By Kevin Lentz
The official inclusion of cyberspace as a military domain by the U.S. in 2004 marked a turning point in international security. Going forward, defense calculations based on air, sea, land, and space forces would need to be complemented by assessments of threats from this ill-defined and evolving ‘fifth domain’ to be complete. Force compositions, doctrines, budgets, and strategies would need to be rethought and rewritten. National and international laws and norms would need to be reconfigured. Indeed, nation-states as a whole would need new organizations, capacities, and infrastructures to meet attacks from this virtual front, and to seize the opportunities therein.
Nearly two decades on, recognition of this enlarged threat space remains haphazard and uneven. On the one hand, there has been a reasonable adoption of cyber security strategies since the mid-2010s. On the other hand, the explicit commitment of military resources to meet cyber threats has been slower and more uneven. Few countries have developed cyber defense strategies, and equally few have operationalized military cyber commands. Those that have stood up cyber commands span a wide spectrum. Some countries have operated their cyber commands for over a decade, others have only recently centralized cyber units, and many others still do not possess offensive cyber capabilities at all. In the meantime, dozens of state and non-state cyber threat actors continue to pursue operations that have imposed hundreds of billions of dollars in losses and continually erode the strategic foundation of their targets.
In the midst of this shifting terrain the implication of cyber threats for alliance structures is unclear. Originally created to defend and deter conventional threats, alliances today must also rebalance to meet shared threats emanating from cyberspace. Often, these threats fall below the threshold of use of force that would trigger military retaliation and also sit uncomfortably between existing military and law enforcement procedures. Nonetheless, the opportunity for strategic loss (and gain) is real and growing. As Goldman and Warner put it,
Today military and intelligence organs of other states can, virtually and at a distance, steal intellectual capital, compromise the privacy and security of citizens, and impugn the legitimacy of democratic institutions (with their electorates, allies, and creditors) at a scale never before possible outside of armed conflict.
There is therefore great need to marshal state assets, including via alliances, to meet this threat and many states are doing so. The North Atlantic Treaty Organization (NATO), for instance, affirmed that cyberattacks would trigger collective defense measures under article V at the 2014 Wales conference. They have also established the NATO Cooperative Cyber Defense Center of Excellence (CCDCOE) and have plans to operationalize a joint cyber command in 2023. Outside of Europe, nation-states also regularly engage in bi- and multi-lateral cyber exercises.
Unfortunately, apart from studies of NATO, there has been little research singularly dedicated to tracing the process of alliance adaptation to cyber threats and theorizing the results. As a result, while non-NATO states continue to promote cyber security cooperation, norms building, and joint cyber operations through alliances, there are few attempts to show how their high-level decisions and policies have played out at the operational and organizational level. This essay proposes to help fill this gap in the literature by taking the military cyber component of the U.S.-Japanese (JP) alliance as a case study. To complete this case study the institutional history, capacity, and strategic trends of the military cyber components of the U.S., Japan, and their main adversary China will be examined. Following this the operational record of the U.S.-JP alliance in cyberspace is examined.
Through this process we find that while the alliance displays a high unity of purpose, the unique institutional and legal contexts of U.S. and Japanese cyber force development have resulted in a constrained and low level of joint operations in cyberspace. This stems mainly from a parallel command structure, the legally ambiguous and highly risky character of Japanese cyber operational capacity, and the low starting level of resource commitment to Japanese cyber capacity, though recent strategic documents indicate greater allocation in the near term. Therefore, U.S.-Japanese alliance operations in cyberspace are unlikely to rise above information sharing and mutual cyber exercises in the near term.
The U.S. Military in Cyberspace – U.S. Cyber Command
The U.S. Cyber Command (CYBERCOM) has emerged from a decades long process as the U.S. military’s primary cyber force. Originally conceptualized as a component of ‘information operations’ alongside psychological and electronic warfare, cyber operations were conducted as part of the U.S. Space Command’s Joint Task Force—Computer Network Defense (JTF-CND) established in 1998. This task force was then split into an offensive and defensive component in 2004-2005 as part of the U.S. Strategic Command (STRATCOM) before being once again unified under a single commander within STRATCOM as CYBERCOM in 2009-2010. After establishing the National Cyber Mission Force in 2012, four respective service branch component commands, and reaching full operational capacity, CYBERCOM was elevated to a unified combatant command in 2018. Since then CYBERCOM has grown to a workforce of roughly 6000 military and civilian personnel and a standalone budget of over $600 million.
