Initial Disclosure Date: Jul 6, 2012

On July 4, the Japanese government held the Information Security Policy Conference chaired by Chief Cabinet Secretary Osamu Fujimura at the official residence of the Prime Minister to make “Information Security 2012,” which is a basic policy to counter cyber-attacks for the next year. Its main pillars include a simulation to counter cyber-attacks on critical infrastructure such as nuclear plants and stronger information security of companies that deal with sensitive information for the country. “Our government faces a spate of cyber-attacks and growing information security threats,” Chief Cabinet Secretary Fujimura warned at the conference.

Here are some main pillars of the new policy:

• Critical infrastructure
  • The government will collaborate with critical infrastructure companies such as nuclear plants and electric power, gas, and communications companies to plan a simulation. It will aim to evaluate if those companies can appropriately respond to simulated cyber-attacks. Tokyo plans to construct a facility to evaluate cybersecurity strength of control systems by March 2013, cooperating with the United States.

• Phishing emails
  • The Ministry of Internal Affairs and Communications, the Ministry of Economy, Trade and Industry, and government affiliated agencies will establish the “Council for Analysis of Cyber-attacks” to discuss their countermeasures on July 12. This reflects their sense of crisis after phishing emails have became sophisticated since 2011. The government will also conduct a large-scale training for ministries and agencies and promote information-sharing among them.

• Private-Public partnership
  • The government will encourage companies that deal with sensitive information for the country to strengthen their information security, given the series of cyber-attacks on Japanese defense contractors. Tokyo will also promote information-sharing with those companies.

• Smartphones
  • The growing popularity of smartphones entails the rapid spread of malicious applications to leak personal information. A public-private partnership is indispensable to strengthen anti-virus measures, tighten crackdowns, and educate users.

• Robust information systems against large-scale disasters
  • The government will improve information systems including back-up systems to prevent them from breaking down during large-scale disasters, based on the experience of the Great East Japan Earthquake.

• Cloud computing
  • The government will ensure information security for cloud computing.

• Development of human resources
  • Tokyo will study how to utilize external staff at the government by personnel exchanges. The government will request the National Center for University Entrance Examination to add “Information” to its subjects of preliminary university entrance examinations, which is equivalent to Scholastic Assessment Tests or SAT.

Sources:
National Information Security Center, “Joho sekyuriti 2012 [Information Security 2012],” July 4, 2012,
http://www.nisc.go.jp/active/kihon/pdf/is2012.pdf
Chugoku Shimbun, “Juyo inhura no bogyoryoku kyoka seihu, saiba kogeki taisaku de hoshin [The government released its policy to counter cyber-attacks --- stronger protection for critical infrastructure],” July 4, 2012,
http://www.chugoku-np.co.jp/News/Sp201207040106.html
Jiji, “Sumaho neratta uirusu taisaku = seihu ga nendokeikaku [Countermeasures against smartphone viruses --- the Japanese governmetn released its policy for Fiscal Year 2012],” July 4, 2012,
http://www.jiji.com/jc/c?g=pol_30&k=2012070400757
Nihon Keizai Shimbun, “Seihu, juyo inhura heno saiba kogeki enshu jisshi he [The government will conduct a simulation of cyber-attacks on critical infrastructure],” July 4, 2012,
http://www.nikkei.com/article/DGXNASFS0401Y_U2A700C1PP8000/

• * Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.