May 23, 2024
TOKYO – The government has decided to establish a consultative body as a step toward introducing an “active cyber defense” system aimed at preventing critical cyber-attacks, according to government sources.
The body would be comprised of other entities, including an envisaged successor organization of the National center for Incident readiness and Strategy for Cybersecurity (NISC) and operators of key infrastructure, such as electricity and telecommunications, in an effort to boost capabilities to defend against and cope with cyber-attacks.
The body will be modeled after the Joint Cyber Defense Collaborative (JCDC) established by the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security, according to the sources. The JCDC comprises various organizations and operators, including telecommunications firms. Its participants share confidential cyber risk information and devise cyber defense plans.
“Hybrid warfare,” which combines armed attacks with cyber-attacks on crucial infrastructure, has become mainstream in contemporary conflicts. Public-private collaboration is essential to countering such threats, but Japan is lagging behind other countries in this field.
The government plans to reorganize the NISC into a new command post that would gather and analyze information and customize countermeasures. The consultative body will be established under this command post, and its members will share cyber risk information and analysis, including cases overseas. In critical cases, the government will help out with recovery.
Anticipated participants in the envisaged body include operators of electricity, telecommunications, water utilities and railways. The government plans to oblige participants to report information on cyber-attacks and resulting damage.
The government is also discussing an idea to require participants to install sensors that monitor their networks in order to make it possible to instantly share information with the government once suspicious communications are identified.
The government is also considering requiring some of the private-sector participants to obtain certificates under the security clearance system for individuals who are allowed to handle important information related to economic security.
In order to introduce active cyber defense, the government will expedite efforts to build a system in the following policy areas: (1) boosting cooperation between the public and private sectors; (2) utilizing communications data to detect the source of an attack; and (3) empowering the government to access an attacker’s server to neutralize an attack.
The envisaged consultative body will be the key to the planned public-private collaboration. The government is expected to hold a meeting of experts in early June to accelerate discussions about the plan.