Tokyo, 16 May, /AJMEDIA/
The Diet on Friday enacted a law to allow preemptive acts of cyberdefense, giving the government the ability to legally monitor communications data during peacetime and to neutralize hostile servers in the event of an attack.
The “active cyberdefense” law will oblige operators of key infrastructure, such as those in the electricity and railway sectors, to report cyber breaches to the government.
The change comes as the government rushes to establish a legal framework to counter cyberattacks after a series of threats on an airline and banks caused disruptions. The state aims to be fully operational with the measures by 2027.
Information to be monitored and analyzed by the government includes IP addresses used in communication between foreign countries that pass through Japan, as well as those between Japan and abroad.
They do not include domestic communications and the government is not permitted to surveil the content of messages, including the body of emails.
Under the measures, police will take initial responsibility for neutralizing an attacker’s server and the Self-Defense Forces will step in if an incident is deemed particularly sophisticated, organized and premeditated.
The move reflects the country’s ambition to enhance its cybersecurity capacity to levels on par with the United States and major European nations.
A new independent panel will be set up to give prior approval for data acquisition and analysis, as well as for actions to neutralize hostile servers. It will also be tasked with ensuring that government surveillance is being properly conducted.
In response to concerns from opposition parties over potential government overreach and violation of the constitutional right to secrecy of communications, the government revised legislation and stipulated specific provisions in the law to uphold personal rights.
