Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Geo Focus: Asia
New Cyber Law Enables Agencies to Neutralize Attackers’ Servers Located Abroad
Jayant Chakravarti (@JayJay_Tech) •
May 19, 2025
Japan’s House of Councillors passed the active cyber bill on Friday at the National Diet Building. (Image: Shutterstock)
The Japanese Parliament passed the long-delayed active cyber defense bill on Friday, paving the way for government agencies to monitor external telecommunications and preemptively respond to signs of cyberattacks, including neutralizing attackers’ servers.
See Also: VMware Carbon Black App Control
The House of Councillors, the upper chamber of the Parliament, passed the offensive cyber bill a little over a month after the House of Representatives, or the lower house, passed it – just a week before the close of the current parliamentary session.
The cyber defense law, which will take effect in 2027, will enable government agencies to monitor electronic communications originating from abroad that reach end users in Japan, and communications between foreign countries via Japan. Japanese self-defense forces and the police will lead investigations and neutralize attackers’ servers to prevent wider fallout.
The ruling Liberal Democratic Party could have passed the cybersecurity bill in November, but it failed to secure a majority in the lower house for the first time in 15 years. Prime Minister Ishiba Shigeru’s government had since focused on planned wage hikes, raising the income threshold for tax payments, and more cooperation with U.S. and regional allies over territorial disputes with China to regain a majority in the 248-seat upper house in the summer (see: Japan Delays Cyber Bill After Liberal Democratic Party Loss).
In early April, the lower house passed the cyber defense legislation on assurances by the government that its preemptive cyber defense plans would not in any way compromise citizens’ right to privacy under the constitution.
The cyber defense bill empowers agencies to monitor IP data, communications and transmission and reception times, but not private communications such as emails or text messages. An independent oversight body will monitor and approve any acquisition of data and actions taken to neutralize threats. A national cybersecurity office within the Cabinet Secretariat will also coordinate responses to cyberthreats by police and military units.
To address privacy concerns, the law also stipulates fines of up to 2 million yen or up to four years in prison for government officials who illegally use or leak acquired information.
When announcing the main opposition Constitutional Democratic Party’s support for the bill in the upper house, Sen. Makoto Oniki said the government must be extremely careful about the data agencies collect and communicate the law’s purpose to the public in detail.
“We ask that you not only inform the public of the content of the law but also take sincere steps to foster understanding by being thorough enough to gain consent to the law from each and every individual and work to dispel public distrust and anxiety,” he said.
According to Japan Times, the measure requires businesses to report cyberattacks and the introduction of communication devices to help government agencies monitor and respond to cyberthreats. The government also plans to set up joint bases for the police and self-defense forces to improve their cyber defense capabilities.
Writing for RealClear Defense, James Van de Velde, professor at the U.S. National Defense University, said the Japanese government must clarify the roles of various government agencies in cyber operations, to invest in capacity building to develop a skilled cyber workforce, and to coordinate with the private sector to use the latter’s expertise in cyber operations.
He also stressed the importance of engaging the public in discussions about cybersecurity policies and reforms, establishing oversight mechanisms to ensure cybersecurity laws are used effectively and take advantage of international partnerships.
“By drawing lessons from the U.S. experience and adapting them to its unique legal and cultural context, Japan can develop a resilient cyber defense posture capable of addressing contemporary threats while adhering to its constitutional principles,” he said.
AloJapan.com