Japan Institute for CyberSpace Studies

Login

Panel Discussion at The 15th International Cybersecurity Symposium: JICSS Thought Leadership

Organizer: Keio University CCRC, MITRE Corporation
Venue: Mita, Tokyo


1. Overview

The Japan Institute for Cyberspace Studies (JICSS) was honoured to participate as a key thought leader at the 2025 Keio University/MITRE International Cybersecurity Symposium. Over four days, JICSS representatives engaged with government officials, private sector leaders, academics, and defence experts across multiple high-impact events.

2. Event Highlights

JICSS participated in six major symposium activities, including:

  • Keio Cyber Symposium Reception at the UK Embassy Tokyo
  • Strategic consultations on US-Japan cybersecurity cooperation
  • Closed Roundtable Discussion on Operational Technology Security
  • Public Fireside Chat: “How Cybersecurity and Resilience Make Japan’s OT Sector Globally Competitive”
  • Panel Discussion on Active Cyber Defense and Intelligence
  • Panel Discussion: “Toward a More Secure Japan”

Closed Roundtable on OT Security

JICSS hosted an intimate roundtable discussion bringing together 17 leaders from US and Japanese government, private sector, and academia under Chatham House rules. The conversation examined increasing threats to Operational Technology and the resulting economic and national security challenges for Japan.

  • Gloria Glaubman (JICSS Special Advisor and Founder, GMG Consulting) hosted the discussion, with James Miller (JICSS Director) moderating.Participants explored critical issues including:
  • OT system vulnerabilities created by 20-30 year technology lifecycles
  • Japan’s unique challenges in adopting system security engineering approaches for OT
  • Financial sector reliance on legacy systems
  • Supply chain complexity and the need for information sharing networks
  • Human factors and social engineering as critical threat vectors
  • Semiconductor traceability and supply chain certification

The roundtable identified concrete pathways forward, including encouraging memory-safe coding practices, implementing Software Bill of Materials (SBOMs) for legacy systems, and adopting international frameworks such as CMMC, NIST SP 800, and ISO standards.


Public Fireside Chat: OT Security and Japan’s Global Competitiveness

Gloria Glaubman and James Miller led an engaging public conversation exploring how Japan’s semiconductor and OT sectors can strengthen global competitiveness through cybersecurity excellence.

Before an audience of key stakeholders, the discussion examined:

International Collaboration: The continuing relevance of international pressure for cybersecurity transformation and the opportunities for US-Japan public-private partnerships

Resilience as Strategy: Making resilience a common goal with realistic, common-sense cybersecurity measures for managing assets with long lifecycles

Culture of Transparency: Building environments that encourage open disclosure and learning from incidents

Technical Evolution: Moving security focus from network layers to API spaces, emphasising data provenance and zero-trust environments

AI-Enabled Advancement: Leveraging artificial intelligence for accelerated log and alert analysis to achieve “leapfrog” development

Policy Alignment: Connecting cybersecurity transformation to the late Prime Minister Abe’s vision of “Digital Free-for-All with Trust”

The fireside chat followed JICSS’s recent policy guidance submission to the Ministry of Economy, Trade and Industry (METI) on OT Security Guidelines for Semiconductor Device Factories.

Panel Discussion: Active Cyber Defense and Intelligence

JICSS experts James Miller (JICSS Director) and Nate Snyder participated in panel discussions addressing Japan’s groundbreaking Cyber Response Capability Enhancement Act (2025), which represents a fundamental shift toward transparent, legally-codified active cyber defense. Unlike the US approach, Japan’s framework prioritises public law, independent oversight, and explicit privacy protections.

The panel explored critical themes including:

Defining Active Cyber Defense: Clarifying that ACD encompasses far more than “hacking back”—including information sharing, threat intelligence, honeypots, coordinated sanctions, and asset recovery operations

Urgent Implementation: Whilst Japan’s legislation phases in over two years, non-offensive ACD capabilities must be deployed immediately to operate at “machine speed” in cyberspace

Modern Oversight: Programme-level oversight with pre-approved playbooks rather than case-by-case approvals that cause operational delays, whilst maintaining strong privacy protections

Two-Way Information Sharing: Building trust through reciprocal exchanges where contributors receive tangible returns—analytic results, mitigation outcomes, and actionable guidance

US-Japan Cooperation: Opportunities for joint training, tabletop exercises, and harmonised frameworks to strengthen bilateral cyber defence capabilities

The panels explored US-Japan operational alignment, complementary regional and global capabilities, and the transformation of NISC into the National Cyber Office with enhanced operational coordination responsibilities.

