“Japan for itself is trying to promote its own state [cyber] practice, including establishment of the cyber security council, also the cyber security measures for the Tokyo Olympics and Paralympics next year,” Akahori said.
The Japanese Government has amended the 2014 Basic Act on Cybersecurity ahead of hosting this global event. This allows the country to set up a dedicated council for the promotion of cybersecurity measures. The council will consist of national and local government agencies, critical information infrastructure operators, academia, and private sector.
Akahori stressed the need for international cooperation when it comes to cybersecurity in Japan, as “confidence building measures and capacity building are tied to the promotion of international law in cyberspace”.
“It is difficult for a single country and even more difficult for individuals and companies to tackle this challenge,” he said on a panel at Singapore International Cyber Week at the start of the month.
The nature of cyberspace makes regulation and prosecution of cyber crimes far more difficult, Akahori noted. “Cyberspace is anonymous, it crosses borders easily, and the actions are difficult to attribute,” he pointed out on the panel, which was moderated by David Koh, Commissioner of Cybersecurity and Chief Executive of the Cyber Security Agency of Singapore.
The gradual pace at which international laws are developed further hinders the creation of a rules-based cyberspace, Akahori said. He urged his colleagues from all over the world and at the UN’s Open-ended Working Group on Cybersecurity to “try to get a better consensus on what would be accepted by the international community”.
Meanwhile, panellist Timo Koster, Ambassador-at-large for Security Policy & Cyber for the Netherlands, noted how nations all agree that certain cyber crimes should be off limits “but we do it anyway”. He emphasised the need for accountability from these nations. “The bottom line is, we are the threats. First thing we can do is start behaving with the norms we agree upon on paper and adhere to them,” said Koster.
Private sector have a key role to play in helping countries to attribute state-sponsored attacks and find the culprits. “If we want to attribute state attacks and if we want to impose sanctions, we need the proof, we need material – preferably open source that it can be shared worldwide and challenged in court if necessary,” Koster pointed out.
Meanwhile, Andrey Krutskikh, Special Representative of the Russian President for International Cooperation in Info Security, noted how the scale of cyber attacks today has become “really global and pervasive”. If cyber attackers target a country’s critical infrastructure in particular, they can easily “threaten the existence and successful functioning of entire sectors of the economy”, Krutskikh noted.
He pointed out a trend of “coordinated” attacks to “disable and destabilise” Russian finance institutions, critical infrastructure, and defence industries. These numbered in the tens of thousands in 2018 alone. “They’re playing with fire,” Krutskikh declared. “These attacks cannot be tolerated any further.”
2020 is looming over the horizon, and countries such as Japan are on the defensive to ensure that things go smoothly. What is clear is that on a broader level, countries need to work together to agree on legislation that will enhance the safety of cyberspace for everyone.