Cybersecurity Strategy in Japan - Roles of NISC and Basic Act Overview

Slide Note
Embed
Share

The National Center of Incident Readiness and Strategy for Cybersecurity (NISC) plays a crucial role in Japan's cybersecurity landscape, integrating policies and handling cyber attacks 24/7. The Basic Act on Cybersecurity, enforced since January 2015, establishes a clear legislative framework and organizational structure to enhance cybersecurity measures in the country. The principles of Japan's cybersecurity strategy focus on the free flow of information, rule of law, openness, and peace in the international community, aiming to strengthen national security and socio-economic vitality.


Uploaded on Oct 09, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Cybersecurity Strategy in Japan May 2016 Yasu TANIWAKI Deputy Director-General National center of Incident readiness and Strategy for Cybersecurity (NISC) Cabinet Secretariat, Government of JAPAN

  2. The Roles of NISC The Leading Organization of Government of Japan for Cybersecurity Issues Integrating and advancing cybersecurity policies crossing over governmental bodies Monitoring, analyzing, and handling cyber attacks to governmental bodies on 24/7 basis as a governmental CSIRT 1

  3. The Basic Act on Cybersecurity [Enforced from 9thJanuary 2015] After the Act Before the Act Cabinet of Japan Cabinet of Japan Institutional Framework Cybersecurity Strategic Headquarters IT Strategic Headquarters IT Strategic Headquarters (Director-General Prime Minister) NSC NSC Clear legislative backgrounds (Chair Prime Minister) Cooperation Cooperation (Director-General Chief Cabinet Secretary) Established by the Act Decision by Director- General of IT strategic HQs Information Security Policy Council NISC Established by a Cabinet Order NISC National center of Incident readiness and Strategy for Cybersecurity Decision by Prime Minister National Information Security Center Authority with concrete grounds based on the Act Cybersecurity audit: 3rdParty audit by NISC Management audit Penetration test Incident analysis: NISC has authority to conduct cause investigation in serious incidents Mandatory reports from other governmental bodies Send formal recommendation to other governmental bodies Based on agreements with other governmental bodies Cybersecurity audit: self audit Incident analysis: NISC provides supports to other governmental bodies on request basis GovernmentalBbodies Strengthened authority Authority to New Cybersecurity Strategy based on the Act [September 2015] After accepting opinions from NSC and IT Strategic HQs, the strategy was adopted as a Cabinet Decision, and reported to the National Parliament Raised status Strategy Cybersecurity Strategy [June 2013] Adopted by the Information Security Policy Council 2 2

  4. Cybersecurity Strategy - Principles - Cybersecurity Strategy Free Flow of Information Understanding on Cyberspace Objective Rule of Law Principles Policy Measures Openness Peace and Stability of International Community and Japan s National Security Improvement of Socio-Economic Vitality and Sustainable Development Building a Safe and Secure Society for the People Autonomy Advancement of R&D Development of cybersecurity human resources Collaboration among Multi- Stakeholders Organizational Framework 3

  5. Cybersecurity Strategy - Promoting Industry by Ensuring Cybersecurity - Creation of Secure IoT Systems A guideline for a framework of security standards of IoT systems [Preparing for a Request For Proposal] An IoT security guideline [To be published soon] Cybersecurity Strategy Understanding on Cyberspace Objective Encouraging enterprises to report their cybersecurity efforts to the market To consider the way to create a social environment where business leaders would positively tackle with cybersecurity issues as their strategic business challenges [by summer 2016] Supporting information sharing between the private and the public sectors, and within the private sector Principles Policy Measures Peace and Stability of International Community and Japan s National Security Improvement of Socio-Economic Vitality and Sustainable Development Building a Safe and Secure Society for the People Advancement of R&D Development of cybersecurity human resources Organizational Framework 4

  6. Analytical Framework on IoT Security (draft) - System of Systems (SoS) Service Platform Network Devices IoT system IoT system IoT system IoT system 5

  7. Cybersecurity Strategy - Enhancing Cybersecurity Capability - Advancing information sharing on software vulnerabilities Conducting constant review on the scope of CIIP and enhancing information sharing on CII The Basic Policy of CIIP 3rdEd. [May 2014] Adopting the Roadmap for CIIP Policy Update [March 2016], which aims to enhance CII s cyber protection Based on the roadmap, NISC started to review & renew measures, such as public-private information sharing scheme and implementation [To be finished by March 2017] Improving cybersecurity measures for governmental bodies The Common Standards for the Governmental Bodies [May 2014] To revise the Common Standards [by summer 2016] Extending NISC s scope of network monitoring by amending the Basic Act on Cybersecurity [April 2016] Cybersecurity Strategy Understanding on Cyberspace Objective Principles Policy Measures Peace and Stability of International Community and Japan s National Security Improvement of Socio-Economic Vitality and Sustainable Development Building a Safe and Secure Society for the People Advancement of R&D Development of cybersecurity human resources Organizational Framework 6

