Initial Disclosure Date: July 14, 2014

On July 10, 2014, the 40th Information Security Policy Council meeting adopted the revised Information Security Research and Development Strategy crafted by the Special Committee on Technological Strategy, reflecting Japan’s first Cyber Security Strategy in June 2013, increasingly sophisticated cyber-attacks, and the necessity for better information security to make the Tokyo Olympic Games in 2020 successful. The original R&D strategy was made three years ago.

Here are main points of the revised strategy:

• p4-6: Although Japanese government’s budget for information security doubled from JFY 2013 to 2014, its budget for information security-associated R&D decreased by half. Between JFY 2007 and 2014, the budget for information security-associated R&D has been going down overall.
• p9: The importance of incorporating information security in the design process for the medical and health care industry, next generation critical infrastructure, and Internet of Things.
• p9-10, 16-17: Domestic development of core technologies and products such as cryptography and enhancement of international competitiveness.
• p11, 22-23: This strategy encourages Japan to fuse technical and social-scientific analysis of cyber threats, international affairs, business management issues, criminals’ psychology, risk management, and policy; identify and recruit those who have high technical skills and insightful analysis regardless of their academic background; and evaluate and pay for intelligence, which is not necessarily part of tangible products or services.
• p12-13: This strategy points out that the government needs to clarify what kind of reverse engineering for fair use and information security is legal.
• p13: This strategy encourages the government to seek if it can share malware samples with researchers under NDA and have researchers embedded in NISC for a while to promote practical information security R&D.
• p14, 31: R&D to enhance information security technologies to protect critical infrastructure, and the adaptation of international standardization and certificates.
• p18-19: more international cooperation and Japan’s more robust information assurance.
• p21-22: This strategy encourages Japan to allocate budgets for R&D more flexibly and use more research assistants.
• p32-36: The necessity of keeping balance between the utilization of personal data and the protection of privacy and research of how to use personal information during emergency such as a natural disaster.

Sources:

1. NISC, “Joho sekyuriti kenkyu kaihatsu senryaku (kaiteiban) [Revised Information Security Research and Development Strategy],” July 10, 2014,
   http://www.nisc.go.jp/active/kihon/pdf/kenkyu2014.pdf
2. NISC, “Information Security Research and Development Strategy,” July 8, 2014,
   http://www.nisc.go.jp/eng/pdf/R_and_D_Strategy_eng.pdf

* Each company name, an organization name, and a brand name are a trade name of each company and each organization, or a registered trademark.