Abstract
In 2009, Japan began to engage in cybersecurity capacity-building assistance in Southeast Asia. Based on existing literature, there are three plausible motives for Japan to have done so. The first was to strengthen its economic security, either by promoting its own cybersecurity firms or by reducing risks to its supply chain and the regional infrastructure upon which its firms relied. The second was to strengthen diplomatic and security ties with Southeast Asia in the face of a rising China. The third was to promote norms regarding the use of cyberspace in line with its newly-declared “values oriented diplomacy”. By examining both the nature of the assistance given in the first few years and government statements and documents surrounding the decision to provide assistance, this article finds that Japan engaged in cybersecurity capacity-building assistance with ASEAN member-states primarily to maintain a stable economic environment for its firms. This is evidence that, despite reforms made in Japan during the 2000s meant to encourage the use of foreign aid to pursue wider geopolitical goals, in some areas economic security continued to be a major driver of Japanese foreign aid. These findings also highlight that while cybersecurity capacity-building assistance is a form of security cooperation, it cannot be assumed that traditional security concerns are what is driving it.
Acknowledgements
The author would like to express gratitude to conference participants at ISA-Midwest 2020 and ISA 2021, to Dr. Deirdre Q. Martin, and to an anonymous reviewer for their feedback on various stages of this manuscript.
Disclosure statement
The author reports there are no competing interests to declare.
Notes
1 Note that I am not including cybersecurity capacity-building assistance implemented by international governmental organizations, some of which receives funding from Japan.
2 From 2013–2017, there was a single capacity-building assistance project targeting Colombia, though this appears to have been a one-off (Japan International Cooperation Agency, Citation2013).
3 At this point in time, Japan used the phrase ‘information security’ instead of ‘cybersecurity’. In this context, the two have the same meaning and I use them interchangeably, though I try to use ‘information security’ when discussing Japanese statements or documents and ‘cybersecurity’ otherwise.
4 For an overview of the challenges facing developing countries, see Schia (Citation2018).
5 This fits with other findings that when it came to security policy, there was more continuity than change between the DPJ and the LDP. See in particular Oros (Citation2017).
6 I include the Japanese title in cases where I have been unable to find an official English translation.
7 Speakers are not identified in the minutes, although some identify themselves as speaking for a particular ministry.
8 Italicized quotes are from Japanese-language documents and have been translated by the author.
9 This same language appears in every yearly plan from 2010-2014; it changes in 2015.
Additional information
Notes on contributors
Benjamin Bartlett
Dr. Benjamin Bartlett is an assistant professor in the Department of Political Science at Miami University in Oxford, Ohio. He received his Ph.D. in Political Science from the University of California at Berkeley and an M.Sc. in Computer Science from the University of Toronto. His research interests include comparative cybersecurity policy, cybersecurity in East Asia, and international cooperation on cybersecurity capacity building. He has published in the Journal of Cyber Policy and Asia Policy. His most recent publication was a chapter in the Oxford Handbook of Japanese Politics on cybersecurity in Japan. He is also a 2022 recipient of an NEH Fellowship for Advanced Social Science Research on Japan.