Japan and India have strengthened ties over the last decade, and cybersecurity is now an important focus of this collaboration. Multiple ministries and agencies are involved in deepening the bilateral cybersecurity cooperation at the diplomatic, national security, and technical level. Next steps to take should include public sector contributions to protect critical infrastructure in both countries. The industry should support cooperation of the two countries that share the same values on democracy and the rule of law, and champion innovative technology and cyberthreat intelligence to prevent cyberattacks.
In 2006, Prime Minister Shinzo Abe and Prime Minister Manmohan Singh signed the Joint Statement Towards Japan-India Strategic and Global Partnership to address the need to grow their cooperation on culture, defense, security, technology, and trade. Prime Minister Abe gave a famous and inspiring speech, “Confluence of the Two Seas,” at the Indian Parliament in 2007 and emphasized that both prime ministers are “steadfastly convinced that [the] Japan-India relationship is blessed with the largest potential for development of any bilateral relationship anywhere in the world.” Since 2007, Japan and India have been holding the Strategic Dialogue annually at the Foreign Minister level. During the Sixth Strategic Dialogue in April 2012, Foreign Ministers agreed to launch a bilateral cybersecurity dialogue, as cyberattacks can seriously challenge national security and international cooperation is needed to create an international code of conduct in cyberspace.
In November 2012 in Tokyo, the two governments held their First Cyber Dialogue to discuss cybersecurity issues and cybercrimes in a context of national security and economy. The Japanese delegation, led by the ambassador in charge of Cyber Policy, consisted of the Ministry of Foreign Affairs (MOFA), Cabinet Secretariat, National Police Agency, Ministry of Internal Affairs and Communications (MIC), Ministry of Economy, Trade and Industry, and Ministry of Defense. One of the key representatives from India was the Special Secretary, Ministry of External Affairs of India.
In August 2017, the Japanese and Indian governments held their Second Cyber Dialogue in New Delhi to share their cybersecurity policy, cyberthreat landscape, and their commitment to global and multilateral cooperation, such as the ASEAN Regional Forum (ARF). Since the Japanese government has been proactively providing cybersecurity capacity-building support at the technical and policy levels for ASEAN countries over the last decade, the ARF would be a good platform for the two governments to contribute to regional cybersecurity to raise awareness and prevent successful cyberattacks from achieving their malicious goals. The bilateral dialogue seems to have been more formalized and continues to expand. The two governments agreed to have their Third Dialogue in Tokyo in 2018, which indicates stronger commitments to continue the discussion around cybersecurity.
There are other promising signs. Both the Japanese and Indian delegations grew in 2017, compared to 2012. The Japanese delegation included the National Center of Incident Readiness and Strategy for Cybersecurity (NISC), Cabinet Intelligence and Research Office, and Japan Computer Emergency Response Team/Coordination Center (JPCERT/CC). The Indian delegation comprised the Ministry of External Affairs, Ministry of Electronics and Information Technology, Home Affairs, National Security Council Secretariat, Central Bureau of Investigation, Department of Telecommunication, National Critical Information Infrastructure Protection Centre and the National Investigation Agency in 2017. The wide range of cybersecurity expertise offered by the different ministries and agencies would be beneficial for the two countries to tackle complex cybersecurity challenges and elucidate what cyberthreats they face.
The government-to-government cybersecurity interactions are multi-layered. The Japanese MIC and Indian Ministry of Communications agreed in October 2013 to initiate dialogues on Information and Communications Technology (ICT) and held the first Japan-India Joint Working Group meeting under the Japan-India ICT Comprehensive Cooperation Framework in Tokyo in February 2014. After the second meeting in New Delhi in December 2014 and third meeting in Tokyo in November 2015, the two ministries finally agreed to include cybersecurity collaboration such as cyber exercises during the fourth meeting in Tokyo in July 2017.
A productive next step for Japan and India would be to have the industry involved in their cybersecurity collaboration to protect critical infrastructure and share cyberthreat intelligence to make cyberattacks cost-prohibitive to attackers. We recommend inviting industry representatives to the existing Track 1.0 dialogues. A recent Palo Alto Networks research report, “The State of Cybersecurity in Asia-Pacific,” shows that 83 percent of people in the region recognized the importance of cyberthreat intelligence sharing with the authorities, but only 44 percent currently share intelligence with their industry peers.
The industry has already shown interest in cybersecurity cooperation. The annual Japan-India Business Leaders Forum, which started in 2007, urged the two countries to expand cooperation on cybersecurity in 2013. Although the Joint Report of the 2013 Forum does not specify which areas the bilateral cybersecurity cooperation should entail, the protection of critical infrastructure needs to be included in Japan-India cybersecurity collaboration. The Indian government has also been pursuing the development of energy, IT, and transportation infrastructure – such as Digital India – and the two countries have been working together on developing such critical infrastructure as business environment, railways, and sewerage systems in India via Japan’s Official Development Assistance.
While the industry plays a key role in running critical infrastructure, owning operational and security technologies, and understanding customers’ interests and concerns, the government is responsible for crafting national and international strategies and policies. Public-private partnerships are crucial to make policy practical.
The time is ripe for stronger Japan-India cybersecurity cooperation. Ahead of the 2020 Summer Tokyo Olympic Games, Japan has been accelerating efforts to enhance its national cybersecurity capabilities, and bolster public-private partnerships and global collaboration, for the success of the event and a positive legacy beyond the Olympic Games. India is pushing its “Digital India” initiative, and critical infrastructure sectors, including finance and railways, are now also more interested in cybersecurity.
The “confluence” of these projects has added the momentum for deeper cybersecurity cooperation. Japan and India need and will see more involvement of the industry to take advantage of their innovative technology and cyberthreat intelligence to make their policy practical.