(Yomiuri: December 18, 2015 – p.4)
The government will implement cyberattack stress tests during fiscal 2016, targeting civil infrastructure such as electrical substations and gas transmission facilities that are essential to people’s lives. “White hat hackers” (ethical hackers) that specialize in cyber-defense techniques will attack the control systems of those facilities and check for vulnerabilities. The government aims to beef up safety measures all over the country in preparation for the 2020 Tokyo Olympics and Paralympics, which will attract global attention.
The test will be conducted by a joint team of the Information-technology Promotion Agency (IPA), an incorporated administrative agency, and civilian experts. The team will first examine charts to analyze the existing countermeasures by infrastructure business operators and subsequently suggest improvements. Then, the white hat hackers will attempt to infiltrate the systems to see whether there are any flaws. At the same time, the government aims to cultivate workers who are knowledgeable about cyber-defense through the tests. The Ministry of Economy, Trade and Industry (METI) will earmark 400 million yen for costs related to the tests in the fiscal 2015 supplementary draft budget, which will be approved by the Cabinet on Dec. 18.
Vital infrastructure that supports the lives of the community is an easy target for cyberterrorism. Safety measures, however, are left up to business operators. “Cyber-defense capabilities vary depending on the company,” said a METI official.
The government listed 13 fields as “important infrastructure,” including electricity, gas, railways, civil aviation, and medical services, in the action plan for countermeasures against cyberattacks drawn up in May 2014. The administration is planning to target four business operators, including electricity and gas utilities, for the stress test in fiscal 2016. The government intends to conduct stress tests targeting as many fields as possible before the 2020 Tokyo Olympics and Paralympics.
Other ministries and agencies are strengthening their countermeasures against cyberattacks as well.
Beginning next fiscal year, the Ministry of Internal Affairs and Communications will significantly expand joint drills for cyber defense between government and municipal offices and infrastructure-related companies. In the past, 200 to 300 people participated in the drills every year, but this will be increased to around 2,000. The ministry will also develop a drill system that can simulate complex cyberattacks. The National Policy Agency will earmark 500 million yen in the fiscal 2015 supplementary draft budget to for the cost of maintaining equipment for analyzing malicious programs.
The National center of Incident readiness and Strategy for Cybersecurity (NISC) monitors cyberattacks against the central government’s ministries and agencies. Beginning in fiscal 2016, NISC will start monitoring government-affiliated corporations and incorporated administrative agencies. An incident took place this June in which personal information was leaked by the Japan Pension Service. This prompted the government to expand the targets for monitoring. The administration will submit bills to revise related laws in the ordinary Diet session next year.