Japan government recognized the importance of information security in 2001.
Therefore, the Japanese government first started e-japan strategy in 2001 with the purpose to become the most developed countries in ICT by developing the infrastructure for ICT. For example, they invested in building high-speed internet access (approximately 30 million households)[210]. Then, they built up the ICT infrastructure for e-government and e-commerce in 2003. In fact, there were 96%
electric filing of Government of Japan (GOJ) and 23% Internet trade of all exchange by the end of 2003 [210]. Moreover, in 2004, the Japan government launched the Policy roundtable for realizing a ubiquitous network society in order to make networks which can be used anytime and anywhere. From that period, the Japanese government mainly focused on investing in cybersecurity to make Japan the most developed country in ICT’s world. For instance, the first cyber security strategy was launched in the periods 2006 to 2008, the second national strategy in 2009 to 2011, information security strategy to protect the nation in 2010, and cybersecurity strategy 2013 [Figure 3.3], [211]. In 2014, the Japanese government delivered new cybersecurity principles to agencies. This policy helps to protect the critical infrastructure against cyber threats, following by some major policies: supporting and enhancing safety concepts, developing information sharing and incident response, risk control, and improving the standards for Critical Information Infrastructure Protection (CIIP) [212], [213]. In addition, because of the major and serious cybersecurity attacks (Mitsubishi Heavy industry in 2011, Sony Pictures Entertainment in April 2011, and Japan Pension service in 2015) [214], Japanese government drafted the new cybersecurity strategy in 2015. This new strategy aimed to put the Japanese government, ministries, agencies and other organizations into high-level concentration towards cybersecurity and created the standard measures to implement new regulations or cyber laws for these organizations.
Besides, the Japanese government set up several organizations, agencies, and cybersecurity centers to manage the information sharing and flow of information, monitor the cyber threats, cyber incidents or cyber-attacks, implement training programs, and technological operations such as: the Information Security Policy Council (ISPC), Center for International Public Policy Studies (CIPPS), Ministry of Economy, Trade and Industry (METI), National Information Security Center (NISC), National Police Agency (NPA), Ministry of Defense (MOD), Japan Computer Emergency Response Center (JPCERT/CC) (1996), Information Technology Agency (IPA), Initiative for Cyber Security Information Sharing Partnership of Japan (J-CSIP), Industrial Cybersecurity Center of Excellence (COE), Network Incident Analysis Center For Tactical Emergency Response (NICTER), the National Cyber Training Center, Ministry of Internal Affairs and Communications (MIC) [Table 3.3], [215],
Óbuda University 87 Nguyen Huu Phuoc Dai
the Cyber Clean Center (CCC), the Advanced Cyber Threats Response Initiative (ACTIVE) [214], the Information Security Center Council (ISCC) [173], and Control System Security Center (CSSC) [216]. Likewise, the Japanese government also gave the Act on the Protection of Personal Information (“APPI”) and the Personal Information Protection Commission (“PPC”) – a central agency for supervisor governmental organizations in privacy protection [184]. Regarding this Act, it specifies personal information, sensitive personal information, anonymized information, and guidelines for collecting, processing, and transferring data to the third party for safeguarding the data and strengthening national security.
Figure 3.3: History of Japan cybersecurity [211]
18 ---I 2014 -- 2010 I--I 2020|
2000 2010 2011 2012
...'`...'... ...'... ... ...'
Declaration to be the Most Advanced IT Natıon (IT Strategic Headquarters,
June
Cybersecurity
_ cyber security strategy J
Strategy
(ısı=c, June 2013)
id/lonã-term Plan
First National Strategy Second National Strategy on Information Security on Information Security
ıteııiziırseeuıeııpıı' Tıııııasuımg-Iıflivirı,___ı;ı'_';uı“sıı:ieıy'iuıTeıı
kmual W-2
Pla" 2008 2001 2008 2009 2010 2011 2012 2018 2014 >
- - M ment Stınchrds for
5213'-_'_'“* Guidelines for the Fomnulation hh n Sgcuriw Mqıguıg Common
ff ° Of ınforma onti 5ecun'gy p |` `o ıcıes 102ooëtliıgod.___ for the GontrıIGovoı1'ıı'noı1tzâwpuur ÜSPQ May 2014)Standards
Govemmorıt 2000:;
C .
ritioa C t°" Az»zzz„.=I.„„„
_ _fI„s„„« Azw-„z„ ã2;;1T;1::.I:ii::
ımmıfuzıu lnf0fmatI_°fI Seõmtv Meaıures Infcnnıtion Security Mıosurıs ınfrzgzmztufe f°f 01111021 lfifffifiwfiwm for Critical Infııstructııres zrotection (3rd Ed.)*
20002- fwilfifl 2012-4 (ısPc, May 2014)
P'° 't oti°" Crıtıcal Infrastructure- - 200512
200012
*The document title was changed.