  8. Cybersecurity Strategy - Improving International Cooperation - Advancing discussion on cybersecurity in bilateral cyber dialogues and multilateral frameworks Contributing to the efforts to develop international rules and norms in cyberspace at various fora including UN Cyber GGE National Security Strategy [December 2013] G7 Summit 2016 in Ise-Shima [May 2016] Cybersecurity Strategy Understanding on Cyberspace Objective Principles Policy Measures Peace and Stability of International Community and Japan s National Security Improvement of Socio-Economic Vitality and Sustainable Development Building a Safe and Secure Society for the People Advancement of R&D Active contribution to the cybersecurity capacity building in developing countries Development of cybersecurity human resources Organizational Framework 7

  9. Cybersecurity Strategy R&D, Human Resource Development - R&D of IoT security for critical infrastructure in the framework of SIP (Cross-Ministerial Strategic Innovation Promotion Program) Promotion of human resources development by partnership between the public and the private sectors Adopting the Comprehensive Policy for Enhancing Cybersecurity Human Resources Development [March 2016] Establishing a new national cybersecurity professional certification by a legislative amendment [April 2016] Building a national cyber range as a NICT s facility by a legislative amendment [April 2016] Building up institutional framework towards the Tokyo 2020 Cybersecurity Strategy Understanding on Cyberspace Objective Principles Policy Measures Peace and Stability of International Community and Japan s National Security Improvement of Socio-Economic Vitality and Sustainable Development Building a Safe and Secure Society for the People Advancement of R&D Development of cybersecurity human resources Organizational Framework 8

  10. Governmental Organization for the Security of Tokyo 2020 The HQs for Tokyo 2020 Olympic and Paralympic Games Chair: Prime Minister Works as the TOGC (Tokyo Olympic Games Council) requested as a mandatory by IOC The Vice Ministers Meeting for Tokyo 2020 Chair: Deputy Chief Cabinet Secretary Security Board Chair: Deputy Chief Cabinet Secretary for Crisis Management Members: All relevant ministries and organizations. The Tokyo metropolitan government and Tokyo Organizing Committee of the Olympic and Paralympic Games are attending as observers Dealing with security issues regarding Tokyo 2020 Counter Terrorism WT Cybersecurity WT Chair: NISC Dealing with cybersecurity issues with all relevant ministries 9

  11. Issues to be dealt with toward Tokyo 2020 Risk Management TOCOG s CSIRT CIRT2020 Responsibility for cybersecurity of games (e.g. stadiums, etc.) Government CSIRT for the Tokyo 2020 To establish an info-sharing and coordinated counter cyber attack framework among government agencies, CII operators, and other related organizations under the leadership of NISC The CSIRT will start its operation for the Rugby World Cup as a first step (summer 2019) To identify critical service operators whose services affect Tokyo 2020 operation To establish cybersecurity risk assessment methods To implement cybersecurity risk assessment procedure based on the methods (should be conducted multiple times) cooperation Cyber Exercise and Training International Partners Conduct cyber exercises and trainings multiple times among above related organizations, cooperating with TOCOG Bilateral int l info- sharing frameworks via cyber dialogues, etc. Multilateral int l info- sharing frameworks such as IWWN To advance efforts in unity Enhanced Critical Information Infrastructure Protection Consider and implement protection improvement measures based on the Roadmap for CIIP Policy Update [March, 2016] Determine concrete measures for enhancement of cyber protection by March, 2017 Human Resources Development Increase and develop cybersecurity workforces especially by increasing cybersecurity education courses, building infrastructure for cyber exercise and training, and revealing individual s cybersecurity skill by a certification scheme etc., based on the Comprehensive Policy for Enhancing Cybersecurity Human Resources Development [March 2016] Research & Development R&D topics: Information sharing platform technologies among CII operators and capacity building for cybersecurity operation in CII field [Budgeted by the Cross- ministerial Strategic Innovation Promotion Program SIP for FY2015 to FY2019] 10

Related


More Related Content