Initial Disclosure Date: Jun 26, 2012

Abstract:

On November 10, 2011, the Japan Network Security Association (JNSA), the Japan Information Security Audit Association (JASA), and the Korea Information Security Industry Association (KISIA) issued a joint statement. The three associations asked Japanese and South Korean governments, government-affiliated organizations, companies, and general public to strengthen measures for information security and cybersecurity.

Discription：

In this background, cyber-attacks are increasing and they are becoming more sophisticated in both Japan and South Korea. Particularly, DDoS attacks and Advanced Persistent Attacks (APT) are skyrocketing. According to KISIA Chairman Lee Deuk-choon, the Personal Information Protection Law started to change the mindset of Korean companies that used to be hesitant to disclose information on information security incidents, after the law became effective in September 2011.^{(footnote:ⅰ)}

The joint statement has five objectives:^{(footnote:ⅱ)}
１）Strengthen measures for information security
２）Strengthen information sharing on cyber-attacks between Japan and South Korea, and establish international public-private partnerships
３）Take information security measures tailored for individuals and organizations, given the increasing number of cyber-attacks against psychological weaknesses
４）Establish a information security management system and strengthen information security audit
５）Strengthen cooperation between the governments and information security industry, and improve public awareness of cyber-attack countermeasures

Government-level collaboration between the two countries is progressing. The Information-technology Promotion Agency (IPA) and the Korea Information Security Agency (KISA) have already established cooperation and regularly hold meetings to exchange information. JNSA, JASA, and KISIA want to promote private-level information sharing for prompt response. Especially, the three are keen to establish an information-sharing system to promptly respond to APT, which are ever becoming sophisticated.^{(footnote:ⅲ)}

As of today, the Japanese Self Defense Forces and South Korean military have not established their cybersecurity cooperative mechanism. South Koreans including National Assembly members have deep-seated opposition to military dialogues with Japan and bilateral military cooperation has not deepened, due to historical reasons.^{(footnote:ⅳ)} Yet, Tokyo and Seoul entered their final stage to conclude a General Security of Military Information Agreement (GSOMIA) and an Acquisition and Cross-Servicing Agreement (ACSA) in May 2012. GSOMIA allows the two countries to share confidential military intelligence, particularly the North Korean missile and nuclear programs, whereas ACSA enables them to logistically cooperate such as food and transportation. Tokyo and Seoul were criticized for the lack of their information-sharing and cooperation when North Korea launched ballistic missiles in April 2012. This incident spurred their coordination for the conclusion of GSOMIA and ACSA.^{(footnote:ⅴ)} If the SDF and South Korean military establish their cybersecurity cooperative mechanism in the future, GSOMIA would be indispensable to share sensitive intelligence.

However, it would take some time to sign the agreement. On June 14, 2012, Seoul and Washington held a meeting of foreign and defense ministers or so-called “2 + 2,” where the U.S. government demanded the South Korean counterpart to conclude GSOMIA with Japan as soon as possible, according to the Dong-A Ilbo’s article dated June 18th. Since Washington launched a new defense strategy to focus on the Asia-Pacific due to rising China, it seems to want Japan and South Korea to establish and expand their military cooperation. According to the Dong-A Ilbo, South Korean Foreign Minister Kim Sung-hwan frowned at the U.S. suggestion because GSOMIA is problematic for South Korean feelings.^{(footnote:ⅵ)}

Related Informations:

1. AtmarkIT, “JNSA to JASA, Kankoku no KISIA ga kyoryoku ‘Nikkan de saiba kogeki nikansuru joho kyoyu wo’ kyodo seimei happyo [JNSA, JASA, and KISIA released a joint statement on their cybersecurity cooperation and information sharing on cyber-attacks between Japan and South Korea],” November 11, 2011,
   http://www.atmarkit.co.jp/news/201111/11/jnsa.html
2. KISIA/JNSA/JASA, “Saiba kogeki heno taio kyoka nitsuite [Strengthening countermeasures against cyber-attacks],” November 10, 2011,
   http://www.jnsa.org/press/2011/111110.pdf
3. AtmarkIT, “JNSA to JASA, Kankoku no KISIA ga kyoryoku ‘Nikkan de saiba kogeki nikansuru joho kyoyu wo’ kyodo seimei happyo [JNSA, JASA, and KISIA released a joint statement on their cybersecurity cooperation and information sharing on cyber-attacks between Japan and South Korea],” November 11, 2011,
   http://www.atmarkit.co.jp/news/201111/11/jnsa.html
4. Mainichi Shimbun, “Kankoku kokubosho no honichi enki Nihon tono gunji kyoryoku kenen hairyo ka [South Korean Defense Minister postponed his visit to Japan, probably given the country’s concern over military cooperation with Japan],” May 17, 2012,
   http://mainichi.jp/select/news/20120518k0000m030085000c2.html
5. Mainichi Shimbun, “Nikkan gunji joho kokan kyotei teiketsu he saishu chosei [Japan and South Korea started final coordination to conclude GSOMIA],” May 8, 2012,
   http://mainichi.jp/select/news/20120509k0000m010084000c.html
6. Hokkaido Shimbun, “Bei ga nikkan gunji kyoryoku yokyu Chugoku wo shiya to hodo [Washington demanded Seoul to conclude GSOMIA, reportedly due to its concern over China],” June 18, 2012,
   http://www.hokkaido-np.co.jp/news/international/380866.html

• * Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.