Estonia and Japan are among the leaders in cyber diplomacy and cybersecurity on the world stage, with Japan also being a key strategic partner for the EU and NATO. They have many similarities in their approaches to cybersecurity and state behavior in cyberspace, which has established a solid ground for establishing closer bilateral ties. This report, written by leading Estonian and Japanese cybersecurity policy researchers, provides a valuable insight into the experiences and perspectives of these two countries, their success stories, and their challenges in building a secure cyberspace. as well as the potential for cooperation.
The first chapter it outlines the landscape of cyberthreams as seen from Japan and advocates for employees of active cyberdefense and the construction of comprehensive cyberdeterioration rather than relying on passive defense measures. In this sense, international cooperation between related democratic nations, such as Estonia and Japan, plays a key role in deterring cyber threats posed by hostile state actors. It also provides an overview of how authoritarian regimes have used cyberspace to achieve strategic goals since the cyberattacks against Estonia in 2007. Activities in China and North Korea stand out as the most alarming threats to Japan but by 2020 Russia it has also become a concern. In a dynamic domain such as cyberspace, sharing threat assessments and collaboratively monitoring these threats are important aspects of bilateral cooperation.
The second chapter offers a unique insight into the complex process of forming a coherent national cybersecurity strategy. Estonia has built its current level of cybersecurity maturity over the past twelve years through the continuous and systematic development and implementation of three iterations of the national cybersecurity strategy. The country is preparing a new version of this strategy, this time closely tied to its digital development agenda, and assessing the lessons of previous periods provides some crucial ideas for this effort. The chapter highlights strategy as a process for bringing together relevant national stakeholders, prioritizing and evaluating cybersecurity measures, and building a stronger cybersecurity community. Estonia’s experience has shown that the national cybersecurity strategy must be openly communicated and accessible to international partners as a tool to support international dialogue and collaboration.
The third chapter examines Estonian and Japanese efforts to promote international norms of responsible behavior of states in cyberspace, an effort in which their interests and perspectives are very similar. Both nations are highly active, in various forums, seeking to inspire and mobilize the international community to develop consensus on these norms, as well as on the applicability of international law to cyberspace. In the words of Lennart Meri, Estonia’s first president after the Cold War, “international law is the nuclear weapon of a small state” and Estonia has recently been the first nation to suggest that international law enshrines states not directly affected by malicious cyber operations to take measures contrary to the directly injured persons. Japan and Estonia also have a solid foundation for cooperation in their efforts to build cybersecurity capacity in various regions.
The fourth chapter provides a historical and contemporary view of the global computer security incident response team (CSIRT) community. The originally intended role of this community, as a place of cooperative response to global threats and to share technical and scientific knowledge, has been changing as cybersecurity is increasingly guided by broader national security considerations, geopolitical realities , business interests and technological developments. While this is a story of some severely broken expectations, the chapter describes some future scenarios for cooperation between CSIRTs. Whatever form it takes: a cyber version of the International Red Cross, a cyber replica of a World Health Organization or part of the intergovernmental cooperation agendas – Estonia and Japan should encourage their CSIRTs to establish close contacts and collaborations.
Download and read the full report: So far, but so close: perspectives and cooperation of Japanese and Estonian cybersecurity policy (PDF)