The elevation of CYBERCOM to a combatant command in 2018 also came with a decisive strategic shift towards ‘persistent engagement,’ a key feature of which is the idea of ‘hunt forward.’ This involves a mixture of offensive and defensive cyber operations in neutral (‘gray’) and adversary (‘red’) cyberspace aimed at disrupting, defeating, and deterring cyber effects operations at, or very near, their source. A recent example of ‘hunting forward’ is the deployment of a CYBERFORCE team to Ukraine in December 2019 to identify and inoculate against cyber threats on Ukraine’s networks. Commander Gen. Paul Nakasone has also confirmed that CYBERCOM leveraged offensive cyber operations as part of its mission to secure the 2020 presidential elections.
This more offensive shift came in part from the growing frustration of executive and legislative policymakers at the lack of deterrent effect that the previous administrations’ mostly defensive cyber guidance was having. The Commission on the Theft of Intellectual Property Reports for 2013 and 2017, for instance, both estimated an annual loss in American business of anywhere from $215 to $600 billion—a sum that the CYBERCOM commander Keith Alexander once described as, “the greatest transfer of wealth in history.” Moreover, this staggering economic loss does not account for the strategic damage incurred through the theft of military secrets, such as the stolen data on the F-35 and other U.S. aircraft. A robust academic discussion from around this time also coalesced around a more ‘active defense’, as did a three-year Defense Science Board task force on Cyber Deterrence, with many shared points that eventually emerged in the 2018 Department of Defense Cyber Strategy.
Despite CYBERCOM’s elevation, however, the Defense Science Board report concluded,
…for at least the next decade , the offensive cyber capabilities of our most capable adversaries are likely to far exceed the United States’ ability to defend key critical infrastructures. The U.S. military itself has a deep and extensive dependence on information technology as well, creating a massive attack surface.
The last point bears emphasizing. While CYBERCOM commands roughly 6200 personnel, amidst a roughly 160,000-person DoD cyber workforce, these cyber warriors are tasked with protecting a defense information network comprised of 15,000 classified and unclassified networks, 3.5 million users, 4.5 million endpoints, and 600,000 mobile subscribers. It is therefore possible that they are quite simply ‘swallowed up by the enormity of the attack surface they are required to defend.
It is therefore unsurprising that recent defense budget requests have seen a nearly five-fold increase in funding for cyberspace activities since 2012. Amidst this general rush to cyber arms CYBERCOM is slated to gain greater administrative control over planning, programming, and execution over its budget, including control over the acquisition process for cyber capabilities, amidst a general increase in the Cyber Mission Force team count from the original 133 to 142.
The Japanese Self-Defense Forces in Cyberspace – Japan Cyber Defense Command
Japan’s adaptation to threats from cyberspace, on the other hand, has occurred more slowly and in a more constrained environment. Article IX of Japan’s current constitution prevents the use of force to settle international disputes which amounts to a de jure ban on maintaining a standing military. However, successive interpretations over the years have resulted in the normalization of the Japan Self-Defense Forces (JSDF) acting as a de facto multi-domain military for Japan. Nevertheless, the Japanese application of military force remains constrained to strictly self-defensive use cases. In the context of the 2013 reinterpretation of Japan’s constitution to enable greater flexibility to respond to national security incidents, this amounts to a ‘white-list’ of detailed pre-conceived scenarios in which use of force is permitted. How such a format would be operationalized in a real-time crisis which will inevitably fall outside of the white-listed scenarios, however, is unclear and untested. It is within this strictly defensive and legally risky environment that the JSDF has developed military cyber capabilities.
This development began in earnest in the early 2000s with the independent establishment of Computer Emergency Response Teams (CERTs) by each JSDF service branch from 2000-2002. Separately, in 2008 the Ministry of Defense established a C4 (command, control, communications, and computers) Systems command to oversee the security of Japan’s Defense Information Infrastructure (DII) and Central Command System (CSS) which had hitherto lacked a dedicated defense team. Following a relatively long period of inactivity the Cyber Defense Group was stood up in 2013 as a joint CERT for the DII drawing talent from across the services. Initially formed with a staff of ninety, the Cyber Defense Group grew rapidly to roughly 550 members by 2021. In 2022 the Cyber Defense Group was further elevated to a Cyber Defense Command with the simultaneous development of cyber defense component commands in the JSDF service branches, and further goals to increase staffing and funding.