4 Copyright ®LAC Co., Ltıd. 2015 All Rights Reserved. Í
FAI*
European (Visegrád countries) cybersecurity in applying for ASEAN countries: the case of Vietnam
Óbuda University 89 Nguyen Huu Phuoc Dai
Table 3.3: Japan‘s cybersecurity organizations [215]
Organizations Functions
The Information Security Policy Council (ISPC) (2011)
- Top level of the Japanese government’s cybersecurity advisory body
- Improving the cooperation between public-private sectors
Center for International Public Policy Studies (CIPPS)
- Private sector – creating public policy issues in international affairs and diplomacy issues
Ministry of economy, trade, and industry (METI)
- Establishing the IT policies National information security center
(NISC)
- Coordinating government efforts National police agency (NPA) - Fighting the cybercrimes
Ministry of Defense (MOD) - Establishing national security
Japan Computer Emergency Response Center (JPCERT/CC)
(1996)
- First CSIRT in Japan
- Cooperating with service providers, security vendors, government agencies, and industry organizations
- A member of FIRST and APCERT - Providing computer incident responses - Cooperating with local and global CSIRTs
Information –Technology Agency (IPA)
- Monitoring the next generation government security operation coordination team for central government
- Supporting sharing cyber threat information framework
- Establishing a cyber rescue and advice team against the attack of Japan
- Developing the human resources - Evaluating the security and reliability of Industrial control system/ supervisory control and data acquisition (ICS/SCADA)
- Researching and analyzing cyber threat intelligence
Network incident analysis center for tactical emergency response
(NICTER)
- Monitoring cyberattacks and visualizing them
European (Visegrád countries) cybersecurity in applying for ASEAN countries: the case of Vietnam
Óbuda University 90 Nguyen Huu Phuoc Dai
Organizations Functions
The national cyber training center
-Offering SecHack365 program to train students under 25 years old
-Implementing 100 cyber defense exercise with recurrence exercises for central and local municipal government officials and critical infrastructure personnel
Ministry of internal affairs and communications (MIC)
- Establishing the IoT cybersecurity action program 2017 to improve IoT security and prepare for Tokyo 2020.
The Cyber Clean Center (CCC)
- A honey pot to capture malware and monitor their behaviors
- Identifying and warning infected users
The Advanced Cyber Threats
Japan and the USA started to build cooperation in 2013 to strengthen strong security and defense cooperation with the purpose of increasing the capacity building efforts.
Then in 2015, there was a new version “Guidelines for Japan and US defense cooperation. In Southeast Asia, USA and Japan have common security interests; as a result, their cooperation can guarantee the security and stability of their democracies, counter back terrorism, piracy and so on [214]. Additionally, Japan and India shared the same vision of free and secure cyberspace and international law in the first and the second meeting in cybersecurity in 2012 and 2017 to improve confidence-building measures or develop investments in cybersecurity cooperation [217]. Likewise, Japan and EU also join in Japan-EU ICT policy dialogue and other forums or discussions to build a cooperative framework on information security with EU nations like Japan- UK cyber conferences, Japan-EU Internet Security Forum [218]. Moreover, Japan has a good relationship with ASEAN countries. It also cooperates with ASEAN nations in several meetings and projects related to cybersecurity field; therefore, it helps to improve bilateral cooperation, cybersecurity awareness, share the best practices with each member country by exchanging its views towards cyberspace, information on cybersecurity strategies and discussing the possibility of cooperation, to counter against cyber-attacks.
In summary, the Japanese cybersecurity strategy targets to improve government cybersecurity, critical infrastructure, associated with corporations and academia;
enhance cyberspace’s awareness for the business and its citizens; and apply countermeasures for cybercrime and cyberspace defense. Regarding the Japanese cybersecurity strategy, the Japanese government built an inter-organizational cooperation framework which enhanced their national cybersecurity capabilities,
European (Visegrád countries) cybersecurity in applying for ASEAN countries: the case of Vietnam
Óbuda University 91 Nguyen Huu Phuoc Dai
developed coordination and collaboration among the parties, agencies, and public-private sectors, enabled immediately response to cybersecurity incidents or cyber-attacks. Besides, the Japanese government develops cooperation with international organizations like USA, EU, and ASEAN in order to share best practices, raise cybersecurity awareness, promote technological innovations, and support local and global CSIRTs.