Sofiya is a PhD Candidate in International Relations at the Hankuk University of Foreign Studies in Seoul, South Korea, where she also works as a research assistant. Her work focuses on application of sovereignty issues in cyberspace. Sofiya holds a Master's Degree in National Security and Foreign Policy from Yonsei University, South Korea.
Japan’s Defensive Posture and Its Implications for Cybersecurity Narrative
Japan is known to be one of the most technologically advanced countries in the world with more than 200 million IoT devices and the Internet coverage rate reaching 99,1% nationally. However, the average number of breaches per attempt on Japanese networks is also extremely high at 96.8% - an extremely high probability of an attack being successful. The severity of attacks targeting the government of Japan or its major companies has been also growing in the last few years with Fujitsu having to suspend one of its projects after an attack resulting in breach of government files. In another high-profile case, Toyota had to suspend its production for a day due to a cyberattack on Kojima Industries (its smaller supplier) which resulted in an estimated 5% loss in manufactured goods. Despite the obvious need to improve many aspects of national cybersecurity, Japan is famously restricted from doing so by its constitution which only allows use of military force in case of self-defense. For the same reason Japan’s Self-Defense forces are also not able to implement cyber elements into their multi-domain exercises. Japan is also not allowed to engage its military cyber unit in the investigation of cyber incidents until it is confirmed as necessary for self defense. As these issues distinguish Japan from other states which actively engage their Cyber Command and military units in both offensive operations, reconnaissance and active defense, it becomes clear that Japan had to construct a different narrative that allows protection of its national segment of cyberspace. This research focuses on three issues: first, it aims to identify how Japan is building its own narrative on state cybersecurity where it does not have an option for offense like other states. Second, it looks at how Japan balances between its defense-only posture and combating cyberattacks originating from outside of the country. Third, this study estimates the role of its commitment to international norms of behaviour in its cybersecurity approach.