On December 27, the Japan Ministry of Defense (JMOD) announced a comprehensive agreement with the Ministry of Economy, Trade and Industry (METI) and the Information-technology Promotion Agency, Japan (IPA) [1] to enhance cooperation in cybersecurity. The three parties aim to strengthen Japan's cyber situational awareness and response capabilities, including those of the Japan Self-Defense Forces (JSDF).
Titled the “
Agreement on Comprehensive Cooperation on Cyber Incident Response and the Sharing of Cyber Threat Information, etc.”, the new arrangement focuses on leveraging the technical expertise of all three parties. It seeks to improve preventive and mitigation measures against cyber incidents that could impact JMOD, JSDF, critical infrastructure, and the defense industry.
Under the agreement, JMOD, METI and IPA will implement the following three initiatives:
1) Support for industry through participation of the JSDF in IPA’s initiatives:
●JSDF dispatch of instructors to IPA-conducted training sessions aimed at enhancing industry’s cyber response capabilities.
●JSDF participation in the hunt-forward and targeted cyberattack-related operations of the IPA’s “Cyber Rescue and Advice Team against targeted attack of Japan” (J-CRAT) [2].
●JSDF participation in IPA-led safety and reliability verification projects for industrial control systems, including risk assessments for critical infrastructure operators.
●Promote integrated and comprehensive use of each party’s systems to provide cyber security support such as diagnosis, risk analysis, and cause investigation.
2) Strengthen cooperation with the defense industry through the enhancement of information-sharing:
●IPA cooperation with cybersecurity awareness seminars conducted by the Japan Acquisition, Technology & Logistics Agency (ATLA) to support the development of security systems in the defense industry.
●Promote METI’s support measures for small and medium-sized enterprises (SMEs) in the defense industry’s supply chains, alongside IPA’s risk assessment for industrial control systems.
●Share information related to cyber incidents, including attack methods, system vulnerabilities, and technology trends, while raising awareness about the threat of such incidents with Japan’s Cyber Defense Cooperation Council (CDC) [3].
3) Establishment of the “Cyber Cooperation Forum” as a consultative framework:
●Ensure regular consultations between representatives from all three parties to ensure effective coordination of projects. When necessary, consultations will also include those departments from each party responsible for cyber cases.
This latest agreement builds upon numerous initiatives launched by the JMOD to enhance the cyber resilience of the JSDF and Japan’s defense industrial base. Key efforts include the creation of the Cyber Defense Center (CDC) in 2013 to improve information-sharing between the defense ministry and the private sector, the establishment of the Cyber Defense Group in 2014 under the JSDF’s C4 (Command, Control, Communications, and Computers) Systems Command, and the formation of the Cyber Defense Policy Working Group (CDPWG) in 2014 in collaboration with the United States.
In fiscal 2025, which begins this April, JMOD plans to implement a range of additional cybersecurity measures for the defense industry. These measures include conducting a system security survey and promoting compliance among defense contractors and their suppliers with JMOD’s standards on cybersecurity measures for defense industry.
Notes:
[1]
Information-technology Promotion Agency, Japan (IPA): Established in January 2004 as an Incorporated Administrative Agency operating under the aegis of METI, IPA is tasked with supporting Japan’s national IT strategy, including information security in the cyber space and the promotion of software development.
https://www.kantei.go.jp/jp/singi/gskaigi/kaikaku/wg2/dai5/siryou1-3-1.pdf
[2]
Cyber Rescue and Advice Team against targeted attack of Japan (J-CRAT): Established in July 2014 by IPA in cooperation with METI, this initiative aims to protect critical industries and societal infrastructure from targeted cyberattacks by state-sponsored groups. The team supports affected organizations to promptly analyze damage and implementing countermeasures to mitigate or prevent further harm.
https://www.ipa.go.jp/security/j-crat/about.html &
https://www.ipa.go.jp/en/about/activities/jcsip-jcrat.html
[3]
The Cyber Defense Cooperation Council (CDC): Established in July 2013 to enhance collaboration between the Ministry of Defense (MOD), the Japan Self-Defense Forces (JSDF), and the defense industry in addressing cyber threats. The council comprises approximately ten defense industry companies with a strong interest in cybersecurity. Through CDC joint exercises and initiatives, the MOD/JSDF and the defense industry aim to work together to counter cyberattacks.
https://www.mod.go.jp/en/jdf/no126/topics.html &
https://www.mod.go.jp/j/approach/defense/cyber/pdf/cyber_defense_council.pdf
Background Information:
https://www.mod.go.jp/j/press/news/2024/12/27b.htmlhttps://www.mod.go.jp/j/press/news/2024/12/27b_01.pdfhttps://www.mod.go.jp/j/press/news/2024/12/27b_02.pdfhttps://www.ipa.go.jp/security/renkei/rk20241227.htmlhttps://www.ipa.go.jp/security/renkei/sbn8o10000003xg0-att/kyoutei_gaiyou_20241227.pdfhttps://www.mod.go.jp/en/jdf/no126/topics.htmlhttps://www.mod.go.jp/en/publ/answers/cyber/index.htmlhttps://www.mod.go.jp/en/d_act/d_budget/pdf/20241126a.pdf
]]>