Strategically, Japan’s assessment of the importance of cyberspace and the need for military force has evolved significantly in the past decade. 2010 marked the first time cyberspace was mentioned in the annual Defense of Japan Ministry of Defense white paper, which was followed by significant attention devoted to cyber attacks in the 2011 National Defense Program Guidelines (NDPG) and Mid Term Defense Program. However, in these documents, cyberspace is only mentioned haphazardly in relation to ‘countering cyber attacks.’ This changed in the 2018 NDPG and Mid Term Defense Program in which cyberspace was officially recognized as a discrete military domain alongside outer space and the electromagnetic spectrum, which are termed the ‘three new domains.’ This domainification of cyberspace by Japan has remained a constant in successive annual white papers and, alongside the emergence of Japan’s new ‘multi-domain defense force’ concept for the JSDF, represents a strong intent to operationalize military force in cyberspace.
Nevertheless, doubts remain about the JSDF’s ability to do so. Despite the stated intent of conducting cyber-enabled joint multi-domain operations in 2018, for instance, Katagiri notes that no record of such an operation being carried out exists. Moreover, a JPCERT report indicates that from 2014-2020 96.8% of breach attempts against targets across Japanese were successful. While this statistics does not account for breach rates against government targets specifically, these two facts together highlight the difficulty faced by the JSDF in operationalizing military force in cyberspace. On the one hand, the long-standing legal constraints on offensive Japanese military activity extend to the cyber domain. The result thus far has been an ‘exclusively defensive cyber policy,’ which prohibits the JSDF from ‘hunt forward’ or active defensive cyber operations and forces them to react to cyber attacks after they occur.  This exclusively defensive cyber stance was modified in the 2022 update of Japanese strategic documents, however, in which the government has committed to pursuing ‘active cyber defensive,’ although neither the concept nor its relation to current military law is elaborated upon.Moreover, the JSDF’s relatively late mobilization of a cyber defense command has resulted in a lack of resources from manpower to funding given the severity of the task. The current cyber component of the annual JSDF budget is a mere ¥34.2 billion, or roughly $25 million.
The China Threat – The People’s Liberation Army Strategic Support Force
After half a century that saw the alliance drift and then tighten to address the threat from global terrorism, the current main driver of the U.S.-JP alliance is the People’s Liberation Army Strategic Support Force (PLASSF) and Ministry of State Services (MSS) of China. Although attribution of cyber attacks is a complicated task, multiple leading threat intelligence firms have observed a correlation between the aims of the Chinese Communist Party (CCP) and observed Chinese Advanced Persistent Threat (APT) activities, even tracing a few directly to the MSS and PLASSF. In general, the largest target of these activities is the U.S., and the main form these activities take is cyber espionage and reconnaissance, often targeting the government and think tank sectors. As noted earlier, these espionage activities and hacks have been assessed to cost the U.S. economy between 225-600 billion dollars annually. Moreover, disastrous data breaches such as that which saw, allegedly, terabytes of classified data on the F-35 and the leaking of over 20 million identities from the Office of Personnel Management have follow on consequences to US strategic defense customers who have invested heavily in advanced US arms, including Japan. Again, while attribution is contested, Japan itself suffered a leak of military data from a Mitsubishi Heavy Industries hack in 2011, and continues to lose millions of dollars a year to high profile hacks, such as the 2021 hack of Nippon Telegraph and Telephone (NTT).
In pursuit of these impressive cyber feats, if not the feats themselves, the CCP has built up the PLASSF as a purpose-fit military cyber organization since the 1990’s. This process began with a period of Chinese learning of American tactics, techniques, and procedures during the Gulf War which lead the CCP leadership to recognize the importance of network technology in modern war, and to establish the goal of winning, “local wars in conditions of modern technology.”  To operationalize this doctrine, the PLA General Staff Department’s Third Department (3PLA) and Fourth Department (4PLA), which focused on cyber espionage and electronic warfare respectively, were directed to carry out China’s information operations.
