Japan government adopts draft cybersecurity strategy


In the wake of massive personal data leaks from the Japan Pension Service, the government Thursday adopted a revised draft of a new cybersecurity strategy that calls for monitoring government-affiliated institutions against cyberattacks.

The revised version, adopted at a meeting of the Cybersecurity Strategy Headquarters, is expected to be finalized at a Cabinet meeting today. The government also plans to formulate a relevant legal framework.

The government compiled a draft of the strategy in May, and then upgraded it following the pension data leaks, which were caused by a cyberattack.

The original draft did not include independent administrative agencies and other government-linked organizations in the list of entities subject to monitoring by the National Center of Incident Readiness and Strategy for Cybersecurity, or NISC, for the detection of cyberattacks, while the revised version calls for the monitoring of such institutions. NISC was set up at the Cabinet secretariat in January.

The government plans to first put priority on monitoring organizations that handle huge volumes of personal data or diplomatic secrets, increasing the number of institutions under surveillance in stages.

At the meeting, Chief Cabinet Secretary Yoshihide Suga, who chairs the cybersecurity headquarters, said, “Cyberattacks are becoming more and more sophisticated, so we need to thoroughly enhance our country’s measures against such attacks.”

Suga also called for ensuring cybersecurity at the Group of Seven summit between Japan and six other major countries, to be held in Shima, Mie Prefecture, in May, and the 2020 Tokyo Olympic and Paralympic Games.

The revised draft strategy also proposes collaboration between NISC and the Information-Technology Promotion Agency, which has many IT experts, and promoting the recruitment of private-sector experts for NISC.

It also calls for compiling a rapid response team comprising both public and private-sector cybersecurity professionals in case of emergencies.

In an investigative report about the massive pension data leaks, released Thursday, the cybersecurity headquarters noted that it is difficult for the Japan Pension Service to distinguish virus-containing emails from normal emails because the rogue emails are cleverly camouflaged.

The headquarters said measures that assume that all emails will be opened are necessary.

Specifically, it stressed the need to create a system that shuts down communication immediately to prevent the spread of damage when one personal computer becomes infected with a virus.