What is the Active Cyber Defense Law? A New Legal Framework to Combat Modern Cyber Threats

Source: House of Representatives "Bill on Promoting the Establishment of an Active Cyber Defense System to Ensure Cybersecurity"

1. Background and Purpose of the Active Cyber Defense Bill

Currently, the bill is undergoing adjustments toward passage and is provisionally named the "Bill on Promoting the Establishment of an Active Cyber Defense System to Ensure Cybersecurity."

1.1 Current State of Cyber Threats

a Rapid Technological Evolution, Advanced Attack Methods, and Sophisticated Organizational Structures

Cyber-attacks have evolved beyond mere information leaks and data destruction, increasingly targeting national infrastructure and critical industries. Especially concerning are state-sponsored Advanced Persistent Threats (APTs) and highly organized cyber-criminal groups employing sophisticated techniques. These targeted attacks demand strategic, swift responses, highlighting the inadequacy of traditional passive defense measures and underscoring the need for active cyber defense strategies.

b Growing Damage (APT, Ransomware, DDoS, Phishing)

The scope of damage from phishing and ransomware attacks is expanding, reinforcing perceptions of the inadequacy of traditional passive defenses. A notable example is the significant hacking incident involving North Korean APT groups against DMM Bitcoin, resulting in substantial illicit cryptocurrency outflows. Additionally, DDoS attacks targeting Japan’s critical infrastructure—including finance, energy, transportation, and healthcare—have significantly increased, elevating the risks to socio-economic stability.

1.2 Purpose of the Bill

The Active Cyber Defense Bill aims not only to respond after attacks occur but also to detect threats early and proactively implement countermeasures.

a Rapid Intervention and Takedown Actions

The bill includes swift interventions such as blocking access to attacking servers and taking down phishing websites and malware distribution hubs promptly. By leveraging threat intelligence for real-time monitoring, it seeks to identify the origins of targeted attacks, collaborate internationally, and establish a comprehensive cyber defense strategy.

b Strengthened Public-Private Collaboration

Close coordination between essential infrastructure operators (energy, transportation, telecommunications) and the government will facilitate real-time information sharing, rapid threat analysis, and responsive measures. Early detection, source identification, containment, and potential international countermeasures are emphasized, reinforcing national and international cyber resilience.

c Expanding Cybersecurity Talent

To counter advanced cyber threats, governments and corporations urgently require specialized personnel. Enhanced educational curricula, practical training programs, and participation in international cybersecurity competitions are encouraged. Promoting talent exchange between government and private sectors aims to ensure cutting-edge skill dissemination and responsiveness.

2. Main Points of the Bill

2.1 Technical Aspects

Real-time Monitoring and Cloud Integration for Automated Response

The bill envisions implementing systems for detecting early-stage cyber threats and automatically blocking malicious traffic. Strengthening cooperation with cloud providers and ISPs is critical, given the international nature of attacks, enhancing rapid response capabilities and minimizing threat proliferation.

2.2 Legal Aspects

Consistency with Existing Laws and Establishment of Exceptions

A significant challenge involves aligning the bill with existing laws, including the Unauthorized Computer Access Act and wiretapping regulations. Legislative amendments and clearly defined exceptions might be necessary to enable rapid government action during emergencies, strengthening national cybersecurity.

3. Expected Effects and Challenges

Rapid response based on early threat detection is anticipated to prevent extensive damage, particularly through real-time collaboration between critical infrastructure operators and government entities. This would enable the establishment of advanced and comprehensive cyber defense mechanisms, significantly enhancing early threat detection and response capacity. Additionally, integrating industry expertise with governmental regulatory capabilities is expected to strengthen risk management and containment strategies, bolstering sustainable cybersecurity infrastructure. Heightened attention to cybersecurity will also stimulate the cybersecurity market, particularly services such as phishing site takedowns.

3.2 Major Challenges

a Ensuring Legal Consistency, International Coordination, and Technical Operational Challenges

Achieving consistency with current legal frameworks while enabling swift cyber defenses necessitates flexible legislative adaptation. Clarification of exceptions to existing regulations is vital. Additionally, enhancing cooperation with international law enforcement agencies and aligning with global cybersecurity standards are essential. Smooth infrastructure coordination and legal adjustments with the U.S. and other countries are crucial to overcoming domestic response limitations. Given rapidly evolving cyber threats, the bill's effectiveness requires continuous updates and sophisticated technical adaptability.

4. Future Prospects – Progress in Japan's Cyber Defense

The Active Cyber Defense Bill marks a transition from passive defense measures to proactive threat detection and rapid response mechanisms. Early detection and timely interventions are expected to significantly mitigate damage and stimulate growth in the cybersecurity market. However, numerous challenges remain, including legal alignment and international coordination. Addressing these will necessitate close collaboration among the government, private sectors, and international partners. Ongoing dialogue across all sectors and close monitoring of the bill's implementation will be essential moving forward.

References

●サイバー安全保障を確保するための能動的サイバー防御等に係る態勢の整備の推進に関する法律案. (日付なし). 読み込み 2025年2月2日, から https://www.shugiin.go.jp/internet/itdb_gian.nsf/html/gian/honbun/houan/g21306007.htm
CORPORATION K. (日付なし). ランサムウェア攻撃による情報漏洩に関するお知らせ | KADOKAWA. KADOKAWAオフィシャルサイト. 読み込み 2025年2月6日, から https://www.kadokawa.co.jp/topics/12088/
金融庁、DMMビットコインのハッキングを北朝鮮系が関与と発表. (2024年, 12月 23). Cointelegraph. https://jp.cointelegraph.com/news/fsa-announces-north-korea-involved-in-dmm-bitcoin-hack
【重要】暗号資産の不正流出発生に関するご報告（第一報）—DMMビットコイン（2024/05/31）. (日付なし). DMM Bitcoin. 読み込み 2025年2月6日, から https://bitcoin.dmm.com/
情報セキュリティ白書2024 | 書籍・刊行物. (日付なし). IPA 独立行政法人 情報処理推進機構. 読み込み 2025年2月6日, から https://www.ipa.go.jp/publish/wp-security/2024.html
能動的サイバー防御に係る制度構築の方向性と課題. (日付なし) https://www.sangiin.go.jp/japanese/annai/chousa/keizai_prism/backnumber/r06pdf/202423901.pdf
能動的サイバー防御の導入へ関係会議が法案概要を了承 | お知らせ | ニュース. (日付なし). 自由民主党. 読み込み 2025年2月6日, から https://www.jimin.jp/news/information/209817.html
サイバー安全保障分野での対応能力の向上に向けた有識者会議｜内閣官房ホームページ. (日付なし). 読み込み 2025年2月22日, から https://www.cas.go.jp/jp/seisaku/cyber_anzen_hosyo/index.html