This line of effort continued in a 2004 document titled “China’s National Defense”, which noted that ‘informationization’ had become the key to enhancing the warfighting capabilities of their armed forces. PLA leaders sought to apply this insight through force-wide operational concepts, including the rapid development of offensive information capabilities aimed at a basic ability to disrupt U.S. C4ISR assets. In the mid-2010s this doctrinal initiative was matched with the structural reform which ultimately saw the 3PLA and 4PLA merge in 2015 to comprise the PLASSF. Comprised of a Space Systems Department and Network Systems Department, remnants of the merger of 3 and 4PLA, and with an estimated 175,000 person cyber work force, the PLASSF has been given the task of debilitating adversary C4ISR assets while providing the main PLA branches with critical mission information. Unfortunately, due to the current fog of hybrid war other basic inter and intra divisions of labor, for instance between the PLASSF’s departments and between the PLASSF and MSS, are unclear and unlikely to get clearer anytime soon. Regardless, given the important and growing body of Chinese APTs, Chinese sources data breaches and hacks, and the generally mammoth resources commanded by the PLASSF, the U.S.-JP alliance has significant cause for concern in cyberspace.
The Alliance in Cyberspace
To date, however, visible U.S.-JP alliance defense coordination in cyberspace has mostly occurred on the policy level. The evolution of this coordination began in the late 2000s with a series of information assurance agreements originally intended to bolster security around ballistic missile defense. This coordination was brought to a higher level by a 2011 U.S.-JP Security Consultative Committee (SCC) which for the first time included cybersecurity as a ‘common strategic objective,’ and emphasized the need to promote critical infrastructure resilience and information security. The 2011 SCC also called for the creation of a whole of government cyber policy dialogue, which met for the first time in 2012 and has met seven total times in the intervening years. Also around this time, in 2013, the SCC announced that U.S. and Japan had signed terms of reference for a Cyber Defense Policy Working Group (CDPWG) with the goal of improving individual cyber capabilities as well as interoperability between the JSDF and the U.S. military. This group met for the eighth time in May 2022.
These initial 2010’s efforts came to a head in 2015 with the simultaneous release of a CDPWG statement and the newly updated Guidelines for Japan-U.S. Defense Cooperation. In the CDPWG statement, a shared assessment of the threat space was announced, as well as the first confirmation that the Japanese Ministry of Defense (JMOD) had cooperated with the DoD on ‘information assurance, defensive cyberspace operations, and information security.’ The document also outlined the intent to ‘explore options for enhanced operational cooperation between cyber units,’ as well as a commitment to sharing information regarding best practices on military training and exercises,’ and ‘education and workforce development.’ The updated Guidelines for Japan-U.S. Defense Cooperation, on the other hand, detailed the creation of a whole of government bilateral ‘Alliance Coordination Mechanism,’ as well as a ‘Bilateral Planning Mechanism’ to strengthen defense coordination. It also joined the CDPWG statement in affirming the intent to share information on cyber threats, capacities, and training best practices, as well as the intent to conduct bilateral cyber exercises.
Following this general upgrade of the U.S.-JP Alliance, cyber defense policy has generally remained highly visible in subsequent SCC meeting statements, with the important clarification that ‘in certain circumstances’ cyber attacks could constitute an armed attack for the purposes of Article V of the U.S.-Japan Security Treaty coming in 2019. Also, at a grander level, U.S. and Japanese strategic signaling through national security documents has displayed a fair degree of coordination. This is visible primarily in through the lens of the late Prime Minister Abe Shinzo’s concept of the ‘Free and Open Indo Pacific,’ which first the Trump and then Biden administration have echoed. The Japanese government has further incorporated this language into its vision for a ‘free, fair, and secure cyberspace,’ which the U.S. has not, although it certainly resonates with the Trump era cyber security language of an ‘open, interoperable, reliable, and secure internet.’
Down from the lofty heights, however, the visible operational reality of U.S. JP cyber cooperation is limited to a growing drumbeat of bi- and multi-lateral cyber exercises. These include ‘Cyber Thunder’ in 2019, ‘Cyber Flag’ and ‘Keen Sword’ in 2022, and an unnamed intelligence community cyber exercise in 2021. Japan has also participated in NATO’s ‘locked shields’ annual cyber exercise since 2021. Sporadic press releases from service branch outposts also suggest that unnamed bilateral exercises also occur regularly.
