The government has set up new organizations tasked with boosting cybersecurity in the run-up to the 2020 Tokyo Olympic and Paralympic Games — but filling the slots of these cyberwarriors is proving to be an ongoing battle.
Toshiaki Endo, minister in charge of the Olympic and Paralympic Games, has acknowledged that securing an adequate number of highly skilled specialists to combat the threat of increasingly sophisticated cyberattacks is a major challenge for Japan.
“Finding a single security hole means a victory for a hacker. Five years (until the Olympics) is not really enough time,” a government official said.
With society and the economy heavily reliant on information technology, cyberattacks against government agencies are increasing exponentially. The number surged nearly fivefold from 1.08 million in fiscal 2012 to 5.08 million in fiscal 2013. And a data breach at the Japan Pension Service this year deeply eroded public confidence in the government’s cybersecurity measures.
High-profile international events such as the Olympics tend to be targeted by hackers. During the 2012 London Olympics, the organizers’ official website was hit by more than 200 million cyberattacks.
That number is almost certain to increase for the 2020 Tokyo Games, with Endo noting that the figure “may go to another digit.”
The government set up a working team on cybersecurity last October to prepare for the 2020 Games. Based on the basic law on cybersecurity, which was enacted the following month, the government in January created a cybersecurity strategy team, headed by Chief Cabinet Secretary Yoshihide Suga, and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC).
The headquarters drafted a new strategy paper emphasizing measures for the period up to 2020. The draft calls for the establishment of a Computer Security Incident Response Team (CSIRT) for the 2020 Olympics and Paralympics. It would be staffed with dozens of experts from both the public and private sectors whose job would be to minimize damage from cyberattacks.
Most cyberattacks against government agencies are blocked, mainly by firewalls. But personnel at the Japan Pension Service inadvertently opened email messages containing a computer virus attachment.
CSIRT will be responsible for the quick recovery of affected computer systems, on the premise that “there is no such thing as perfection when it comes to cybersecurity,” one top government official said.
In an effort to give the team much-needed experience, the headquarters is aiming for a 2018 launch ahead of the 2019 Rugby World Cup and just a year before the Tokyo Games.
For the Olympics, “we are concerned most about disruption caused by cyberattacks against key infrastructure such as transportation networks and energy facilities,” a government official said.
The NISC has conducted competition-style training for the cyberattack response capabilities of 12 government ministries and agencies, as well as an exercise for operators of key infrastructure. It hopes to promote information-sharing through public-private collaboration.
The NISC plans to boost its staff by employing private-sector engineers on fixed-term contracts and increasing the number of personnel loaned from government ministries and agencies.
The monitoring and recovery of the computer systems of government agencies and key infrastructure requires large numbers of highly skilled personnel.
According to an estimate by the Information-Technology Promotion Agency, Japan, adequate cybersecurity response would require a total workforce of 350,000. But there are just 265,000 information security engineers in the country, with 160,000 of them needing to be retrained, the agency said.
“Public assistance needs to be provided for personnel training in the private sector,” said one executive from a company that works with police in the fight against cybercrimes.