Contest eyed for IT security experts


Amid an increasing number of cyberstrikes, the government is planning to hold a first-ever national contest to recruit people with the IT skills to combat such attacks, and to raise public awareness about Internet security.

At least four qualifying rounds will be held in various regions this fall, before the final selection process takes place in Tokyo next February, the Ministry of Economy, Trade and Industry said.

While similar contests are routinely staged in various countries, it would be first occasion that such a large-scale contest is held in Japan, METI said.

The ministry set up a committee of IT security experts in July to discuss the requisite qualifications for candidates and the contest’s procedures.

It aims to start soliciting candidates from the end of August.

Under one of the options proposed, participants would be divided into rival teams trying to hack into a server in the fastest time, according to METI.

“We are looking for individuals who can use their skills at a business level,” said Takefumi Tanabe, former deputy director of METI’s information services and industry division.

Hideaki Kobayashi, lab director of the Information Technology Promotion Agency, said that “nurturing people who can defend means nurturing those who can attack,” suggesting that obtaining potentially dangerous skills is necessary to guard data.

Hackers have targeted Japanese companies and ministries with increasing frequency in recent years. Sony Corp. suffered a cuber-attack last year that forced it to temporarily shut down its PlayStation Network and online game and video services.

Defense-related contractors also were targeted via infected email attachments that aimed to gain access to top secret data, including Mitsubishi Heavy Industries Ltd. and IHI Corp.

However, awareness of IT security appears to be lower than overseas, such as in the United States, where students are obliged to learn about the threat, and in South Korea, which is often hit by cyber-attacks allegedly launched by Pyongyang, said the head of the promotion agency’s planning group, Junichi Hirabayashi.

The government is currently scrambling to cover a serious manpower shortage in the IT security sector.

A report by the promotion agency showed there are about 230,000 engineers working on IT security at businesses with 100 or more workers, but stressed that an additional 22,000 employees need to be hired to deal with security threats appropriately.

In addition, about 60 percent of current engineers require further training to obtain the requisite skills, the report said.

According to Kobayashi, overseas companies engaged in the energy sector have increasingly been hit with more “organized” cyberstrikes — with state involvement suspected in some cases — as opposed to individuals or groups in search or monetary reward or just a kick.

Though attacks on high-profile entities draw the most attention, experts say hackers are also targeting smaller firms.

“People tend to assume that only governments, the defense industry and big companies come under attack, but they’re not the only ones,” said Joji Hamada at IT security firm Symantec Japan Inc. “The targets are not limited to big organizations.”

According to a survey by Symantec, about 18 percent of cybers-attacks were directed against companies with less than 250 workers. Half of them targeted businesses with workforces in excess of 2,500 employees.