Japan Echo Web

Information Security Measures under Pressure of Revision

Growing disparity

Since the earthquake disaster, there has been a rapid increase in cyber attacks targeting Japanese corporations and public offices. It is not only a matter of targeting defense technologies, but also information about the sophisticated technologies that are the pride of Japan, as well as information about the affairs of state. If this information is continues to be leaked, Japan will lose its international competitive strength. Specifically Currently, the issues around information security in Japan involve the Ministry of Defense, the Ministry of Foreign Affairs, the Ministry of Economy, Trade and Industry, the Ministry of Internal Affairs and Communications, the National Police Agency and many other ministries and government offices. As a result of insufficient collaboration between these organizations, committees and investigative commissions are organized at each ministry and government office, resulting in a situation where the same discussions are repeated. The issues differ for each ministry and government office, and while we do not believe that the issues could be resolved if there were a single organization, such as a Ministry of Information Security, we do believe that for the state, it is a matter of some urgency to construct an approach for taking prompt and efficient countermeasures.

When we consider the scale of expenditure necessary for the recovery from the earthquake disaster, it is difficult to bring up any increase in the budget for information security, but we will presume to mention it. According to data from the Information Security Policy Council at the National Information Security Center, the budget for research and development of information security in Japan was 4.86 billion yen in fiscal 2010, which is a decrease of 47% over a period of five years. Meanwhile, the budget for fiscal 2010 in the United States was 36.6 billion yen, which is an increase of 91% over a period of five years. Other major countries show similar tendency to United States. It may be that simply comparing amounts of money is of no significance, but the impact of this disparity is already starting to show.

In the United States, industry, government and academia as a whole collect information on cyber attacks, and continue to analyze and develop systems for countermeasures. As for cyber attacks occurring at major heavy industry, the United States has been aware of the seriousness of the issue since 2008, and has steadily worked on getting ready for it. The results are starting to show with the United States announcing a succession of new systems for responding to these types of cyber attacks in this year when they have become an international threat.

There have been a succession of cyber attacks targeting only Japan, and in one train of thought it would be good to provide this information to research institutions worldwide, sharing the necessary expenditure, and getting them to think about provide us with countermeasures. However, if the cyber attacks are sophisticated, purchasing response defense systems alone will have no effect, as sophisticated knowledge is necessary to handle these systems. Moreover, in case of an extremely sophisticated attack, the collected information is obviously only shared with domestic research institutes, and not with other countries, in order to protect the national interests of Japan the country.

Perhaps it is inappropriate to say this, but at a time when the attackers are circling Japan like looters at the scene of a fire, we must gradually change our attitudes to whether countermeasures that in large part depend on other countries are acceptable, and whether this is sufficient to protect the intellectual property of Japan from cyber attacks.