The Yomiuri Shimbun The government is planning to create a new organization to improve public-private information sharing on cyber-attacks aimed at important infrastructure, such as power grids and railways, The Yomiuri Shimbun has learned. The plan comes as large-scale attacks continue to occur around the world.
The government is preparing legislation to make it easier for businesses to provide information. The overall goal is to create a fail-safe system for countering cyber-attacks before the 2020 Tokyo Olympics and Paralympics.
The government intends to hold a meeting of the Cyber Security Strategy Headquarters in the near future to establish new policies, the sources said.
Specifically, the Cabinet Secretariat’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) would serve as the control tower in the system. Related government ministries and agencies would work with more than 2,000 companies in 13 fields designated as “important infrastructure,” including electricity, gas, water, railroads, airlines and finance. In addition, a provisionally named “virtual information cooperation center” would be created under the NISC.
Under the system, companies targeted by a cyber-attack could report on it anonymously so they would not hesitate to provide information. Creating anonymous data would make it easier to aggregate concrete information, including the content of transactions companies want to keep secret, so it can be quickly and effectively incorporated into countermeasures. The government also plans to start preparing legislation to make this possible.
There have been previous public-private frameworks for sharing information on cyber-attacks. However, businesses were reluctant to disclose information that could lead to even mild service disruptions or that were related to company secrets, as they were afraid of running afoul of the law or being subjected to administrative guidance.
According to the Japan Computer Emergency Response Team Coordination Center, known as JPCERT/CC, which provides support for dealing with cyber-attacks, the number of reported attacks has risen rapidly, from 9,865 in 2010 to 29,191 in 2013. The number of unreported cases has increased recently, the Tokyo-based general incorporated foundation added.
How to protect important infrastructure that directly affects people’s lives from cyber-attacks has become a global problem.
In December 2015, several electric power substations in Ukraine stopped transmitting electricity, causing large-scale blackouts. In 2014, a South Korean company that operates a subway system had its servers hijacked for about five months. And late last month, a cyber-attack aimed at public institutions and other systems in Russia and several other countries took place.
In Japan, no cyber-attacks are known to have targeted important infrastructure. However, in January this year, the Tokyo-based Taiyo Nippon Sanso Corp., the nation’s largest dealer in industrial gases used by chemical plants and others, was the victim of a cyber-attack that may have stolen the personal information of about 10,000 employees and others. The invasion likely occurred no later than 2015, but the company failed to report it to the Economy, Trade and Industry Ministry or other government entities with jurisdiction.
Companies hit by cyber-attacks tend to regard them as potentially damaging to their reputation and are reluctant to go public and share information. Yet important infrastructure has a large impact on people’s lives. To minimize damage from cyber-attacks, rapid information sharing and a government response are needed.Speech