15:14 JST, May 21, 2024
The government has decided to set up a consultative body as a step towards introducing an “active cyber defense” system aimed at preventing critical cyber attacks, government sources said.
The body would consist of other entities, including an intended successor to the National Center for Incident Readiness and Strategy for Cybersecurity (NISC) and operators of key infrastructure, such as electricity and telecommunications, in an effort to strengthen capabilities to defend against and telecommunications strengthen. dealing with cyber attacks.
According to the sources, the body will be modeled after the Joint Cyber โโDefense Collaborative (JCDC), established by the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The JCDC includes several organizations and operators, including telecommunications companies. Participants share confidential cyber risk information and devise cyber defense plans.
‘Hybrid warfare’, which combines armed attacks with cyber attacks on critical infrastructure, has become mainstream in contemporary conflicts. Public-private partnerships are essential to counter such threats, but Japan lags behind other countries in this area.
The government plans to reorganize the NISC into a new command post that would collect and analyze information and adapt countermeasures. The advisory body will be established under this command post and its members will share information and analysis on cyber risks, including cases abroad. In critical cases, the government will help with recovery.
Expected participants in the proposed organization include electricity, telecommunications, water utilities and railway operators. The government plans to oblige participants to report information about cyber attacks and the resulting damage.
The government is also discussing an idea to oblige participants to install sensors that monitor their networks, so that it becomes possible to immediately share information with the government as soon as suspicious communication is detected.
The government is also considering requiring some private sector participants to obtain certificates under the security clearance system for persons authorized to handle important information related to economic security.
To introduce active cyber defense, the Cabinet will accelerate efforts to build a system in the following policy areas: (1) encouraging cooperation between the public and private sectors; (2) using communications data to detect the source of an attack; and (3) authorizing the government to access an attacker’s server to neutralize an attack.
The intended consultation body will be the key to the intended public-private partnership. The government is expected to hold an expert meeting in early June to speed up discussions on the plan.