Recently, the Japanese Parliament passed an active cyber defense bill that would enable Japan to monitor communications that originate outside the country and contact users in Japan, as well as those communications that use Japan as hub between other countries.  Set to go into effect in 2027, the new law is designed to take lessons learned from the United States’ experience in conducting similar operations and apply them to Japan’s unique cultural and legal frameworks to improve its own cyber resiliency.  For a country that has espoused a defense only posture since World War II, this new development would enable Japan to proactively neutralize cyber threat actor operations before they could initiate their own attacks against Japanese targets.  The law would also allow Japan to provide cyber support to its allies as long as it furthers Japan’s self-defense interests.

Many believe this move is necessary in order to position Japan to respond to cyber attacks promptly and efficiently.  Japan has been a frequent target of both cybercriminals as well as nation state actors that have targeted its critical infrastructure as well as private sector with a variety of attacks that have ranged from DDoS attacks, data breaches, and state-led cyber espionage campaigns.  During the first three months of 2025, criminal hackers hijacked Japanese financial accounts and conducted approximately USD $2 billion in authorized trades.  With respect to nation state cyber malfeasance, Japan is a frequent victim of Chinese cyber operations.  Over the course of five years, Chinese cyber threat actor dubbed MirrorFaceconducted more than 200 attacks that focused on stealing sensitive national security and advanced technology data.  

The new authorization now elevates Japan to the same level as the United States and the United Kingdom with respect to committing active defense in cyberspace, marking another state actor’s entrance into conducting offensive cyber operations.  Despite Japan’s history of defense first thinking, the embracing of active cyber defense has been in development over the past several years and introduced in Japan’s 2022 National Security Strategy.  In fact, Japan has been focused on bolstering its cyber capabilities by investing in recruitment and establishing cooperative agreements with countries like the United States.  It is clear that not only is Japan interested in improving its overall cyber preparedness, it is eagerly seeking to be a substantial cyber player, especially in the contentious Asia-Pacific Region  where cybercrime flourishes and is home to several cyber-capable state actors.

There is an obvious advantage to Japan pursuing active cyber defense as a matter of policy that benefits the United States, and other Western countries frequently victimized by a barrage of cyber espionage campaigns – help in countering China. With an official policy of conducting active cyber defense activities, the West and the United States in particular will have an ally in the region with whom to collaborate with in tracking China’s pervasive state cyber actors.  Not only can vital intelligence be shared, but as is the case with U.S. active cyber defense operations, preemptive strikes can occur collaboratively with operators sitting side by side in real time.  No doubt Beijing sees how not only the potential of such a relationship could impact its spying/collection efforts, but how such a relationship – if successful – could extend to other regional players China has exploited over the years.  The Quadrilateral Security Dialogue, or “Quad” as it’s known, includes Australia and India in addition to the United States and Japan, all of which possess their own offensive cyber capabilities. The potential for the Quad to elevate their cyber security collaboration to engage in active cyber defense as a collective would be something that could possibly put a dent China’s rampant cyber exploitation.

But such a move could also be the catalyst for cyber capable adversaries of the West and its allies to create their own coalition to counter the moves of this digital alliance, further formalizing the cyber cold war that many believe already exists between the United States and its adversaries.  Under the premise of active cyber defense, a government can and will execute preemptive strikes with the intent of disrupting hostile cyber actions to be directed against it or entities that are in its interests to protect, which can include allies as observed with U.S. active defense operations.  There has been little need to show proof of these activities to the global community, which is off-putting given that they are ostensibly attacks being conducted in the name of defense.

Equally worrisome is that states aligning their support and collaborating to engage in active cyber defense could give the wrong perception not only to the target country, but others that may interpret the attack as one borne out of self-interest rather than self-defense.  This serves only to further the weaponization of cyberspace and encourage states to develop or at least acquire similar capabilities lest they be caught without them.  If many states adopt an active cyber defense policy, they will have their own justifications for striking a presumed antagonist, and worse, may not have suitable frameworks, guidelines, or checks-and-balances to ensure they are pursuing a measured course of action.  This does not improve the confidence and resiliency of cyberspace but creates a landscape of paranoia where states look out eerily into the cyber no-man’s land with their digital weapons pointing in all directions in fearful anticipation.

For the foreseeable future, more states will likely lean toward active cyber defense as a viable remedy for helping reduce the risk of them becoming victims of proficient cyber threat actors.  But there needs to be serious consideration of what a future looks like where many states possess some level of capability and are willing to pull the trigger whenever they believe it is in their interests to do so.  This will invariably vary depending on the state who may or may not elect to provide technical proof to justify their preemptive attacks.  Absent such sharing, the rest of the world will just have to take the state’s word for it.  Sure, states can cooperate and levy sanctions or other diplomatic/economic punitive measures for assaults they don’t believe are justified, but at that point it would be difficult to really pass judgment without considering historical, cultural, and geopolitical context that may have supported making such a determination in the first place. And what we risk being left with is the normalization of such activities whether we like them or not, and perhaps worse, a cyber environment that doesn’t look to be more secure than it already is.