On May 30, the United States-Japan Cyber Defense Policy Working Group (“CDPWG”) issued a joint statement outlining increased cooperation between the two countries in the cyber realm. The CDPWG was founded in October 2013 to help foster cooperation in the cybersecurity area between the Japanese Ministry of Defense (“MOD”) and the U.S. Department of Defense (“DOD”), and the joint statement identifies five topics where the MOD and DOD share views on cyber defense issues.
First, with respect to the threat environment, the joint statement notes that while innovation has led to economic growth and enhanced information exchange globally, “[s]uch innovation and economic integration also introduce new risks in the form of increasing dependence on information systems and software vulnerabilities.” The joint statement recognizes that malicious cyber actors “are increasingly willing to demonstrate their intent and ability to do harm against information systems, critical infrastructure and services upon which our people, economies, governments, and defense forces rely.”
Second, the CDPWG statement highlights the importance of close cooperation between the MOD and DOD if an attack occurs, stating that “in the event of a serious cyber incident that threatens the security of either of our nations, including if such a cyber incident occurs as a part of an armed attack against Japan, the MOD and DOD will consult closely and take appropriate cooperative actions.” The joint statement further states that “[i]n particular, the DOD will consult with the MOD and support Japan via all available channels, as appropriate.”
Third, regarding roles and missions, the joint statement notes that the DOD and MOD “have cooperated on information assurance, defensive cyberspace operations, and information security, and have been building a common understanding of their respective missions in cyberspace based on each country’s constitution and laws as well as relevant international law.” Notably, the CDPWG statement affirms that the MOD plans to work with other government agencies to defend against cyber threats, including threats against “Japanese critical infrastructure and services utilized by the Japan Self-Defense Forces and U.S. Forces, Japan.”
Fourth, the joint statement emphasizes that information sharing between the two defense agencies is key to addressing cyber incidents. The statement references existing information sharing channels and states that the “sharing of information will include best practices on military training and exercises, education and workforce development; this may include site visits and joint training and exercises, as appropriate.” The CDPWG statement makes clear that Japan and the U.S. appreciate that “information and operational security are crucial to facilitating the smooth flow of sensitive information between one another in order to best support the Alliance and its activities,” and both sides “recognize the need to build cyber information sharing relationships with other partners.”
Finally, with respect to critical infrastructure protection, the joint statement notes that the DOD and MOD “will ensure the resiliency of their respective networks and systems to achieve mission assurance.” Further, both agencies also “intend to explore ways to strengthen cybersecurity for mission assurance and share best practices in mission assurance and critical infrastructure protection.” The CDPWG has met three times thus far.