Japan to Allow Proactive Cyber Defence Operations From October in Historic Policy Shift
Self-Defense Force authorised to conduct offensive cyber operations for the first time
The move, often referred to as "proactive cyber defence" in official Japanese policy language, effectively authorises what other nations call hacking back or offensive cyber operations. Japan's Self-Defense Force will be able to take pre-emptive action against cyber threats rather than simply responding after attacks occur.
The policy shift reflects Japan's growing concern about cyber threats from state actors, particularly China, North Korea, and Russia. Japan has faced an increasing volume of sophisticated cyberattacks targeting critical infrastructure, government systems, and defence contractors in recent years.
The October start date gives the military time to develop rules of engagement, train personnel, and establish the legal frameworks needed to conduct operations that would previously have been prohibited under Japan's pacifist constitutional interpretation.
Analysis
Why This Matters
Japan's post-war constitution has long constrained its military to a strictly defensive posture. Authorising offensive cyber operations represents a significant expansion of what the Self-Defense Force is permitted to do, and could set precedent for further loosening of defensive-only constraints.
Background
Japan has been steadily expanding its security capabilities in response to regional threats, including doubling its defence budget and acquiring long-range strike missiles. Cyber is the latest domain where the defensive-only doctrine is being relaxed.
What to Watch
How Japan's allies and adversaries react. The US will likely welcome the capability as part of allied cyber defence, while China and North Korea may cite it as justification for their own operations.