Please view the main text area of the page by skipping the main menu.

Gov't, infrastructure firms to revise info security guidelines to combat cyberattacks

An image in which the National Institute of Information and Communications Technology analyzed and visualized what is believed to be a cyberattack on Japan is seen in this photo taken on Feb. 1, 2017. (Mainichi/Reiko Oka)

TOKYO -- The government and business operators responsible for key infrastructure are set to cooperate on revising guidelines to beef up information security, such as cyberattack countermeasures.

To that end, the government held a meeting of the national council for cybersecurity in critical infrastructure. The council is comprised of representatives from the government, and private companies and organizations managing important infrastructure such as railways and electric power facilities.

The decision was made in response to natural disasters, large-scale power blackouts and communication failures that hit Japan in 2018. Moreover, the government and businesses are set to step up measures to counter cyberattacks as the 2020 Tokyo Olympics and Paralympics draw near.

Key points of contention regarding the guideline revisions include management of data on servers in Japan to prevent leaks overseas, and installing information-related facilities in locations less vulnerable to disasters. At the meeting, the government explained that it has changed the way its organs procure communications equipment, with suspicions of Chinese manufacturer Huawei Technologies Co. in mind. The government also warned business representatives at the meeting of the risks of information leaks.

The government defines critical infrastructure as spanning 14 fields that could seriously affect citizens' lives and socioeconomic activities in the event they stopped functioning: information communications, financial services, civil aviation, airports, railways, electric power, gas, government services, medical services, tap water, logistics, chemicals, consumer credit, and oil.

The government is stepping up measures to protect information security in these fields not only to prevent large-scale system failures due to natural disasters, but also to counter increasingly sophisticated cyberattacks launched from overseas.

Infrastructure of a highly public nature is increasingly dependent on information technology. Major confusion could be caused if disasters or cyberattacks disabled communications or other systems, including people being unable to withdraw money from financial institutions and transportation service disruptions.

Torrential rains that hit western Japan in July 2018 and a powerful earthquake that jolted Hokkaido last September triggered large-scale power failures. A December 2018 glitch in SoftBank's mobile phone network affected calls and data communications for 4 1/2 hours, affecting some 30.6 million lines.

The international community is increasingly wary of cyber espionage, including the Chinese government's alleged use of domestically-made communications equipment to illegally obtain secrets from businesses and the governments of other countries.

The United States has banned its government bodies from using products and services provided by Huawei and another Chinese communications maker, ZTE Corp., under the National Defense Authorization Act passed in August last year. Australia and New Zealand are poised to follow suit, while Japan has stiffened regulations on government procurement with Chinese products fully in mind.

With regard to guideline revisions, the government declared at the Jan. 17 meeting that it will "encourage (government organizations and business operators) to manage data in a desirable manner while paying close attention to international trends."

The government will consider requiring businesses to install computer servers that store critical data inside Japan.

Meanwhile, private-sector representatives at the meeting urged the government to examine how its policy of considering cybersecurity risks when procuring communications equipment could impact business operators, an individual familiar with the matter said. Still, businesses are aware of the growing need to implement cybersecurity protections.

Koji Fujiwara, chairman of the Japanese Bankers Association, told a Jan. 17 press conference that the cyber issue "poses the highest risk to bank management."

"The possibility is growing that cyberattacks will lead to a serious situation threatening the safety and security of society as a whole. It's important to take multilayered countermeasures," he added.

With the introduction of internet of things (IoT) devices and smart meters, the electric power industry faces a growing need for cyberattack countermeasures.

However, since all industrial sectors are stepping up such countermeasures, the government's leadership ability looks to be tested in protecting essential social and economic infrastructure in the internet age.

(Japanese original by Kazumasa Kawabe, Political News Department, and Kenji Wada, Arimasa Mori, Takashi Narumi and Takayuki Hakamada, Business News Department)

Also in The Mainichi

The Mainichi on social media