Written by Kevin Lentz
Japan’s new strategic documents indicate two overlapping lines of effort regarding the Japanese Self-Defense Force (JSDF) cyber defense force over the next ten years. These can be characterized as ‘domainification’ and ‘integration.’ Domainification refers to a nearly whole-cloth force constitution attempt to address the needs of cyberspace, which the Japanese government has recently identified as a new domain of warfare. Integration refers to the simultaneous attempt to situate this new domain construct in a joint multi-domain force with the requisite information and cybersecurity standards to enable effective inter- and intra-force operations.
If Japan fulfills its new plans to the letter, it will have a world-class cyber military force capable of robust maneuver and integration across branch and national lines within a decade. This would have strong force multiplying effects for the U.S.-Japanese alliance both in the military and civilian arena. However, severe macroeconomic headwinds, persistent disorder in cyberspace, and the low resource starting point of the JSDF cyber defense force will make building the envisioned cyber defense force in the allotted time challenging.
The Japanese Ministry of Defense’s recognition of cyberspace as one of the “three new domains” in 2018 was the culmination of a gradual process that began as early as 2000.  From 2000 to 2002, individual service branches in the JSDF established and began running computer emergency response teams (CERTs) to protect their networks. This initial effort was then consolidated by establishing a force-wide C4 (command, control, communications, and computers) Systems Command in 2008, a dedicated cyber defense unit in 2014, and the Cyber Defense Command in 2022 with roughly 800 personnel.
The new strategic documents, especially the National Defense Strategy and Defense Buildup Plan, outline goals that sharply accelerate this domain-level trend for Japanese cyber defense forces. The goals to be met in the next decade are: a fourfold increase in manpower to 4000 cyber force personnel (by 2027); the training of roughly 16,000 non-cyber defense force personnel on cyber tradecraft; new military cyber education facilities at the Ground Self-Defense Force Communications School; a new doctrine and concomitant legal framework—‘Active Cyber Defense’—that allows greater maneuverability in cyberspace; and “more realistic” training and exercises with the U.S. aiming at increasing network and command and control operability under conditions of active cyber attack (by 2027).
Taken together these efforts amount to an ambitious attempt to create a domain-level military cyber force along with the educational, legal, doctrinal, and logistical capabilities to operationalize it in the next ten years.
This new cyber defense force is envisioned as a central joint piece of Japan’s emerging multi-domain force.  The goal of building the JSDF into a multi-domain force capable of seamless joint operations across the peacetime-contingency spectrum first emerged explicitly in the 2019 annual defense white paper. This goal built on mid-2010’s concepts of the JSDF as a dynamic defense force, which became more prevalent after Japan established a National Security Council in 2013.
To operationalize this new joint cyber force, the new strategy documents commit Japan to increasing information and cybersecurity levels to enable greater information sharing between JSDF service branches and with U.S. counterparts. This is to be achieved by implementing a ‘Zero Trust’ cybersecurity architecture and utilizing cyber risk management frameworks. The new documents also commit to establishing a permanent Joint HQ (JFHQ) to house the currently siloed service branches of the JSDF. The new JFHQ would be a natural perch for the new cyber defense force.
Complementing these moves towards cyber integration and jointness are two policy-level efforts. Firstly, the National Center for Incident Readiness and Strategy for Cybersecurity (NISC) has been tasked with creating a new centralized organization to coordinate government-wide cybersecurity policies. Secondly, the Defense Strategy and Defense Buildup plan indicate the intention to create a policy consultation framework to solicit cyber policy input from experts.
|Japanese Cyber Defense Force|
‘Active Cyber Defense’ Legal and Doctrinal Framework
|Increase in manpower to 4000 cyber force personnel (by 2027)||Establish Joint Force Headquarters|
|Train roughly 16,000 non-cyber force personnel on cyber security issues||Zero-trust information security architecture and cyber-risk management framework|
|Establish Cyber School at Ground Self-Defense Force Communications School||New NISC central cyber policy organization|
|More realistic training with U.S. counterparts under conditions of cyber attack||Cyber policy expert consultation framework|
Implications for the Alliance – a Pacing Ally in Cyberspace
The U.S.-Japanese alliance shares the goal of maintaining peace and stability in a Free and Open Indo-Pacific through deterrence. If successfully executed, Japan’s cyber defense buildup plans are a positive development towards meeting this goal both in the military and civilian arena and would generate force multiplying effects for the alliance.
