Japan is in the midst of a critical defense transformation as the country looks to expand its defenses in the face of growing global threats, most specifically from neighbor China. Last week Prime Minister of Japan Fumio Kushida met with President Joe Biden to discuss export controls and other security measures to help Japan and the U.S. to continue working together. Among the topics important as Japan implements its National Security Strategy and National Defense Strategy is the development of a security clearance program, and particularly a vetting program for industry personnel that helps reassure global partners that critical infrastructure in Japan is safe, and secrets shared among global partners are guarded.
As a part of the prime minister’s visit the Hudson Institute hosted a conversation with Mihoko Matsubara, Chief Cybersecurity Strategist, NTT Corporation, Arthur Herman, Senior Fellow Hudson Institute, Lindy Kyzer, ClearanceJobs, and moderated by Kenneth R. Weinstein, Walter P. Stern Distinguished Fellow.
Japan recently doubled its defense spending and in December released three transformative strategic documents highlighting the countries new posture in defense. Cybersecurity, information security, and industrial security are all pivotal elements, Weinstein emphasized, as Japan looks to both protect itself, and open up opportunities as an ally to the Five Eyes intelligence alliance.
Matsubara has spent significant time in both the U.S. and Japan, and brought that expertise to her remarks at the Hudson Institute. Having spent time working in both the Ministry of Defense and U.S. and Japanese industry, she sees the current moment as a critical one as Japan looks to unify and move forward as a cyber defender and cyber threat information collaborator. Japan is already looking to partnerships with the Cybersecurity and Infrastructure Security Agency (CISA) and Defense Industrial Base cyber protection programs.
“It’s not only about one specific company,” said Matsubara .”It demonstrates how much commitment the Japanese industry is willing to make to these types of collective wisdoms to strengthen not only Japanese cybersecurity but also the international relationships through this framework.”
While there is currently a security clearance process through Japan’s ministry of defense, the issue has been how to expand the process to contractors, suppliers and critical infrastructure.
“It is inevitable for Japan to expand the current security clearance system to cover Japanese industry,” said Matsubara. The issue is how.
In 2018 Herman put together a paper outlining steps Japan can take to advance its personnel security program. The paper outlined issues specific to Japan, along with recommendations.
“They’ve got to step up and set up an equivalent of a defense security service, said Herman. Clearing both personnel tied to the ministry of defense but also individuals within industry and working in critical infrastructure is important, Herman emphasized. He also recommends creating an interagency group working within the United States to provide security clearances specifically for Japanese scientists working with the U.S.
Different Country, Different Program
Culture and education are key elements of the U.S. personnel security program, said Kyzer. There are many lessons and takeaways Japan can consider from the government’s Trusted Workforce 2.0 overhaul, which is currently in the process of transforming the current system of vetting and maintaining trust for cleared employees. Beyond simply creating a policy framework for security clearance eligibility and vetting, culture building and education are also critical components of establishing employee trust. Japan will have to look to its own unique cultural moment and employee propensities as it determines what vetting process will most readily identify issues.
Matsubara emphasized that in the past several years Japan has experienced cultural differences creating more opportunities for cybersecurity information sharing. She also noted the country is learning to see and address cybersecurity risks in a way that puts it on a competitive stage for dealing with other international players.
For many government leaders, the notion of institutionalizing a security clearance process in Japan is no longer a matter of ‘if’ but absolutely a question of ‘when.’