Enhancing Information Security Frameworks in Japan to Facilitate International Cooperation

In recent years, the urgency of economic security has escalated due to mounting geopolitical tensions and increasing inter-state competition over advanced technologies, underscoring the critical need for immediate action.[1] The growing risks of technical information leaks and cyber-attacks have made it clear that strengthening information security systems at the corporate level is not just a matter of business but a pressing national security issue.

The Japanese government responded to this urgency by enforcing the Economic Security Promotion Act in 2022,[2] a comprehensive act that introduces measures to protect sensitive technical information, enhance cybersecurity and establish a security clearance system. The act also sets standards for handling sensitive technical information by Japanese companies and research institutes, laying the groundwork to enhance Japan’s credibility in international defence technology cooperation.[3]

In addition, the expanding dual-use potential of advanced technologies, coupled with escalating cyber threats, has elevated corporate information management to a matter of national strategic credibility.[4] Under these circumstances, Japanese government and companies must strengthen their information security systems to gain trust as partners in international technical cooperation. Information security system functions as a “proof of trust” in joint development and research with the US and European countries. Strengthening the information security system of Japanese firms will serve as a foundation for building trust in international defence technology cooperation, thus contributing to the achievement of economic security.

Definition and importance of economic security

Economic security is a policy framework that enables a nation to respond to security threats through economic means, thereby protecting the livelihoods of its citizens and its industrial base.[5] It is increasingly recognised that in addition to traditional military security, economic factors such as technology, resources, infrastructure and information are directly related to national security.[6]

As the dual-use nature of advanced technologies and the geopolitical risks associated with supply chains become more apparent, the boundary between the economy and security is blurring, and nations are being compelled to secure strategic advantage through economic means.[7] Japan’s Economic Security Promotion Act focuses on the following four pillars. The first is the stable supply of critical commodities, which includes both natural resources and advanced technologies. The second is ensuring the safety of key infrastructure, which involves protecting vital facilities from physical and cyber threats. The third is fostering advanced technology through public-private cooperation, which aims to promote innovation and competitiveness in key industries. Lastly, the introduction of a closed patent system designed to prevent the unauthorised use of Japanese intellectual property.[8] All of these measures are based on the premise of proper management and preservation of information, seeing companies and research institutes as integral to national security policy.[9]

Information security refers to the posture, system and culture to protect sensitive information (including technical information such as missile guidance systems, customer information and contracts) held by companies and organisations from unauthorised external access and leakage.[10] In the context of economic security, three points are critical. The first is the prevention of technology leakage. There is a risk that the leakage of advanced technology, such as missile guidance systems or advanced manufacturing processes, to other countries, may undermine national competitiveness and security. The second is to ensure international trust. In defence technology cooperation, companies that do not have an information security system in place will be avoided as partners. Finally, cybersecurity must be strengthened, as there is a need to improve defences against cyberattacks at the national level.

Above all, economic security aims to prevent the misuse of critical technology and infrastructure by foreign powers. Against this background, information security is not just a component but an essential pillar for protecting sensitive and technical information. The two are therefore expected to function in tandem, as any information leakage would have a profound impact on a nation’s economic independence and security.[11]

International defence technology cooperation and trust

Japan has been pursuing joint development and production of defence equipment with the US and European countries, which is becoming increasingly important from an economic security perspective. Typical examples include the joint development of a missile defence system (SM-3 Block IIA) by the US and Japan, as well as a next-generation combat aircraft (Global Combat Air Programme – GCAP) by Japan, the UK and Italy. Additionally, there are instances of multilateral information sharing and joint research in the space and cyber fields. As joint development progresses, the risk of technology leakage will become a crucial reason why information security systems are emphasised in international defence technology cooperation. The leakage of shared technology to a third country could threaten the security of the cooperating countries.[12] In addition, to prevent information outflows, resistance to diversified cyberattacks and defences against state-level attacks are prerequisites for international cooperation, underlining the paramount importance of trust in these partnerships. These cooperative efforts are not limited to mere equipment trade. Indeed, they are premised on the sharing and management of sensitive technical information, with a sophisticated information security system being the key to building trust.[13]

According to Kydd, trust in international conflict “is conceived of as a belief that the other side is likely to be trustworthy and will therefore want to reciprocate cooperation rather than exploit it”.[14] As Rathbun argues, trust precedes institutions rather than resulting from them.[15] It is grounded in expectations of the other party’s sincerity and goodwill and cannot be fully explained by institutional constraints or enforcement mechanisms alone. In other words, a partner country is not merely a business partner but one that must be entirely trusted, enabling foreign governments and companies to engage in secure collaboration with confidence, without fear of unauthorised disclosure, cyber intrusion, or third-party leakage.

Building on this understanding, trust in international defence technology cooperation can be understood as comprising several interrelated dimensions: institutional reliability, technical safeguards, human reliability, and transparency and accountability. These include the establishment of formal legal and policy frameworks, the deployment of robust cybersecurity measures, the cultivation of personnel with strong ethical and operational standards, and the ability to demonstrate and take responsibility for security practices. To be recognised as a trustworthy partner, a nation is required to demonstrate comprehensive competence across all these dimensions.

