This article describes the information security policies and institutions of the Japanese government and draws attention to comparable policies and institutions of the U.S. government. We begin with a discussion of Japan’s cybersecurity system. In Part II, we examine a particular type of information security policy, namely, cryptography policy, as a special example of how the different systems operate. Japan has implemented a cryptography policy that draws extensively on the Organization for Economic Cooperation and Development (OECD) Cryptography Policy Guidelines. These guidelines are discussed to highlight issues that might emerge in the future in cryptography and merit attention at an international level. Part III analyzes anti-bot policy. Bots, an increasing concern on the Internet, break into an individual user’s PC and remotely control it. Bots pose a real problem for many nations, and there is clearly a need for multinational cooperation. This article concludes by suggesting that all involved parties must determine the appropriate extent of lawful access to communications. Moreover, cooperation in eliminating bots provides a good opportunity for Japan and the United States to lead an international effort.
On May 29, 2009, President Obama released his Cyberspace Policy Review (the Review). The Review, conducted by the National Security Council and the Homeland Security Council, examined existing government initiatives addressing cyberspace security in order to develop a strategic framework to coordinate government action. The Review put cybersecurity on the policy agenda early in the Obama administration, and it explicitly describes cybersecurity as a global issue that calls for international cooperation: “The United States . . . needs a strategy for cybersecurity designed to shape the international environment and bring like-minded nations together on a host of issues… Only by working with international partners can the United States best address these challenges, enhance cybersecurity, and reap the full benefits of the digital age.”
On June 23, 2009, Secretary of Defense Robert Gates established the U.S. Cyber Command as a sub-unified command under the U.S. Strategic Command in order to defend military information networks against cyber attacks.1 This organization is the most recent Department of Defense (DoD) response to the increasing threats to U.S. military, government, and commercial information systems and rapidly developing adversarial network capabilities.