The Yomiuri Shimbun
The government has decided to start developing a new technology from fiscal 2019 to detect malicious programs present on telecommunications devices used by government organizations, government sources have said.
Because the complex production processes for such devices now involve a number of countries, the possibility of malware planted in such devices cannot be denied, prompting the government to deem that the development of detection technology is an urgent task.
The government envisions the introduction of a so-called behavior method in the new technology, whereby particular signals and data are sent to communications servers, personal computers, routers and other telecommunications devices to check whether they “behave” as assumed. The basic technology for the method has already been established in the private sector, and advanced research on it has begun in order to cope with so-called smart viruses.
Under the government’s plan, if suspicious or abnormal signals are detected from its devices with the new technology, the government will replace them, suspecting that they have been illegally modified. The government then will request the manufacturers of the devices to submit product designs and software programs for verification.
The government will invite companies and organizations that would be commissioned to develop and study the new technology as soon as the beginning of next year. The expense to develop the technology will be allocated from part of ¥2.49 billion ($22.6 million) in the fiscal 2019 draft budget to be spent for the National Center of Incident Readiness and Strategy for Cybersecurity. The draft budget was approved by the Cabinet on Friday.
The center, the Economy, Trade and Industry Ministry and the Internal Affairs and Communications Ministry will work together to establish a structure to research and develop the technology in the next fiscal year and start monitoring communication devices that have already been introduced in government entities on a trial basis. Prior to the approval of the draft budget on Dec. 10, the Cabinet Office, ministries and agencies agreed to effectively exclude two major Chinese telecom equipment makers — Huawei Technologies Co. and ZTE Corp. — from government procurement from next spring due to concerns over possible spying and cyber-attacks.
“We can’t rule out the possibility that products made other than in China have been maliciously modified,” said a government source. Under such concerns, all the products to be procured by the government will become the subject of monitoring under the behavior method.
If malicious programs or microchips called “backdoors” are embedded in telecommunications devices, classified materials can be stolen via indirect operations. For example, documents copied through infected machines can be automatically forwarded to an unauthorized recipient. Unlike computer viruses that attempt to break in from the outside, backdoors can be embedded in devices in the manufacturing process, and they are “very difficult to detect,” according to the source.