Panellists emphasised that Japan’s hybrid legal approach—bridging US and EU frameworks—positions it to set new international standards for transparent, rights-respecting active cyber defense whilst maintaining operational effectiveness.

Panel Discussion: “Toward a More Secure Japan”

James Miller participated in this American Chamber of Commerce in Japan (ACCJ) discussion, providing strategic perspectives on Japan’s cybersecurity future.

Looking Ahead

JICSS’s symposium participation reinforces our commitment to advancing Japan’s cybersecurity ecosystem through thought leadership, policy guidance, and stakeholder convening. We are planning a robust 2026 event calendar to continue these critical dialogues with government, industry, and academic partners.

The discussions, particularly around Active Cyber Defense, information sharing architecture, and US-Japan operational cooperation, will inform JICSS’s ongoing policy guidance work and engagement with Japanese government ministries and international partners.

For more information about JICSS’s work in cybersecurity policy and operational technology security, please contact us through our website.


3. Acknowledgments

JICSS extends its sincere appreciation to Keio University’s Center for Cybersecurity Research and the MITRE Corporation for the kind invitation to participate in this landmark event. We also wish to thank our esteemed panelists—leading cybersecurity professionals from Japan and the international community—for their insightful contributions to the dialogue.

Link to the official report:

https://d-trust.sfc.wide.ad.jp/#15threport

Share the Post:

Related Posts

Login

Please log in below.

Close

Privacy Policy

The Japan Institute for CyberSpace Studies (hereinafter referred to as "JICSS") has established the following privacy policy (hereinafter referred to as "the Policy") regarding the handling of personal information of users in the services provided on this website (hereinafter referred to as "the Services").

Article 1 (Personal Information)
“Personal information” refers to "personal information" as defined in the Act on the Protection of Personal Information, and includes information about living individuals that can be used to identify specific individuals by name, date of birth, address, telephone number, contact information, and other descriptions, as well as data related to appearance, fingerprints, voiceprints, and health insurance card insurer numbers.

Article 2 (Method of Collecting Personal Information)
When you submit an inquiry form, JICSS will obtain your name and e-mail address.

Article 3 (Purpose of Collection and Use of Personal Information)
The purposes for which JICSS collect and use personal information are as follows

To provide and operate our services
To respond to inquiries from users (including identification)
To send e-mail notifications of new features, updates, campaigns, etc. of the service the user is using, as well as information on other services provided by the Company.
To contact you as necessary for maintenance, important notices, etc.
To identify users who violate the Terms of Use or who attempt to use the service for illegal or unjust purposes, and to refuse their use of the service.
To allow users to view, change, or delete their own registration information, or to view the status of their use of the service.
To bill users for paid services.
For purposes incidental to the above purposes of use

Article 4 (Change of Purpose of Use)
JICSS shall change the purpose of use of personal information only when it is reasonably recognized that the purpose of use is related to the purpose of use before the change.
In the event of a change, JICSS shall notify the User of the changed purpose or publicly announce it on this website in a manner prescribed by JICSS.

Article 5 (Provision of Personal Information to Third Parties)
Except in the following cases, JICSS will not provide personal information to a third party without the prior consent of the user. However, this excludes cases permitted under the Personal Information Protection Law and other laws and regulations.
When it is necessary for the protection of the life, body, or property of an individual and it is difficult to obtain the consent of the individual.
When the provision of personal information is especially necessary for improving public health or promoting the sound growth of children, and it is difficult to obtain the consent of the individual concerned.
When it is necessary to cooperate with a national agency, a local government, or an individual or entity entrusted by either a national agency or local government to execute affairs prescribed by law, and obtaining the consent of the individual is likely to impede the execution of such affairs.
When we have notified or announced the following matters in advance, and when we have notified the Personal Information Protection Committee
The purpose of use includes provision to a third party
Data items to be provided to the third party
Means or method of provision to third parties
Cessation of provision of personal information to third parties at the request of the individual
The method of accepting the request of the person in question
Notwithstanding the provisions of the preceding paragraph, in the following cases, the party to which the relevant information is provided shall not fall under the category of a third party.
(i) When we outsource all or part of the handling of personal information within the scope necessary for the achievement of the purpose of use
When personal information is provided as a result of the succession of business due to a merger or other reasons
When personal information is used jointly with a specific person, and the Company notifies the person in advance or makes the information readily accessible to the person in advance to that effect, the items of personal information jointly used, the scope of joint use, the purpose of use by the person using the information, and the name of the person responsible for managing the personal information Article 6 (Disclosure of Personal Information)