Current status and issues for building trust

To gain trust from international partners, Japanese information security systems are being developed in line with recent progress in economic security policies. In addition to legislation, the Japanese government supports the enhancement of corporate information security systems by providing subsidies and grants to support security measures for small and medium-sized enterprises. Additionally, the Ministry of Economy, Trade and Industry (METI), the Cabinet Office and the Japanese External Trade Organisation (JETRO) provide support for the development of their information system to meet international standards.[16]

The introduction of Japan’s security clearance system in May 2025 under the “Act on the Protection and Utilization of Important Economic Security Information” represents a significant step toward strengthening the institutional foundations of national information security.[17] By establishing formal procedures for personnel vetting and access control, the system enhances Japan’s alignment with international standards and facilitates secure collaboration with trusted partners. As mentioned in recent policy analyses, the framework not only improves the protection of sensitive technologies but also signals Japan’s commitment to responsible information governance.[18] In this sense, the security clearance regime serves as a tailwind for broader efforts to build trust in international defence technology cooperation.[19]

The Ministry of Defense (MOD) and the Acquisition, Technology and Logistics Agency (ATLA) are also involved in this trust-building efforts, as Japan decided in the National Defense Strategy of December 2022 to strengthen defence industry preservation based on international standards in order to facilitate defence equipment and technology cooperation and strengthen the defence production technology base.[20] For example, the Defense Industrial Security Manual (Bouei Sangyo Hozen Manyuaru), a document that centrally compiles information security measures based on national laws and regulations, was announced in June 2023 to enhance the transparency and reliability of Japan’s defence industrial security and contribute to defence equipment and technology cooperation.[21] It demonstrates ATLA’s commitment to developing an information security system that enhances the transparency and reliability of Japan’s defence industrial security, as well as contributes to defence equipment and technology cooperation.[22] Moreover, in 2023, the ATLA became the first agency from an Asian country to join the Multinational Industrial Security Working Group (MISWG), an international group aiming to standardise procedures and other matters related to industrial security among participating countries, which contributes to the smooth implementation of international cooperation.[23]

Japan’s recent policy developments – such as the introduction of security badging and alignment with international standards – indicate significant progress in institutional reliability. However, reliability on human beings remains a critical area requiring further attention, particularly in terms of cultivating personnel with high information literacy, ethical awareness and operational discipline. Recent incidents disclosed by the Japanese MOD in 2024 illustrate the fragility of the human security infrastructure. For instance, multiple cases were reported in which personnel without proper security clearance were allowed to access or handle classified information aboard naval vessels.[24] These breaches were attributed not only to procedural flaws but also to a lack of sufficient training and awareness among commanding officers. Such cases underscore the urgent need to strengthen human reliability as a core component of national information security. Without addressing this gap, Japan risks undermining the credibility and reliability of its broader information security framework, especially in the eyes of international partners who prioritise holistic and resilient security governance.

Conclusion

Strengthening an information security system built on the foundation of trust between the Japanese government and participating actors in international defence technical cooperation can play a crucial role in promoting international defence technology cooperation. Of course, there is a limit to how much a single government or company can do on its own to strengthen its information security system. Therefore, the government, companies and research institutions must work together to establish a sustainable ecosystem.

In recent years, the Japanese government, including the MOD and ATLA, has actively pursued institutional reforms to promote international cooperation in defence equipment and technology. These efforts – such as the establishment of frameworks for joint development and production – reflect Japan’s strategic intent to become a trusted partner in the global security landscape. However, institutional measures and legal development alone are insufficient. As demonstrated by recent security incidents, even well-designed systems can be undermined by weaknesses in human security practices. Therefore, it is essential to foster a culture of information security literacy across all levels of defence-related organisations. Without such a mindset, the credibility of Japan’s information governance – and, by extension, its international partnerships – remains vulnerable.

To be regarded as reliable partners, effective operation and continuous improvement will be required in parallel with institutional development. In addition, as the economic security framework continues to evolve, establishing a system that allows companies, the government and research institutions to respond flexibly and strategically will directly contribute to ensuring Japan’s security and economic independence.


Natsumi Shiino is a defence official working for the Japanese Ministry of Defence. She is also a PhD candidate at the University of Warwick. The views expressed in this paper are solely those of the author.
Paper produced in the framework of the 2025 edition of the EU-Japan Symposium, entitled “A Changing Economic Security Environment: Examining Developments from Europe to Japan and the Indo-Pacific”.

[1] Shiro Armstrong, “Economic Security in Japan: Evolution, Context, and Emerging Questions”, in RIETI Discussion Papers, No. 24-E-083 (December 2024), https://www.rieti.go.jp/en/publications/summary/24120015.html.

