features

Japan gets serious about cybersecurity as Olympics approach

12 Comments
By Richard Smart for The Journal (ACCJ)

On December 9, Prime Minister Shinzo Abe saw his website fall victim to hackers. A message on Twitter from a user called RektFaggot read “Whaling IS NOT Cultural Right! Your website is #TangoDown!” A screenshot attached to the tweet showed that connections to the website were timing out worldwide.

Attacks such as this are increasing in number. The latest affront came after another painful year online for Japanese business and government.

Anonymous, a loose online collective, had hacked around 100 websites in Japan between September and the end of last year to protest whaling, according to police.

That, however, is the tip of the iceberg. Japan’s pension system was hit by a virus that had been opened by an employee in May. About 1.25 million pension records were leaked in that incident. Two airports had their websites taken down, including Narita International Airport, in October.

In recent years, hacks at organizations such as Benesse, Waseda University, Sony, and Japan Airlines have proved humiliating for companies and institutions, and have put consumer data at risk.

Part of the problem is that the sheer volume of attacks today is overwhelming for the unprepared. “In 2014, there were more than 25 billion cyberattacks in Japan, compared with 310 million in 2005,” says John Kirch, regional director for North Asia at security company Darktrace.

Kirch argues that companies and the government face huge issues because attacks often come from “insiders.”

“Everyone and every network interaction should be considered [with a degree of suspicion],” Kirch says.

Modern cybersecurity thus faces problems on multiple levels. Threats can come from anywhere; the increasing number of connected devices augments risk; and the number of attacks is rising. Japan needs to work on legislation, train workers, and look to the latest technology to ensure security.

A primary concern for Japan is the lack of people trained to do the work needed to secure networks. According to a government estimate, the nation would need 350,000 fully trained staff to assure secure networks. There are 265,000 people working in cybersecurity today, and 160,000 of them need additional training.

“In the short-term, Japan needs to depend on and trust its partners to help with this shortage,” says Ed Adams, CEO of Security Innovation, a Massachusetts-based company.

“[We] had so many high profile Japanese customers that we realized Japanese organizations were starting to take cybersecurity seriously,” says Maureen Robinson, Security Innovation’s marketing director. “And, given the Japanese culture—[when they are committed they do it right]—we decided that investment [in the country] made sense.”

Having worked with companies such as Sony Corporation, Rakuten, Inc., Bank of Tokyo-Mitsubishi UFJ, Renesas Electronics Corporation, and Honda Motor Co., Ltd., Security Innovation in 2014 made 44 of its courses available in Japanese. Since then, its presence in the country has increased.

“Our main activity in Japan is selling our online secure software engineering training product,” says Adams. “We do this via a partnership with NRI Secure [part of the Nomura family of companies.]”

Security Innovation is also involved in providing cybersecurity to the Japanese government. With the Olympic and Paralympic Games coming up in 2020, Japan is likely to face increasing attacks from hackers looking for the glory of a high-profile hit during a prestigious event.

Additionally, many of the plans for making Tokyo into a smarter city will also increase the areas in which there are potential vulnerabilities.

“Tokyo plans to deploy RoboTaxis for the 2020 Games; these cars need to be secure and accurate in terms of delivering passengers to the desired destination,” Adams says. Other organizations in the private sector are also looking to Japan. “The U.S. Department of Commerce is organizing a Cybersecurity Business Development Mission to Japan, [South] Korea, and Taiwan that will visit Japan on May 16 and 17, with about 20 companies participating,” says Erick Kish, a commercial attaché at the U.S. Embassy in Tokyo.

Beyond working with private companies, Japan is also moving on legislation to ensure the government can better manage security threats.

Last year, the nation unveiled a new cybersecurity strategy. The paper, updated after the pension records were lost in a hack, increases the government’s power to monitor for threats and tackle them if necessary. The Government Security Operation Coordination team now oversees cybersecurity for all government bodies.

Recommendations in the paper, which was approved by the cabinet, include developing a strategy for sharing and communicating relevant information more clearly.

In the event of an attack, “the Government will extensively share obtained information on the occurred incident, including attackers’ methods, with the governmental bodies, critical information infrastructure operators, and other relevant parties, to prevent the damage from becoming more serious,” according to the paper.

Admiral Dennis C. Blair, who served as director of US National Intelligence from 2009 to 2010, believes Japan’s cybercrime strategy will take time to become effective. “Both the strategy and the organizations are new, and will require strong implementation and dynamic adjustment, since [technology] is evolving rapidly.”

