What Next for the UK–Japan Cyber Partnership?

The UK–Japan Cyber Partnership demonstrates the value of targeted engagement driven by operational activities across multiple policy areas. Effort should now be made to ensure that the momentum that has defined the first year of the Partnership is sustained, that challenges are overcome, and that the impact of engagement on cyber continues to grow.

This paper examines the UK–Japan Cyber Partnership and considers the factors that determine how it functions. It recommends further activities for the Partnership to undertake within its existing strategic priorities, and advocates for an expanded scope. The paper makes the following recommendations:

• Capability development. Japan and the UK should expand mutual efforts on personnel development through training, exchanges and exercises. Furthermore, continued dialogue on policies to retain and recruit technical personnel will ensure best practices are mainstreamed. Similarly, establishing trusted and secure processes to share information and intelligence is crucial to driving greater depth and breadth of engagement.
   
• Public–private partnerships (PPPs). The UK and Japan should amplify cyber engagement led by non-governmental stakeholders: for example, emerging regional cyber clusters should be encouraged to continue developing bilateral partnerships. Efforts should also be made to promote connections between sectoral Information Sharing and Analysis Centres. Both governments should take a more proactive approach to expanding and supporting commercial cyber-security engagement, through facilitating partnerships and identifying areas of competitive advantage. Finally, existing efforts to promote bilateral involvement in national PPPs, such as Industry 100, should be expanded.
   
• Advancing shared international interests. There is significant opportunity and willingness to expand bilateral cooperation on cyber capacity building across ASEAN and the wider Indo-Pacific, and to provide targeted support to deter adversaries. Japan and the UK should also pursue closer collaboration to promote global rules and norms in cyberspace by working together, conducting joint attributions, and so on. Both should also consider how to align their approaches to providing proactive international cyber crisis support.
   

• Cyber-resilient ecosystems. The UK and Japan should continue expanding the scope of the Partnership in response to need and opportunity. ‘Cyber-resilient ecosystems’, understood as cooperation on reforms to government structures, legislation, regulation and resilience, is one such area. The UK and Japan should further explore alignment on cyber-security professional standards, and establish a bi-annual dialogue on standards and interoperability.
  
  Other activities the UK and Japan should undertake include: sufficiently funding engagement activities; trialling deeper cooperation on cyber education; and regularly assessing the progress of the Partnership.

  The paper’s findings, which inform these recommendations, are that:
   

• There is currently momentum, enthusiasm and opportunity to continue and
  expand the UK–Japan Cyber Partnership.
   
• Cyber security is both a distinct activity within the bilateral relationship and an enabler for further activities, for example in national security and defence.
   
• Cooperation can be expanded on reforms to Japan and the UK’s cyber ecosystems, but it must be undertaken as peers.
   
• Japan’s commitment to reforming government structures, improving information security and developing capabilities will be decisive in deepening the Partnership.
   

• Persistent challenges and obstacles impact the tempo and scope of the
  Partnership.

  It is important that the Partnership remains on its current trajectory. Stakeholders across both countries believe that the Partnership has positive momentum and that there is space to expand engagement. Seizing this opportunity, while avoiding wasteful or unnecessary activities, can advance the wider bilateral relationship. As Japan and the UK expand their bilateral partnership, cyber security can be a springboard to achieve operational successes and enable broader strategic engagement.