Article 6 (Disclosure of Personal Information)
When requested to disclose personal information by the person in question, JICSS will disclose such information to the person without delay. However, if JICSS decides not to disclose the personal information, it will notify the individual to that effect without delay. A fee of 1,000 yen will be charged for each case of disclosure of personal information.
When there is a risk of harm to the life, body, property, or other rights or interests of the person concerned or a third party
If there is a risk of significant hindrance to the proper conduct of our business
If it violates any other laws or regulations.
Notwithstanding the preceding paragraph, in principle, JICSS will not disclose information other than personal information, such as historical information and characteristic information.

Article 7 (Correction and Deletion of Personal Information)
If the User's personal information held by JICSS is incorrect, the User may request JICSS to correct, add, or delete (hereinafter referred to as "correct, etc.") his/her personal information in accordance with procedures determined by JICSS.
If we deem it necessary to respond to the request from the user as described in the preceding paragraph, we will make the correction, etc. to the relevant personal information without delay.
In the event that JICSS makes corrections, etc. based on the preceding paragraph, or decides not to make such corrections, etc., JICSS will notify the User of such decision without delay.

Article 8 (Suspension of Use of Personal Information)
When we receive a request from a user to stop using or delete (hereinafter referred to as "stop using, etc.") his/her personal information on the grounds that it has been handled beyond the scope of the purpose of use or that it has been obtained by wrongful means, we will conduct the necessary investigation without delay.
If, based on the results of the investigation described in the preceding paragraph, we determine that it is necessary to comply with the request, we will suspend the use of the relevant personal information without delay.
When JICSS suspends the use of personal information in accordance with the preceding paragraph or decides not to suspend the use of personal information, JICSS will notify the user of this decision without delay.
Notwithstanding the preceding two paragraphs, in cases where the suspension of use involves a large amount of cost or it is otherwise difficult to suspend the use of personal information, and alternative measures can be taken to protect the rights and interests of the user, these alternative measures shall be taken.

Article 9 (Changes to Privacy Policy)
The contents of this Privacy Policy may be changed without notice to the User, except as otherwise provided by law or other regulations.
Unless otherwise specified by the Company, the revised Privacy Policy shall take effect from the time it is posted on the Website.

Article 10 (Contact for Inquiries)
Inquiries regarding this policy should be directed to the following contact


E-mail: info@jicss.org

Close

Commercial Disclosure

Legal Name The Japan Institute for CyberSpace Studies (JICSS), also registered as 一般社団法人 サイバー空間総合研究所.

Representative Our operations are led by our Director, Terutaka Kawabata.

Address Our headquarters are located at the Ginza Main Office: 4F Ginza KR II Bldg, 2-15-2 Ginza, Chuo-ku, Tokyo 104-0061, Japan.

Contact Information For inquiries, please contact us via email at info@jicss.org or by phone at +81 3 6281 5152. Our telephone support is generally available during standard business hours (10:00–17:00 JST), excluding weekends and public holidays.

Pricing and Additional Fees Service prices and membership dues are clearly displayed on the respective registration or checkout pages. There are no additional hidden fees for digital services; however, any bank transfer fees or internet connection costs remain the responsibility of the customer.

Payment Methods and Timing We accept payments via Credit Card (processed through Stripe) and Bank Transfer. Credit card payments are processed immediately at the time of purchase. For bank transfers, payment is required within 7 days of the order.

Delivery of Services Digital memberships and access to research materials are provisioned immediately upon successful completion of the payment process.

Cancellations and Refunds Due to the nature of digital content and immediate access to membership benefits, we generally do not offer refunds once a transaction is completed. You may cancel your membership at any time to prevent future billing through your account settings, but previous payments are non-refundable.