Modern solutions

Training can help address these issues. For Security Innovation, changing some preconceived cultural notions in Japan would help tackle cybersecurity problems. “The premise of almost every Japanese national is that all people in Japan are good. Hence, there is no need for security,” Adams says.

Robinson adds that the changes brought about by the Internet require changing the cybersecurity culture of the country.

“There are no ‘borders,’ so the concept of protecting yourself via isolation and strict border and immigration laws doesn’t really apply anymore. Japan is less likely to be attacked with planes and guns than with cybersecurity volleys,” she says. Technological advances over the past few years also mean that businesses and other organizations today have more options for protecting themselves than ever before. Darktrace, for example, does not protect companies in a conventional manner.

“As the world becomes more connected, the potential for data and network breach is causing companies to realize that they have maybe already been hacked,” Kirch says. “For instance, when Japan Airlines was hacked, the hacker had been traveling around the company’s network for about a month before the attack was discovered.”

To solve this problem, Darktrace uses a method it calls “Enterprise Immune System.” Instead of looking for known issues, its system learns the routines of devices, users, and networks, while looking out for anomalies.

“We use advanced filtering, categorization, and mathematics to connect the dots and take different types of activity that may be a small trace of possible wrong behavior and look for other incidents. Then you can make a judgment call on whether there is a trendline, and if this is a growing threat. If it is, you can identify the device in question, which may have malware, or the perpetrator.”

For years, a game of cat and mouse has been playing out between hackers and cybersecurity companies. New technologies, however, are giving organizations an increasing amount of firepower to tackle threats. Kirch believes this may be a tipping point in favor of businesses. “A lot of people have the mindset...‘I’ve been lucky so far, so I am probably going to be lucky next year, too.’ I think it is time for organizations to be able to find a way to analyze what’s going on...to understand the normal behavior of every network, device, and person.”

Blair says that, however, will take time. “I believe that over time companies will learn what measures they must take to manage the risk of cybercrime, and that cooperation among cybersecurity companies, law enforcement organizations, and the companies victimized by cyberattacks will increase. When these two positive trends reach a critical point, cybercrime can be first contained, and then reduced. However I believe we are at least a decade from that point.”

Custom Media publishes The Journal for the American Chamber of Commerce in Japan.

© Japan Today

©2019 GPlusMedia Inc.


12 Comments
Login to comment

Maybe my local city hall will upgrade from Windows 98 now?

6 ( +7 / -1 )

This is a huge issue for Japan. Cyber warfare is the new warfare. Get with the times.

2 ( +4 / -2 )

Well, college is a joke here, so don't expect a big enrollment in cyber security as a major. It would get in the way of club activities and drinking.

-4 ( +0 / -4 )

Now?

0 ( +0 / -0 )

Great news, so which pols family security firm will be hired? Abe's brother in law is on the board of SECOM. I can see them getting a very expensive contract soon.

7 ( +7 / -0 )

For a profile of the cybercriminal attacking mainland Japan, follow the link :

https://www.youtube.com/watch?v=hDXGrx84cCo

0 ( +0 / -0 )

Didn't know there was a joke section on JT... Japan hasn't invested in this area enough

2 ( +2 / -0 )

ActiveX and Internet Explorer 4 come to mind

1 ( +1 / -0 )

"Part of the problem is that the sheer volume of attacks today is overwhelming for the unprepared."

Well, then, I would say that the problem is the 'unprepared' part. As horrible as the hackers are, there is good reason why Japan is such an easy target, and loses information ALL THE TIME. The loss of pension information is not only the fault of the hacker, but of the employee, and the system itself. Stop using outdated Windows OS, for starters.

-1 ( +1 / -2 )

Japan’s pension system was hit by a virus that had been opened by an employee in May.

Well, if you will use Windows . . .

0 ( +0 / -0 )

Japan gets serious about cybersecurity

Good to hear. So when is Japan going to get serious about: workplace equality, falling birthrate, Fukushima cleanup, improving relations with neighboring countries, aging population, national debt, bullying in schools, work-life balance, corruption, etc?

0 ( +0 / -0 )

AsianGajin,

Whoa, slow down turbo, after this cyber attack stuff, we gotta open up another budget for "no bicycle light" patrols. Eat the veggies before the beef.

0 ( +0 / -0 )

Login to leave a comment

Facebook users

Use your Facebook account to login or register with JapanToday. By doing so, you will also receive an email inviting you to receive our news alerts.

Facebook Connect

Login with your JapanToday account

User registration

Articles, Offers & Useful Resources

A mix of what's trending on our other sites