simply the latest in a global attack on key infrastructure, say Nihon Cyber Defense executives. But it was a particularly timely illustration for people in Suga (many of whom will likely remain in the next administration) of what national vulnerability looks like today.
This jerk of reality, say those who have been watching the slow progress of Japan’s public and private sector in building coherent cyber defense strategies, is now essential.
At one level, Japan appears to have entered a new phase of heightened security concerns about tensions over Taiwan and the broader sphere of Chinese influence. A defense review in July made that clear. The theory of those arguing for a more robust stance is that the more strictly Tokyo focuses on the threat of an increasingly aggressive China, the more clearly it will see its own military and cyber defense deficits. The day before the launch of the digital agency, the Japanese Ministry of Defense submitted its largest budget request ever. It argued that a $ 50 billion increase is needed for the coming financial year for both conventional military spending and the development of latest cyber weapons.
But advisers to the Japanese government say that behind the ambition lies real uncertainty and a lack of expertise on how to quickly put together the kind of world-class cyber defense capability that the country’s transportation, power, medical and industrial networks clearly need.
Debates are raging about how to streamline responsibilities in small task forces and whether legal and constitutional changes are needed to accommodate the powers that may be needed. Strategic questions include whether Japanese companies and government agencies should move away from their passive defense tactics, whose primary goal was to ensure the fastest recovery from an attack. Rather, some experts advocate for a more active defense that seeks and eliminates threats.
Most critical, however, is the creation of a role that places the responsibility for Japan’s cyber security on a person with both the skills to understand the threat and the ability to coordinate various responses from government, intelligence, and the military. Japan may not have yet made the political or even the philosophical leap necessary to envisage such a work, let alone who can fill it. But it does have an example in the UK, which created the effective and widely envied NCSC, whose former cyber defense supremo, Martin, is conveniently in the books of a consultant in Tokyo.
The challenge of putting it all together – even when defined by crucial national urgency – will be formidable. The establishment of the Digital Agency, regardless of the cyber war issue, indicates that Japan knows that there is no more time to waste.