During the last two years of the Bush administration, the senior leadership at the U.S. Department of Homeland Security (DHS) spent substantial time and effort in first helping to craft, and then attempting to implement, Homeland Security Presidential Directive 23/National Security Presidential Directive 54 (HSPD 23/NSPD 54), Cyber Security and Monitoring.
This article describes the information security policies and institutions of the Japanese government and draws attention to comparable policies and institutions of the U.S. government. We begin with a discussion of Japan’s cybersecurity system. In Part II, we examine a particular type of information security policy, namely, cryptography policy, as a special example of how the different systems operate. Japan has implemented a cryptography policy that draws extensively on the Organization for Economic Cooperation and Development (OECD) Cryptography Policy Guidelines. These guidelines are discussed to highlight issues that might emerge in the future in cryptography and merit attention at an international level. Part III analyzes anti-bot policy. Bots, an increasing concern on the Internet, break into an individual user’s PC and remotely control it. Bots pose a real problem for many nations, and there is clearly a need for multinational cooperation. This article concludes by suggesting that all involved parties must determine the appropriate extent of lawful access to communications. Moreover, cooperation in eliminating bots provides a good opportunity for Japan and the United States to lead an international effort.
On May 29, 2009, President Obama released his Cyberspace Policy Review (the Review). The Review, conducted by the National Security Council and the Homeland Security Council, examined existing government initiatives addressing cyberspace security in order to develop a strategic framework to coordinate government action. The Review put cybersecurity on the policy agenda early in the Obama administration, and it explicitly describes cybersecurity as a global issue that calls for international cooperation: “The United States . . . needs a strategy for cybersecurity designed to shape the international environment and bring like-minded nations together on a host of issues… Only by working with international partners can the United States best address these challenges, enhance cybersecurity, and reap the full benefits of the digital age.”
On June 23, 2009, Secretary of Defense Robert Gates established the U.S. Cyber Command as a sub-unified command under the U.S. Strategic Command in order to defend military information networks against cyber attacks.1 This organization is the most recent Department of Defense (DoD) response to the increasing threats to U.S. military, government, and commercial information systems and rapidly developing adversarial network capabilities.
In his celebrated concurring opinion in The Steel Seizure Case, Justice Jackson cautioned that “only Congress itself can prevent power from slipping through its fingers.” Jackson’s warning seems especially pertinent today, as we prepare urgently for cyber warfare – facing potentially enormous threats from yet unknown enemies, and finding ourselves dependent on staggeringly complex, unproven technology. The executive branch, which has special expertise and agility in national security matters generally, as well as substantial constitutional authority, has taken the initiative in these preparations. Yet if Congress is to be faithful to the Framers’ vision of its role in the nation’s defense, it must tighten its grip and play a significant part in the development of policies for war on a digital battlefield. It also must enact rules to help ensure that these policies are carried out.