By Wang Chengwen

王成文

The Japanese government has been holding frequent meetings to draft amendments to relevant laws to include multiple industries under enhanced cyber defense measures since late December 2024, according to reports by Japan's Kyodo News and other media outlets. Some commentators believe that this is an important measure for Japan to accelerate the implementation of the "active cyber defense" concept, and it is likely to become a turning point in Japan's cyber policy.

据日本共同社等媒体报道，2024年12月下旬以来，日本政府密集召开会议，拟修订相关法律，将多个行业纳入强化网络防御的范围。有评论人士认为，这是日本加速落实“主动网络防御”构想的重要举措，很可能成为日本网络领域政策的转折点。

The concept of "active cyber defense" is not new. Japan's defense policy documents including the National Security Strategy amended in December 2022 explicitly stated that the Japan Self-Defense Forces (JSDF) would expedite the establishment of an "active cyber defense" mechanism and achieve cyber defense capabilities comparable to or surpassing those of the US and European nations. The so-called "active cyber defense" refers to the relevant Japanese departments' continuous and regular monitoring of cyberspace to discover potential threats in advance, identify and trace the source of network attacks, and take countermeasures such as paralyzing the attack source data based on relevant jurisdiction.

“主动网络防御”并非新概念，日本于2022年12月修订的《国家安全保障战略》等安保政策文件明确指出，自卫队将加速构建“主动网络防御”机制，最终具备与美欧国家同等以上水平的网络防御能力。所谓“主动网络防御”，指日本有关部门持续常态化监视网络空间，提前发现可疑威胁，识别分辨和追溯定位网络攻击源，依据相关权限采取瘫痪攻击源数据等反制措施。

Under Japan's current legal framework, the Japanese government lacks a sufficient legal basis to implement cyber counterattacks. In particular, there is a lack of legal norms on sensitive issues such as setting of legal responsibilities and boundaries for the privacy of people's communications.

从日本国内现行法律看，日本政府要推行网络反击措施，仍缺少相关法理基础和依据，特别是缺少关于法律责任设定、民众个人通信隐私边界设定等敏感问题的法律规范。

To address these issues, the Japanese government established an expert panel in May 2024 to study and determine the legal framework for the "active cyber defense" strategy. The Japanese government plans to draft a bill aimed at securing critical computer systems and submit it to the Diet for deliberation in late January. Concurrently, the government is accelerating efforts to amend the Basic Act on Cybersecurity, the Telecommunications Business Act, the Act on Prohibition of Unauthorized Computer Access, and the Penal Code, among others, aiming to complete legislative work for the "active cyber defense" strategy by mid-2025.

为此，日本政府于2024年5月成立专家小组，研究确定“主动网络防御”构想的相关法律。日本政府将在1月下旬的内阁会议上拟定确保重要计算机系统安全的法案，并提交国会审议。同时，日本政府正加快研究修订《网络安全基本法》《电信事业法》《禁止非法访问法》《刑法》等，计划在今年中期完成推行“主动网络防御”构想的立法工作。

Japan's legislative amendments focus on four main areas. First, it officially designates the state and government as the primary entities responsible for cyber defense and makes cyber defense a statutory obligation of the government. Second, it grants the Cabinet and relevant cyber defense departments authority to trace and counter-hack attacking servers. Third, it comprehensively improves the capability to carry out "active cyber defense." Fourth, it amends the interpretation of the Constitution to legalize monitoring of critical infrastructure networks.

截至目前，日本政府修订相关法律的关注点，主要集中在以下4个方面：一是将国家和政府正式确定为网络防御主体，将网络防御作为政府的法定责任；二是赋予内阁及相关网络防御部门溯源和反向入侵对方攻击服务器的权限；三是全面提高开展“主动网络防御”的能力；四是修订对宪法的解释，将对重要基础设施的网络监控合法化。

The recent series of "legislative amendment" measures by the Japanese government are likely to become a turning point in Japan's cyber policy. Due to restrictions in the Japanese Constitution and related laws, the Japanese government and the JSDF's network surveillance and attack and defense powers are subject to certain constraints. As these legal amendments progress, Japan's domestic cybersecurity laws will align seamlessly with defense policy documents such as the National Security Strategy. This alignment will enable the government and the JSDF to justify countermeasures or even preemptive actions in cyberspace under the guise of protecting critical infrastructure in key departments. The JSDF's cyber warfare capabilities can also, under the pretext of "active cyber defense," conduct preemptive attacks on foreign servers or preset cyber attack weapons in a "dormant" state that can be activated when necessary.

日本政府近期的一系列“修法”举措，很可能成为日本网络领域政策的转折点。由于日本宪法及相关法律限制，日本政府及自卫队的网络监视和攻防权限受到一定制约。随着本轮法律修订工作全面推进，日本国内网络领域的相关法律将与《国家安全保障战略》等安保政策文件实现无缝衔接。日本政府及自卫队将能以“保护重要部门的基础设施”为名义和掩护，提升在网络空间进行反击乃至“先发制人”的能力。自卫队网络作战力量也将在所谓“主动网络防御”的借口之下，对他国服务器实施“先发制人”攻击，或预设处于“休眠”状态的网络攻击武器，一旦有需要将立即发起攻击。

In recent years, the Japanese government and the JSDF have taken various steps to establish the conditions for an "active cyber defense" mechanism and overcome legal and public opinion hurdles. This aligns with Japan's broader strategic shift from the post-World War II "exclusively defense-oriented" policy to systematically developing so-called "counterstrike capabilities." It can be seen that the "active cyber defense" concept goes beyond traditional defense and represents an extension of Japan's preemptive operational strategy into cyberspace.

近年来，日本政府及自卫队采取多种举措，为构建“主动网络防御”机制提供条件，并破除一系列法律和舆论障碍。这与日本政府虽口头声称坚持二战后确立的“专守防卫”战略，却转头成体系地发展所谓“反击能力”的思路相一致。可见，“主动网络防御”构想已远超防御范畴，是日本“先发制人”这一作战思路在网络空间的延续和体现。

Japan has been steadily expanding its cyber warfare capabilities in recent years under the pretext of safeguarding cybersecurity. This obsessive focus on cyberspace and cybersecurity reflects the radicalization of Japan's national security perspective. Japan's attempts and actions to adopt a preemptive approach in emerging domains such as cyberspace contribute to its aggressive adjustments to national security strategy and will pose new threats to global cybersecurity.

近年来，日本以维护网络安全为名，持续扩充网络作战力量。日本网络空间观和网络安全观的偏执倾向，是其国家安全观偏激化的具体表现。日本在以网络为代表的新兴领域“先发制人”的企图和举动，对其国家安全战略的一再激进调整起着推波助澜作用，将给全球网络安全带来新的威胁。