Initial Disclosure Date: Jul 3, 2012

On June 29, the Japanese government established the Cyber Incident Mobile Assistant Team (CYMAT). Since cyber-attacks are becoming more sophisticated such as advanced persistent threats or APT, ministries and agencies cannot afford to rely on unconsolidated efforts anymore. That is why Tokyo decided to launch this cross-governmental organization to deal with increasing cyber threats. Chief Cabinet Secretary Osamu Fujimura stated at a press conference that CYMAT will work on damages caused by Anonymous cyber-attacks.

The government established Information Security Policy Conference to decide on basic information security policy and strategy as well as the National Information Security Center (NISC) under the Cabinet Office in April 2005. CYMAT is under the NISC.

CYMAT consists of information security officials from each ministry and agency. At this stage, the team has 26 members including officials from the Ministry of Economy, Trade and Industry and Ministry of Defense, but the size will become expanded to about 40 members in a few years. CYMAT is led by the NISC Director General, who is also Chief Information Security Officer of the government. Some of NISC officials joined CYMAT.

CYMAT aims to provide technical assistance and advice to prevent damages from spreading, recover computers and networks, and investigate causes when any information security related incident occurs. Usually, the team gives lectures, leads exercises, and encourages information security officials to participate in training. Its support covers ministries, observers of Information Security Promotion Conferences hosted by the NISC, and government affiliated organizations.

In emergency, CYMAT will work together with the NISC and each ministry to minimize damages or prevent them from expanding. The NISC has the Government Security Operation Coordination Team (GSOC) to monitor computer systems of ministries, collect information on incidents, and analyze them on a 24/7 basis, and each ministry has a Computer Security Incident Response Team.

The government has not clarified the term of CYMAT officials. Japanese government officials usually rotate to a different section within two to three years, which makes it challenging to secure information security experts. As the Information Security Policy Conference pointed out on April 26, 2012, Tokyo needs those who are familiar with information security and “ can serve as a consensus builder [for ministries such as] the National Police Agency, the Ministry of Internal Affairs and Communications, the Ministry of Economy, Trade and Industry, and the Ministry of Defense.” Otherwise, it would be difficult to overcome stovepipe systems, respond to cyber threats promptly, and put countermeasures into action.

Sources:
National Information Security Center, “Kodo joho tsushin netowaku shakai suishin senryaku honbu joho sekyuritei seisaku kaigi dai 29 kai kaigo giji yoshi [summary of the minutes of the 29th Information Security Policy Conference by the Headquarters to Promote Advanced Information Communication Network Society],” April 26, 2012,
http://www.nisc.go.jp/conference/seisaku/dai29/pdf/29gijiyoushi.pdf
National Information Security Center, “Hodo Shiryo: Joho sekyuritei kinkyu shien chimu (CYMAT) secchi nit suite [Press Release: the establishment of the Cyber Incident Mobile Assistant Team ],” June 29, 2012,
http://www.nisc.go.jp/press/pdf/cymat_press.pdf
Shirai Ryo, “Shocho odan no saiba kogeki taisaku kido chimu ‘CYMAT’ ga hossoku [The government established a cross-governmental Cyber Incident Mobile Assistant Team (CYMAT)],” June 29, 2012, Nikkei BP,
http://itpro.nikkeibp.co.jp/article/NEWS/20120629/406366/?ST=security
Nihon Keizai Shimbun, “Saiba kogeki ni seihu taio chimu shogai kara no hukkyu shien [The government established a team to respond to cyber-attacks and help ministries and agencies recover from damages],” June 29, 2012,
http://www.nikkei.com/article/DGXNASFS2902G_Z20C12A6PP8000/
Mainichi Shimbun, “Saiba kogeki: seihu ga taisaku no shinsoshiki [The government established a new team to respond to cyber-attacks],” June 30, 2012,
http://mainichi.jp/select/news/20120630k0000m010108000c.html

• * Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.