Suga’s focus on cybersecurity underscores importance of alliances and reform for Japan
5 Mar 2021|

Japanese Prime Minister Yoshihide Suga, although something of an unknown quantity prior to his appointment, is already showing promising signs of stepping into the foreign policy breach left by his predecessor, Shinzo Abe.

Some international commentators have been overly quick to dismiss Suga as a cipher. Indeed, he comes from the same Liberal Democratic Party as Abe, his cabinet remains largely unchanged and he consistently demonstrated loyalty to the former prime minister. Yet the changes he has already initiated suggest that, in addition to maintaining Abe’s robust determination to bolster Japan’s place in international security issues, Suga is his own leader, with his own agenda. Importantly, Suga looks set to make some significant changes to Japan’s cybersecurity policies.

China’s continuing grey-zone aggression in the Indo-Pacific and the lingering uncertainties about the US’s commitments to the region mean that Japan’s approach to regional security is becoming more important than ever. There are already signs that Suga understands this. His vocal role in Quad talks with the US, India and Australia, along with his invitations to other foreign leaders, are strong indicators that he intends for Japan to continue to play a key role in Indo-Pacific security. The four countries’ foreign ministers held talks on 18 February which placed an emphasis on ‘advancing practical cooperation in various areas towards the realization of a “Free and Open Indo-Pacific”.’ Cybersecurity was identified as a key area for collaboration.

China’s political warfare methods heavily emphasise coercion through cyber and information operations, so the time is ripe for Japan to forge ahead with cyber cooperation with allies and partners in the region—and it seems Suga is well aware of this. In August, just a month before he became prime minister, he observed on the margins of a multilateral cybersecurity exercise organised by Japan: ‘It is very important that malicious cyberattacks are promptly detected and acted upon, minimizing spread of the damage … We cannot act fast and appropriately without close cooperation with other countries.’

In addition to maintaining continuity with the security narrative initiated under Abe, multilateral collaboration on cyber defence has rich potential to bolster Japan’s credentials as a credible and committed regional player.

As Japan’s security position has, if anything, worsened since Abe’s departure, Suga likely views cybersecurity cooperation as one way to counter these challenges. In a region increasingly characterised by competition, coercive statecraft, economic warfare and active disinformation operations, cybersecurity will continue to be a pivotal issue.

But to date, Japan’s obsolescent domestic cybersecurity apparatus seems to have been of only dubious merit and effectiveness. Japan’s primary cyber capability, the Cabinet Secretariat’s National Center of Incident Readiness and Strategy for Cybersecurity, or NISC, has mostly failed at keeping Japan cyber secure. One reason for this is that the centre was designed only to improve the cybersecurity of government agencies. This overly narrow focus not only fails to protect citizens from cybercrime, but also leaves gaping vulnerabilities for the government itself. Government agencies can be targeted through non-government angles. Supply chains, subcontracting and collaboration between private and government sectors all lie beyond the scope of the NISC.

To address these weaknesses, Suga will need enact large-scale reforms. Equipping Japan with a modern and effective cyber capability will be a major administrative undertaking.

Reform on such a scale has traditionally proven difficult in Japan, and the Covid-19 pandemic has been a rude awakening for Japan on how far behind it is in the adoption of digital technologies. Hospital staff still sign and send papers physically or through fax, a practice that has significantly hindered the government’s response to emerging coronavirus clusters. And the failure to effectively deal with the mass movement of people to remote work has further revealed Japan’s unpreparedness to manage contemporary digital requirements.

But if Covid-19 has shown the rust in Japan’s system, Suga is trying to push the gears of change. One of his first actions as prime minister was to call for the creation of a new agency to assist in Japan’s ‘digitisation’. He also created a new ministerial position and assigned highly popular former defence minister Taro Kono as administrative and regulatory reform minister. Kono is now also responsible for Japan’s Covid-19 vaccine rollout.

Suga’s early actions indicate a promising level of commitment to addressing Japan’s digital problems. His greater focus on multilateralism will strengthen Tokyo’s international relations and strategic position. Digitisation and widespread administrative reform also seem to be high on his list of security initiatives. Such actions will be vital if Japan’s regional security ambitions are to be realised.