The U.S.-Japan Security Consultative Committee convened last April for the first time since August 2017. The two governments agreed that a cyber attack could, in certain circumstances, constitute an armed attack for the purposes of Article V of the U.S.-Japan Security Treaty. A decision as to when a cyber attack would constitute an armed attack would be made on a case-by-case basis.
This announcement is an echo of several other similar agreements. The most well-known of these is NATO’s stance that Article 5 of the North Atlantic Treaty can be applied to attacks in cyberspace, a stance which NATO has held for almost a decade. The U.S. and Australia agreed in 2011 to a similar extension of the Australia, New Zealand, and U.S. Security Treaty (ANZUS Treaty) to consult and determine appropriate collaborative options to address cyber threats. This language is very similar to that of a 2015 agreement between the U.S. and Japan Cyber Defense Policy Working Group to consult and collaboratively address serious cyber incidents.
The following documents include items recently obtained by the Cyber Vault along with additional materials housed in the Cyber Vault Library that provide useful context on the subject.