After having agreed on a draft of an official cybersecurity strategy earlier this month, Japan's National Information Security Center (NISC) is looking to establish a Cyber Security Center - an agency equivalent to the U.S. NSA - and allow it to monitor Internet-based communications.
In order for such actions to be legal, it is necessary first to change some laws, namely Article 21 of the Japanese Constitution and Article 4 of Japan’s Telecommunications Business Law.
“Japan is an island nation, and connected through submarine cables via landing stations. We can tap into these to watch malicious communications. We are not proposing deep packet inspection, for example. The ability to monitor headers and to use lists to stop distributed denial of service attacks might be sufficient,” NISC panel member Motohiro Tsuchiya stated for Defense News.
According to the proposal, the NISC, headed by Prime Minister Shinzo Abe, would serve as cybersecurity command and ultimately create the Cyber Security Center by the end of March 2016.
A Cyber Defense Corps as a standing unit of Japan's army ("Self Defense Forces") would also be instituted, and would be responsible for responding to cyber attacks.
Japan has finally realized that that the cyber espionage campaigns that their ministries and defense and other companies have been subjected to are not going away, and that attacks against critical infrastructure-related companies will eventually happen.
The lax data protection laws will also have to be changed.
The proposal, which is now open for input by the public, is to be finalized by July.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.