print PRINT

SECURITY > Cybersecurity

Japan gov’t to draw up 6-level cyberattack severity criteria

  • December 17, 2017
  • , The Mainichi
  • English Press

The government is set to draw up criteria in March 2018 for the severity of cyberattacks on critical infrastructure such as railways, electricity and financial institutions, to help the government take appropriate crisis-management measures.


The specific ways in which the government would respond to a cyberattack are set to vary depending on a six-level “severity scale,” ranging from zero to five. A special task force will also be set up in the prime minister’s office for some of the levels.


The severity scale is aimed at giving government departments, private companies and citizens a shared understanding regarding the severity of potential cyberattacks, and is one part of the overall counter-cyberterrorism policy the government is looking to implement in preparation for the 2020 Tokyo Games.


In 2015, the government set up a National Center of Incident Readiness and Strategy for Cybersecurity (NISC) in the Cabinet Secretariat. The NISC worked on measures concerning 13 fields such as electricity, the financial sector, railways and information and communications, which the center deems could have a potentially large effect on citizens’ lives and socioeconomic activity.


Under the proposed new criteria, a cyberattack on something like a nuclear power plant, that would pose a serious and widespread danger to citizens’ lives and assets, would be classified as “level 5” on the severity scale. The levels will be defined more specifically later.


In 2016, the United States government unveiled similar six-level criteria. Under the U.S. criteria, level 5 relates to infrastructure, the government and citizens’ lives being under imminent threat. The U.S. National Security Agency (NSA) steps in for cases that are level 3 or above, whereby it is obvious that public sanitation, national security, external relations and citizens’ freedoms are likely to be affected.


Referring to the American arrangement, the Japanese government is also considering levels at which a working-level “liaison office” and “countermeasure office” should be established at the prime minister’s office and at which a task force involving Cabinet members should be launched.


The Japanese government is also planning to revise safety criteria on information security concerning critical infrastructure, in spring 2018. It is set to ask government ministries and agencies, as well as business groups, to set up their own regulations concerning cyberattacks. The government will also look to make clear statements on personnel distribution within information security divisions, and encourage private firms to bring in stronger measures against cyberattacks.

  • Ambassador
  • G7 Summit
  • Ukraine