On Jan. 17, the government held a meeting of the “specialized research committee on critical infrastructure” (chaired by Nagoya Institute of Technology Professor Kenji Watanabe). The committee is composed of private-sector companies and groups involved in operating critical infrastructure, including electricity and railways. Last year, Japan saw many natural disasters as well as a large-scale blackout and disruption in communications services. In light of this, the government decided to move up its revision of the guidelines that government and infrastructure operators use in setting safety standards for information security. The revision of the guidelines will also serve to enhance preparedness against cyberattacks with the Tokyo Olympics and Paralympics on the horizon in 2020.
The government sees the points for discussion as (1) using domestic servers to manage electronic data in order to prevent the leakage of data overseas and (2) locating information systems, data centers, and other facilities in places where service interruptions are unlikely to occur in the case of disasters.
In December 2018, government agencies changed their procurement policy for communications equipment [in light of concerns related to] Chinese telecommunication major Huawei. This was explained at the meeting, and participants were urged to take precautions against the risk of information leakage.
At the meeting, the government said that the aim of revising the guidelines is “to encourage [all related parties] to manage data in a suitable way in light of international trends.” Going forward, the government will mull requesting that servers with critical data be located in Japan. The government policy requiring that security risks be taken into consideration in the procurement of communications equipment may be applied to the private sector in the future. For this reason, private companies said at the Jan. 17 meeting that “we would like to see the government also consider the impact on operators.”
The government defines critical infrastructure as any infrastructure that will have a major impact on citizens’ lives and social and economic activities in the event that the infrastructure’s operations are suspended or are rendered unusable. The 14 kinds of infrastructure are as follows: communications; finance; aviation; airports; railways; electricity; gas; government and administrative services; healthcare; waterworks; distribution; chemicals; credit; and oil. (Abridged)