The Ministry of Defense (MOD) is considering providing support to protect critical infrastructure operators in Japan from cyberattacks from other countries, the Sankei learned from sources on April 12. The MOD will strengthen the cyber defense of social infrastructure, including infrastructure operators, by conducting joint exercises in concert with other government ministries and agencies. The MOD has already informed the ruling parties about the plan, and the government intends to include it in its revision of the National Security Strategy and other key defense documents, which is to be completed by year-end.
The MOD intends to share its expertise with infrastructure operators through joint exercises using scenarios based on actual cyberattacks. To do this. the MOD will join hands with the National center of Incident readiness and Strategy for Cybersecurity (NISC), which oversees government-wide cyber defense, and government ministries and agencies that oversee key infrastructure.
In the government policy, key infrastructure operators will conduct cyber-defense measures at their own responsibility, and the government will take a supporting role. Every year, the NISC conducts large-scale exercises related to critical infrastructure, including info-communications, finance, and electricity. Operators in 14 different fields participated in last year’s exercises, but the training was only a tabletop exercise to confirm procedures at time of cyberattack.
The MOD has set up a cyber-defense unit in the Self-Defense Forces, but the target is basically limited to the Defense Information Infrastructure (DII), a communication network connecting SDF bases and camps. The MOD cannot directly protect private-sector companies, so it aims to hold joint exercises in collaboration with related ministries and agencies and thereby urge critical infrastructure operators to build their cyber-defense capabilities.
The U.S. suffered several cyberattacks targeting critical infrastructure last year. A Florida water system was hacked, and an oil pipeline system on the East Coast was attacked by ransomware and was forced to halt operations for five days.
In Japan, the defense industry was cyberattacked and information on defense equipment was leaked. Toyota Motor suspended operations at all its factories nationwide on March 1 this year due to a shortage of parts from suppliers that were cyberattacked.
The MOD will include the enhancement of the cyber defense of the social infrastructure in the NSS and the other documents under revision and will aim to construct a defense support framework for critical infrastructure and the defense industry.