Japan is poised to take exciting steps towards improving cybersecurity in 2016. A confluence of events in 2015 catalyzed important actions from the Government of Japan action. A key wakeup call was the May Japan Pension Service Hack, which brought home the realization that as personal information is increasingly stored online, it also needs to be better protected. Additionally, as Japan readies itself to host the 2016 G7 Summit and the 2020 Olympics and Paralympics – these global events will allow the country to demonstrate its technology prowess and its commitment to cybersecurity.
In preparation for these events, the government is taking important steps to secure and increase the resilience of the Japanese online ecosystem. In September 2015, the Japanese Cabinet approved the second Japanese Cybersecurity Strategy, which outlines the country’s approach to cybersecurity for the next three years. The Strategy is worth highlighting given its unique focus on the Internet of Things. Unlike other similar documents around the world, the Japanese government recognizes the opportunities of this budding technology, as well as the inherent security risks, and sets the country on the path towards leadership in this space – finding solutions that are scalable and globally harmonized. The recognition of the value and importance of innovation and partnership with the private sector, not just for the economy, but for increasing security, represents another important aspect of the document.
The Strategy is also important as it puts forward a desire of the Japanese government to play a greater role in international cybersecurity efforts, a step that can only be welcomed. Japan already engages in capacity building, in particular in the Asia-Pacific region and has also developed a number of bilateral relationships in this space. However, with its technology capability, established trusted relations with key governmental players, and its unique perspective, a strengthened commitment to capacity building and developing cybersecurity norms will be noted and beneficial.
This was clear at the Cyber3 Conference, which was hosted by the Japanese government in partnership with the World Economic Forum last November. The two-day conference looked at opportunities to address challenges across three different topics areas: cybercrime, cybersecurity and cyber-connection and attracted stakeholders from Japan and across the world. Microsoft was delighted to have been invited as a participant and led the policy section of the cybercrime track. Four key calls to action emerged: 1) there is a clear need for building coordinated public-private partnerships and information sharing to manage cyber-risk; 2) as technology adopts, so must our security responses; 3) similarly, policy and legal frameworks need to keep pace with innovation; and finally 4) international frameworks, in particular the mutual legal assistance treaty processes, need to be revisited for us to be able to successfully fight cybercrime. You can find the detailed overview of the discussion here.
The government has however not left it at that. We expect that the National Center of Incident Readiness and Strategy for Cybersecurity (NISC), the agency responsible for developing the national cybersecurity policy and ensuing the security of the different public sector organizations, to put forward a number of proposals in the coming months – spanning cloud security, vulnerability reporting, as well as the revision of the Basic Cybersecurity Act, even though it is barely a year old. These are all critical issues to a country poised to take the lead in an area important to the global economy and Microsoft remains a committed partner to ensuring the government’s success in this space.