On April 4, the government convened a meeting of the Cybersecurity Strategy Headquarters and drew up guidelines on the severity of cyberattacks. It intends to use them as a benchmark for implementing countermeasures against hackers. The headquarters also endorsed a new strategy outline for cyberdefense, which stipulates the need to improve “deterrence” with an eye on imposing economic sanctions to prevent cyberattacks on key infrastructure in advance.
The “assessment standards on the severity of cyberattacks on key infrastructure services and disruptions” stated that the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) within the Cabinet Secretariat will assess the impact of cyberattacks on key infrastructure and rate their impact on people’s livelihoods on a five-step scale. Personal damages and the cost of restoring the infrastructure to its original state will be factored in to assess the severity of attacks.
The standards are aimed at helping businesses and individuals objectively gauge the degree of damage caused by cyberattacks and deal with them. The government plans to use the standards as a benchmark to decide to take countermeasures against nations that launch cyberattacks in the future.
The new strategy outline on cyber defense, which will be made applicable from the autumn of 2018 through 2021, stated that the government will promote “proactive cyber defense” to enhance measures in advance through public-private partnerships. It also stated that the government will “maintain all effective political, economic, technological, legal, and diplomatic measures that can be taken as options.” Though the outline refrains from discussing the details, the government envisages cases such as filing lawsuits against organizations or individuals who launch cyberattacks and imposing economic sanctions.
According to government sources, the government will consider introducing a law allowing it to take cyber countermeasures to enhance deterrence. At present, the hacking of systems is banned based on the act on prohibition of unauthorized computer access, but the government will look into approving countermeasures in cyberspace for certain situations. (Abridged)