[2] Japan, Law No. 43 of 18 May 2022: Act on the Promotion of Ensuring National Security through Integrated Implementation of Economic Measures, https://www.japaneselawtranslation.go.jp/en/laws/view/4523/en.

[3] Japan Cabinet Office, Background and Purpose of the Economic Security Promotion Act (in Japanese), 2023, https://www.cao.go.jp/keizai_anzen_hosho/suishinhou/suishinhou.html.

[4] Thea Riebe, Stefka Schmid and Christian Reuter, “Dual-Use Information Technology: Research, Development and Governance”, in Christian Reuter (ed.), Information Technology for Peace and Security. IT Applications and Infrastructures in Conflicts, Crises, War, and Peace, Cham, Springer, 2024, p. 169-188.

[5] Péter Marton, “Economic Security”, in Scott N. Romaniuk and Péter Marton (eds), The Palgrave Encyclopedia of Global Security Studies, Cham, Palgrave Macmillan, 2023, p. 366-371.

[6] Kazuto Suzuki, “Understanding Japan’s Approach to Economic Security”, in Stimson Commentaries, 10 February 2023, https://www.stimson.org/?p=76008.

[7] Kohei Tamaki, “Security Clearance Schemes in the Economic Security Sector” (in Japanese), in Marubeni Reports, 5 June 2024, https://www.marubeni.com/jp/research/report/data/20240605_.pdf.

[8] Koyu Izumi et al. “Japan’s Economic Security Promotion Act: Background and Overview”, in Asia-Pacific Review, Vol. 29, No. 3 (2022), p. 28-55, DOI 10.1080/13439006.2022.2154520.

[9] Japan Ministry of Economy, Technology and Industries (METI), White Paper on International Economy and Trade 2023, 2023, p. 205-218, https://www.meti.go.jp/english/report/data/wp2023/pdf/2-1-2.pdf.

[10] Björn Lundgren and Niklas Möller, “Defining Information Security”, in Science and Engineering Ethics, Vol. 23, No. 5 (October 2017), p. 419-441, https://doi.org/10.1007/s11948-017-9992-1.

[11] Japan Cabinet Office, Recommendations on Measures to Prevent Technology Outflows in Relation to Key Technologies for Economic Security - Responses in State-Sponsored R&D Programmes – Summary (in Japanese), 4 June 2024, https://www.cas.go.jp/jp/seisaku/keizai_anzen_hosyohousei/r6_dai10/siryou5.pdf.

[12] Brandon J. Kinne, “Defense Cooperation Agreements and the Emergence of a Global Security Network”, in International Organization, Vol. 72, No. 4 (Fall 2018), p. 799-837, https://doi.org/10.1017/S0020818318000218.

[13] Alice Dell’Era and Matteo Piasentini, “From Strategic to Tech-Oriented Minilateralism: GCAP as a Platform to Accelerate Military Technology Development”, in The International Spectator, Vol. 59, No. 4 (December 2024), p. 95-115, DOI 10.1080/03932729.2024.2405574.

[14] Andrew Kydd, “Trust, Reassurance, and Cooperation”, in International Organization, Vol. 54, No. 2 (Spring 2000), p. 325-367 at p. 326, DOI 10.1162/002081800551190.

[15] Brian C. Rathbun, “Circles of Trust: Reciprocity, Community and Multilateralism”, in Brian C. Rathbun (ed.), Trust in International Cooperation, Cambridge, Cambridge University Press, 2011, p. 1-23.

[16] Japan External Trade Organization (JETRO) website: Helping Japanese SMEs Expand Their Businesses Overseas Activities, https://www.jetro.go.jp/en/jetro/activities/business.

[17] “Japan Launches Economic Security Clearance System Amid Privacy Woes”, in Kyodo News, 16 May 2025, https://english.kyodonews.net/articles/-/53885.

[18] Makoto Hibi, “The Latest Developments in the ‘Security Clearance Scheme’ Legislation and what Japanese Companies Should Do about Them” (in Japanese), in PwC, 5 June 2025, https://www.pwc.com/jp/ja/knowledge/column/awareness-cyber-security/economic-security/economic-security10.html.

[19] Rintaro Nishimura, “Why Japan Seeks a Security Clearance System”, in Tokyo Review, 24 March 2023, https://wp.me/p8PSh2-19f.

[20] Japan Ministry of Defense, National Defense Strategy, December 2022, https://www.mod.go.jp/j/policy/agenda/guideline/strategy/pdf/strategy_en.pdf.

[21] ATLA, Defense Industrial Security Manual, July 2023, https://www.mod.go.jp/atla/industrialsecurity/files/dism2023_jp.pdf.

[22] ATLA website: Defense Industrial Security Manual, https://www.mod.go.jp/atla/en/dism.html.

[23] Ibid.

[24] Japan Ministry of Defense, Summary of Information Security Incidents Involving Specified Secrets in the Ministry of Defence and Reconstructing Measures to Prevent Recurrence (in Japanese), 27 December 2024, https://www.mod.go.jp/j/press/news/2024/12/27f.html.