Initial Disclosure Date: Jan 21, 2014

The Special Committee on Critical Infrastructure under Japan’s Information Security Policy Council held its 35th meeting on January 10 and agreed that the Japanese government should add three sectors --- the chemical, credit card, and petroleum industry --- to its definition of critical infrastructure in the 3rd Information Security Action Plan for Critical Infrastructure. ^(footnote:1) The U.S. government regards the chemical sector as critical infrastructure. The current definition covers only ten sectors, namely aviation, electricity, finance, gas, government services, information & communications, logistics, medical services, railways, and water. This is the first time for the Japanese government to change the definition although the Information Security Policy Council makes a final decision on the action plan this March. ^(footnote:2)

This shift reflects Japan’s first Cybersecurity Strategy released in June 2013. The document admitted that there are other sectors that could have a grave impact on the lives of citizens and socioeconomic activities if any disruption to their ICT system ever occurs and it is necessary to review the current definition. While the United States includes the Defense Industrial Base (DIB) or defense industry in the category of critical infrastructure and the Cybersecurity Strategy notices it, DIB is not likely to be added this time in Japan. ^(footnote:3)

Sources:

1. Special Committee on Critical Infrastructure, “Shiryo 3-2: juyo inhura no joho sekyuriti taisaku ni kakaru dai 3 ji kodo keikaku (an) no gaiyo [Handout 3-2: outline of 3rd Information Security Action Plan for Critical Infrastructure’s draft],” January 10, 2014,
   http://www.nisc.go.jp/conference/seisaku/ciip/dai35/pdf/35siryou0302.pdf , 6
2. Yomiuri Shimbun, “Cybersecurity to include oil, credit cards,” January 19, 2014,
   http://the-japan-news.com/news/article/0000955755
3. Information Security Policy Council, “Cybersecurity Strategy  Towards a world-leading, resilient and vigorous cyberspace  ,”
   http://www.nisc.go.jp/active/kihon/pdf/cybersecuritystrategy-en.pdf , 24-25

※ Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.