Ultimately, the alliance cyber strategy follows the general trend of the U.S.-Japan alliance. Militarily, the division of roles has not changed, despite the increase in alliance coordination since 2015. This is conventionally described in the metaphor of the ‘shield and spear’ represented by the JSDF and U.S. military respectively. The 2015 Guidelines for Japan-U.S. Defense Cooperation captures this division well in its opening section:
Japan will possess defense capability on the basis of the “National Security Strategy” and the “National Defense Program Guidelines”. The United States will continue to extend deterrence to Japan through the full range of capabilities, including U.S. nuclear forces. The United States also will continue to forward deploy combat-ready forces in the Asia-Pacific region and maintain the ability to reinforce those forces rapidly.
Given the constraints faced by the JSDF, and the high asymmetry of resources between the JSDF and U.S. military, it is hard to see how it would be otherwise. Nonetheless, the ‘shield and spear’ arrangement will need to be remodeled in cyberspace for the same reasons it is currently being remodeled in the conventional domains. For instance, due to the overwhelming numeric missile superiority of the People’s Liberation Army Rocket Force (PLARF), and the growing capacity of North Korean international continental ballistic missiles, Japan’s layered ballistic missile defense system is increasingly being seen as inadequate, prompting the government to commit to stand-off strike capabilities. The case is much the same in cyberspace, as the U.S. and Japanese experiences have both shown that a purely defensive cyber posture is inadequate to deter malicious cyber activity. It is unsurprising, then, that Japan has recently adopted changes to allow for a more ‘active defense’ in cyberspace as well, though again the exact meaning of active defense in Japan’s legal context remains ambiguous.
Concluding Analysis – a Long Road Ahead
The effort of process tracing above has attempted to shed light on the way in which the U.S. and Japan have adapted their military structures individually and in alliance to meet new threats from cyberspace. In the case of the U.S., the operationalization of cyberspace took a ponderous evolutionary path toward centralized autonomy over a span of nearly three decades. In Japan, the process has followed a similar timeline and trend, albeit with the unique characteristic of being exclusively defensive. In alliance, meanwhile, the U.S. and Japan have only recently begun the process of operationalizing their respective cyber capabilities, and at a low level.
At the policy and strategic level the alliance gives the appearance of clear unity of action. Both nations have synchronized their respective views on the military nature of cyberspace, both nations have developed unified or sub-unified Cyber Commands that can facilitate further military-to-military cooperation in cyberspace, and both nations continue to increase funding for their cyber capabilities. Nonetheless, there are clear limitations to the realization of effective alliance cyber power at the operational level. In the first place is the command structure of the U.S.-JP Multinational Force (MNF). JP3-16 describes the DoD perspective on MNF operations in platonic form. There are three MNF command structures, in order of decreasing efficiency: Integrated Commands, Lead Nation Commands, and Parallel Commands. Japan falls under the latter and least efficient, in which no single force commander is dedicated to leading MNF efforts. Instead, the two distinct national chains of command interact in isolation from one another. JP3-16 describes ‘Coordination Centers’ which can be used to facilitate joint operations, but it is unclear if even this rudimentary unit of coordination exists for U.S.-JP cyber operations. Secondly is the issue of the JSDF’s highly constrained legal space for maneuver. The JSDF is technically not a military force and is also not allowed to engage in offensive activities. This seriously limits the range of operations the U.S. and Japan can pursue in cooperation and dramatically raises the risk calculations of military planners considering joint cyber operations. Lastly, and relatedly, is the relatively underdeveloped state of the JSDF Cyber Defense Command. Brand new and operating with roughly 500 personnel and the budget equivalent of a few anti-ballistic missiles, the JSDF Cyber Command has a narrow capacity and will likely prioritize force development in the near term, at the very least until 2027 as indicated in its recent strategic updates.
In conclusion, while it is early days for alliances in cyberspace across the board, it is especially so for the U.S.-JP alliance. Due to the factors described above, the alliance currently lacks the institutional, legal, and operational capacity to mobilize cyber force at scale. This situation is unlikely to change in the near term given the obstacles, though the recent cycle of strategic document updates in Japan amount to a definite step forward.
Further research is needed to clarify the following areas: the institutional history of Japan’s DII and CSS, the nature of Japanese cyber operations doctrine, the details of the activities of the various alliance coordination groups, the command structure units of the U.S.-JP MNF, the scale of damages suffered by Japan due to cyberattacks, the innovation and conflict cycle in cyber operations, the impact of Chinese cyber operations on U.S. and Japanese cyber defense concepts, and further case studies of other bilateral alliances’ military activities in cyberspace.
