Japan - Cybersecurity Strategy 2013


Japan - Cybersecurity Strategy 2013

Erwin Dotzauer's picture

Posted By: 

Erwin Dotzauer

The cybersecurity strategy of Japan was updated, Please check here for the latest version, and other countries' strategies, collected by the NATO Cooperative Cyber Defence Centre of Excellence. 

Or here for ENISA's efforts to map cyber strategies across the globe.


Information Security Strategy for protecting the nation, 2013.

In Japan, the National Information Security Center (NISC) has been established in April 2005 within the Cabinet Secretariat as the command post for information security policy, to carry out the planning, proposal and general coordination related to planning of basic strategy and other centralized/cross-cutting promotion of information security measures for the public and private sectors. In addition, the Information Security Policy Council (ISCP) has been established in the Strategic Headquarters for the Promotion of an Advanced Information and Telecommunications Network Society in May of the same year for centralized/cross-cutting promotion of information security measures for the public and private sectors, and works towards improving the level of information security and strengthening ability to deal with cyber-attacks for government institutions and critical infrastructure providers.

In the ISPC, the strategies were determined over the 3 stages comprehensive mid to long term plan, starting with the First National Strategy on Information Security, in which information security is positioned as a national goal consisting of sustainable economic development through the use and application of information communications technologies and the guarantee of safety against threats which arise from such, and promoted the shift from reacting to actualized issues to measures for preventative handling of issues from a viewpoint of forging a solid footing to deal with information security issues. In addition, the plan established a framework for various actors, including government institutions, critical infrastructure providers and business operators; where rather than each actor carrying out their own handling of issues in a vertically divided structure, each actor would maintain awareness of their own responsibilities and appropriately divide roles in accordance with the positions, situations and capacities of each actor.

The Second National Strategy on Information Security, the existing preventative measures were steadily promoted while strengthening after the event handling capacities in an "accident assumed society" where promotion of rapid response and measures in the event of an emergency, would ensure business continuity.

While continuing to maintain these measures, the "Information Security Strategy for Protecting the Nation" also sets as objectives, from security and crisis management viewpoints, the achievement of capabilities, at the highest standard in the world, to respond to all cyberspace threats, and promotes the handling of environmental changes, such as the occurrence of large-scale cyber-attacks overseas, the preparation of a system for managing such situations, and the construction and strengthening of a system for regular collection and sharing of information.