January 27, 2025
ISLAMABAD – As part of efforts to prevent major cyberattacks, the government plans to establish an independent body to ensure that information on communications is collected and analyzed appropriately while still respecting “the secrecy of any means of communication” guaranteed in the Constitution, according to an outline of relevant bills.
The body would be called the “supervisory committee on cyber communication information.”
Under its envisioned “active cyber defense” system, the government plans to grant the independent body the authority to demand disciplinary action over information leaks by officials dealing with cyberattacks at the National Police Agency and the Defense Ministry, among other institutions.
The set of related bills will comprise a draft of a bill designed to prevent damage from illegal action against important computers and bills to revise 15 existing laws, including the Police Duties Execution Law.
The government and ruling parties plan to adopt the bills at a Cabinet meeting in early February before submitting them to the ordinary Diet session for their early passage.
The envisaged committee will have a chairperson and four other members. It will be granted a high degree of independence under the jurisdiction of the Cabinet Office, similar to the Japan Fair Trade Commission.
The prime minister will appoint committee members from among judges and other legal experts, and among telecommunication specialists, after obtaining consent from the Diet. Members will serve for terms of five years.
The prime minister will also be able to appoint expert advisors who will examine technical matters.
If it is discovered that communication information has been leaked due to gross negligence or willful misconduct by officials who handle cyberattacks, the committee will have the authority to demand that those who appointed those officials take disciplinary measures against them. It will also be able to recommend that the head of relevant government ministries and agencies take necessary actions to prevent such offenses.
If administrative officials or others duplicate or process communication information they have obtained and provide it to outside parties, they will face imprisonment of up to four years or a fine of up to ¥2 million, according to the bills.
The government will monitor communication information sent between foreign countries, as well as information between foreign countries and Japan, after obtaining approval from the committee. Suspected servers will be monitored for six months in case of communication sent between foreign countries, and three months in case of information sent between foreign countries and Japan.
Under the envisaged plan, police and the Self-Defense Forces will obtain prior approval from the envisaged body before taking measures to infiltrate and neutralize an attacker’s server, unless there is not enough time to request permission.
If “an extremely highly organized and deliberate act” is perpetrated by foreign forces, the prime minister will be entitled to order the SDF to take “measures to protect communications,” on the condition that the National Public Safety Commission has requested such measures or consented to them.
To boost public-private cooperation, the prime minister will set up a council for sharing information. The government plans to oblige providers of core infrastructure, including electricity, to file reports to the government if they are subject to a cyberattack. Those who fail to make relevant reports will face a fine of up to ¥300,000.