 Michael Warner, “US Cyber Command’s First Decade,” in The United States’ Defend Forward Cyber Strategy, by Michael Warner (Oxford University Press, 2022), 33–64, https://doi.org/10.1093/oso/9780197601792.003.0004.
 These are state-level documents that detail the intention to commit resources to the enhancement of critical infrastructure and information security. As of 2021, over 120 countries have authored cyber security strategies. Max Smeets, “Mind the Gap: Trends in Cyber Policy and Activity,” in No Shortcuts, by Max Smeets, 1st ed. (Oxford University Press, 2022), 21–32, https://doi.org/10.1093/oso/9780197661628.003.0003.. P.23
 Around 40 have Cyber defense strategies and Smeets. “Mind the Gap.”
 Piret Pernik, “National Cyber Commands,” in Routledge Handbook of International Cybersecurity, ed. Eneken Tikk and Mika Kerttunen, 1st ed. (Routledge, 2020), 186–98, https://doi.org/10.4324/9781351038904-17.; Smeets, “Mind the Gap.”
 Singer and Cole, “Cyber Solarium Report.” See this spreadsheet for some of the known cyber threat actor groups: https://docs.google.com/spreadsheets/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/edit#gid=361554658
 Emily O. Goldman and Michael Warner, “The Military Instrument in Cyber Strategy,” SAIS Review of International Affairs 41, no. 2 (June 2021): 51–60, https://doi.org/10.1353/sais.2021.0017.P.55
 Martin Libicki, “For a Baltic Cyberspace Alliance?,” in 2019 11th International Conference on Cyber Conflict (CyCon) (2019 11th International Conference on Cyber Conflict (CyCon), Tallinn, Estonia: IEEE, 2019), 1–14, https://doi.org/10.23919/CYCON.2019.8756758.; Gregory H. Winger, “Cybersecurity in the U.S.-Philippine Alliance: Mission Seep,” The Pacific Review, August 21, 2022, 1–29, https://doi.org/10.1080/09512748.2022.2112064.; Paul Kallender and Christopher W. Hughes, “Japan’s Emerging Trajectory as a ‘Cyber Power’: From Securitization to Militarization of Cyberspace,” Journal of Strategic Studies 40, no. 1–2 (January 2, 2017): 118–45, https://doi.org/10.1080/01402390.2016.1233493.
 The four component commands are U.S. Army Cyber Command (ARCYBER), 16th Air Forces Cyber (AFCYBER), U.S. Tenth Fleet/Fleet Cyber Command (FLTCYBER), and U.S. Marine Corps Forces Cyberspace Command (MARFORCYBER).
 Nakasone, “Fiscal Year 2021 Budget Request for U.S. Cyber Command and Operations in Cyberspace.” CYBERCOM also benefits from the roughly 9 billion general cyber defense budget of the DoD.
 “Achieve and Maintain Cyberspace Superiority Command Vision for US Cyber Command.”
 Warner, “US Cyber Command’s First Decade,” 18.
 The Commission on the Theft of American Intellectual Property, “Update to the IP Commission Report,” 2017. https://foreignpolicy.com/2012/07/09/nsa-chief-cybercrime-constitutes-the-greatest-transfer-of-wealth-in-history/
 Joseph S. Nye, “Deterrence and Dissuasion in Cyberspace,” International Security 41, no. 3 (January 2017): 44–71, https://doi.org/10.1162/ISEC_a_00266.; Richard J. Harknett and Joseph S. Nye, “Is Deterrence Possible in Cyberspace?,” International Security 42, no. 2 (November 2017): 196–99, https://doi.org/10.1162/ISEC_c_00290.; Mckenzie, “Is Cyber Deterrence Possible?”; David Maimon, “Deterrence in Cyberspace: An Interdisciplinary Review of the Empirical Literature,” n.d., 31. “Defense Science Task Board, Final Report, Task Force on Cyber Deterrence,” 2017.
 Glenn Alexander Crowther, “The Cyber Domain,” The Cyber Defense Review 2, no. 3 (2017): 63–78.64-65.
 Smeets, “A Typology of Cyber Actors,” 63.
 “United States Department of Defense Fiscal Year 2023 Budget Request,” 13.