In military terms, a domain-level Japanese cyber defense force promises to provide U.S. counterparts in Cyber Command and Indo-Pacific Command with a clear point of contact and integration. Improved efficiency in multi-national force integration will also benefit from the establishment of the JFHQ which will simplify communication with JSDF forces that are currently headquartered and spread across the Japanese archipelago. Tighter information security levels and increased threat intelligence awareness would also enable higher levels of multi-national information sharing and military collaboration. Naturally, in the event of a kinetic conflict in theater, or another natural disaster, the efficiency of this collaboration would become critical.
In the civilian arena, Japan’s cyber defense buildup is also poised to bring greater overall stability to its regional cyberspace. By implementing ‘Active Cyber Defense,’ and adequately resourcing this approach, Japan will increase the cost to foreign cyber units that currently target vulnerable Japanese critical infrastructure and defense industrial base firms. Increased centralization and collaboration on the policy front will also aid ongoing norms-building efforts in the region by clarifying the vision for cyberspace that Japan and allied countries wish to build consensus around.
Japan’s new plans for cyberspace are a benefit to regional stability and the U.S.-Japanese alliance. However, implementing the plans outlined in the new strategic documents promises to be difficult.  In addition to the domainification and integration of cyberspace, Japan has also committed to drastically expanding counter-strike, space, and electromagnetic capabilities alongside a larger reshuffling of its three services to facilitate jointness. These are all ambitious and complicated projects on their own. Moreover, they will have to be accomplished while facing severe macroeconomic headwinds from its aging and shrinking population, modest economic growth, and large public debt. How advocates of Japanese cyber power will fare against other bureaucratic actors in this scarce resource environment is an open question.
Nevertheless, there are precedents for success. The U.S. Cyber Command, for example, was stood up amid a similarly bewildering thicket of shifting priorities and scarcity. The period from 2009-2018 saw the immediate aftershock of the Great Financial Crisis, two protracted conflicts in the Middle East, highly damaging cyber breaches, budget sequestration, the Third Offset effort in the Pentagon, and much more, all within a climate of intense political gridlock and transition at the highest levels of government.
Japan is not the U.S., and no one knows what the next ten years will bring. However, if the current high level of strategic consensus, the relative domestic political stability, and the continued expansion of allied and partner military collaboration persists, there is good reason to bet on timely Japanese implementation of its cyber military goals.
 KONO Taro and IWAYA Takeshi, “Defense of Japan 2019,” n.d.
 Stefan Soesanto, “Japan’s National Cybersecurity and Defense Posture: Policy and Organizations,” application/pdf (ETH Zurich, September 2020), https://doi.org/10.3929/ETHZ-B-000437790.
 Japanese Ministry of Defense, “防衛力整備計画について,” 2022, 6.
 Japanese Government, “National Security Strategy of Japan,” December 20, 2020, 23.
 “National Defense Strategy” (Japan Ministry of Defense, December 2022), 26.
 Japanese Ministry of Defense, “防衛力整備計画について,” 11.
 Taro and Takeshi, “Defense of Japan 2019.”
 Japanese Ministry of Defense, 6.
 “National Defense Strategy,” 30.
 “National Defense Strategy,” 24.
 “National Defense Strategy,” 31, “防衛力整備計画について,” 19.
 The government is also considering establishing a cyber department at the National Defense Academy, https://asia.nikkei.com/Politics/Japan-s-Defense-Ministry-to-set-up-cyber-department-at-its-academy
 https://www.mofa.go.jp/policy/page25e_000278.html , https://www.whitehouse.gov/briefing-room/speeches-remarks/2022/02/11/fact-sheet-indo-pacific-strategy-of-the-united-states/
Meanwhile, east-Asian cyberspace in the rest of the decade is poised to persist as the crime-ridden, information warfare laboratory that it currently is. Thales, “Cyber Threat Handbook 2022” (Thales, 2022), 54.
 Thanks to Ayumi Teraoka for raising this issue.
 Michael Warner, “US Cyber Command’s First Decade,” in The United States’ Defend Forward Cyber Strategy, by Michael Warner (Oxford University Press, 2022), 33–64, https://doi.org/10.1093/oso/9780197601792.003.0004.