 Nori Katagiri, “The Promise and Challenges of Launching Cyber-Military Strikes: Japan’s ‘Cross-Domain’ Operational Concepts,” International Relations of the Asia-Pacific, August 9, 2022, lcac008, https://doi.org/10.1093/irap/lcac008.
 Stefan Soesanto, “Japan’s National Cybersecurity and Defense Posture: Policy and Organizations,” application/pdf (ETH Zurich, September 2020), https://doi.org/10.3929/ETHZ-B-000437790.
 Soesanto; Nobuo, “Defense of Japan 2022.”
 Nori Katagiri, “The Promise and Challenges of Launching Cyber-Military Strikes: Japan’s ‘Cross-Domain’ Operational Concepts,” International Relations of the Asia-Pacific, August 9, 2022, lcac008, https://doi.org/10.1093/irap/lcac008.
 Nori Katagiri, “From Cyber Denial to Cyber Punishment: What Keeps Japanese Warriors from Active Defense Operations?,” Asian Security 17, no. 3 (September 2, 2021): 331–48, https://doi.org/10.1080/14799855.2021.1896495.
 Benjamin Bartlett, “Japan: An Exclusively Defense-Oriented Cyber Policy,” Asia Policy 27, no. 2 (2020): 93–100, https://doi.org/10.1353/asp.2020.0013.
 “National Defense Strategy” (Japan Ministry of Defense, 2022), 26; “2021 Cyber Security Strategy” (National center of Incident readiness and Strategy for Cybersecurity Japan, 2021), 27.
 “Defense Programs and Budget of Japan 2022.”
 The exact definition of APT’s is debated, but they generally consist of a group of malicious actors able to breach target networks, create effects, and persist in those networks for a significant period of time. Microsoft, “Microsoft Digital Defense Report 2022,” n.d.; Mandiant, “M-Trends 2022 Report,” n.d.; Thales, “Cyber Threat Handbook 2022” (Thales, 2022) Mandiant, “APT1 Exposing One of China’s Cyber Espionage Units” (Mandiant, 2013).
 Brandon Valeriano, “Dyadic Cyber Incident Dataset v 2.0” (Harvard Dataverse, 2022), https://doi.org/10.7910/DVN/CQOMYV; Microsoft, “Microsoft Digital Defense Report 2022.”
 “Update to the IP Commission Report,” 2017.
 https://thediplomat.com/2015/01/new-snowden-documents-reveal-chinese-behind-f-35-hack/ , https://www.washingtonpost.com/news/federal-eye/wp/2015/07/09/hack-of-security-clearance-system-affected-21-5-million-people-federal-authorities-say/
 “Analysis: China’s Evolving Military Doctrine after the Cold War,” SETA, February 25, 2020, 13-14, https://www.setav.org/en/analysis-chinas-evolving-military-doctrine-after-the-cold-war/.
 Kania, Elsa. “PLA Strategic Support Force: The ‘Information Umbrella’ for China’s Military.” The Diplomat. The Diplomat, April 1, 2017. https://thediplomat.com/2017/04/pla-strategic-support-force-the-information-umbrella-for-chinas-military/.
 Lyu Jinghua, “What Are China’s Cyber Capabilities and Intentions?”.
 John Costello and Joe McReynolds. “China Strategic Perspectives 13 – National Defense University,” 8. Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance
 Kitchen, “Informatized Wars.”
 These efforts are also continually bolstered by the work of the Japan-U.S. IT Forum which acts as a regular meeting for the DoD Chief Information Officer (CIO) and Japan’s Defense Councilor for Cyber Security and Information Technology which began in 2000 and met for the fifteenth time in 2022. https://www.mod.go.jp/j/press/news/2022/05/13b.html, https://www.defense.gov/News/Releases/Release/Article/3179459/strengthening-alliances-in-the-pacific-us-and-japan-conduct-15th-information-te/
 Michael J. Green, Line of Advantage: Japan’s Grand Strategy in the Era of Abe Shinzō (New York: Columbia University Press, 2022), ch.4.
 “2021 Cyber Security Strategy”; “2018 Cyber Strategy,” n.d.
 “The Guidelines for Japan-U.S. Defense Cooperation 2015.”
 https://www.yomiuri.co.jp/politics/20221031-OYT1T50257/ “National Defense Strategy” (Japan Ministry of Defense, 2022).
 “JP3-16 Multinational Operations,” n.d., II–5.
 “National Defense Strategy.”