5 Reasons Why Japan Fell Behind in Cybersecurity
December 14, 2017
And how they are catching up fast
While Japan is famous for its world-class public safety, security experts are concerned about the decade's sized gap in Japan's cybersecurity strategy. There are a number of cultural, governmental, and organizational factors that have contributed to Japan's current cyber deficit. The proper motivation to fix this situation has come from growing numbers of domestic and international cyber threats, and the need to prepare the country for the Tokyo Olympics. As Japan's government and major corporations bring the country's digital infrastructure up to international standards, it will serve as a guide to other nations looking to improve their cybersecurity strength and create greater cooperation between law enforcement agencies, private corporations, and IT professionals.
HOW DID JAPAN FALL SO FAR BEHIND?
#1. The Japanese cultural preference to avoid risk ironically reduced its ability to keep pace with the rapid advancements in cybersecurity. There have been few leaders who have been willing to risk their careers to shake corporations and ministries out of their complacency. There is hope that vocal advocates like Kimiya Kimura, a former Chief of the National Police Agency's Cybercrime Division, can lead the dialogue of the national importance of cybersecurity.
#2. Preventing public embarrassment is supreme in Japanese culture, and employees will go a long way to avoid it. When breached by hackers, mid-level professionals are more likely to cover up any mistakes to prevent shame from coming to themselves or their company.
#3. The administrative structure in Japan encourages people not to act due to extreme competition as well as personal and political motivations. This issue is so well known in Japan that a recent movie, ‘Shin Godzilla' was focused not on the giant monster smashing buildings, but with how civil servants are more concerned with protecting their careers and following established protocols than taking the necessary actions.
#4. The governmental assignment process sets officials up for failure.
Due to the limits of a two-year appointment system, policymakers find themselves with a lack of training, experience and the time to pursue an effective long-term cyber policy. For example, someone coming from a position in agriculture can suddenly find themselves in charge of leading cybersecurity. Starting from starch every two years is damaging to the momentum of reforms and to international cooperation.
#5. Many Japanese businesses are not prepared to deal with cyber threats because of a lack of knowledge and leadership at the executive officer level. Japanese executives still look at cybersecurity as another business cost, instead of an integral part of their business operations. Unlike in other advanced economies, critical roles like Chief Information Security Officer (CISO) are not part of most Japanese companies. The overall lack of in-house security expertise from the top-down is very concerning to cybersecurity experts.
HOW IS JAPAN CATCHING UP?
To reduce the decade's sized gap in its cyber strategy, the Japanese government is currently working on a number of policy changes and training initiatives to quickly improve Japan's cyber rating. Their change in thinking has been largely motivated by growing dangers from domestic organized crime and international state actors like North Korea. For a global audience, it is difficult to gain a full understanding of the recent developments because most information about these projects is available exclusively in Japanese. However, listed below are a summary of the programs that will help Japan catch up.
#1. NEW CYBERSECURITY LEGISLATION IS ON THE WAY.
Japan is working on a new cybersecurity law by 2020 that will help the government counter cyber-attacks in 13 areas of critical infrastructure and take a tougher stance against hacking.
#2. NEW FOCUS ON THE DEVELOPMENT OF CYBERSECURITY PROFESSIONALS.
All the policies in the world won't help Japan advance without the skilled cybersecurity professionals to make it all work. Currently, there are an estimated 132,060 IT professional opportunities unfilled, with another 60,000 more positions to be added by 2020. To fix this labor deficit, Japan's government and businesses have been fast at work to develop these human resources domestically.
- A. The Ministry of Economy, Trade and Industry (METI) and the Ministry of Internal Affairs and Communications (MIC) launched separate cybersecurity training centers in 2017 to develop C-level executives with advanced knowledge of cyber issues. The centers provide critical training, creates an opportunity for IT professionals from different sectors to connect, and eliminates some of the cultural barriers and corporate mistrust that has stunted Japan's cyber policy efforts.
- B. To enhance security of the Internet of things (IoT) and prepare for the Tokyo Olympics, the MIC launched the IoT Cybersecurity Action Program in January of 2017. The program will accelerate the national effort to build a skilled cyber workforce by hosting cyber exercises and establishing a training center.
- C. The National Cyber Training Center trains young professionals and hosts a number of cyber exercises to analyze the preparedness of municipal governments and infrastructure personnel across Japan. Two large exercises include the "Cyber Defense Exercise with Recurrence" (CYDER) and the "Cyber Colosseo" for the Tokyo Organizing Committee of the Olympic and Paralympic Games.
- D. New partnerships between the government and technology leaders in the private sector are helping Japan to rapidly augment its digital security capabilities. For example, NEC and other cyber security companies in Japan have collaborated to form the "Cybersecurity Factory" which constantly analyzes cyber-attack information.
To help close the gap on their cyber policy the Japanese government could also:
- Lengthen two-year administration appointments to limit the damage that these frequent turnovers have on cyber policy.
- Create a more welcoming environment could make foreign cyber professionals more willing to relocate to Japan, bringing their expertise and fresh perspective to an industry in desperate need of instant talent.
- Place a greater focus on computer science in Japanese public schools to help inspire the next generation of computer science experts.
Ultimately, many of the same cultural characteristics that helped Japan become one of the safest places in the world have slowed its development of cyber security. However, Japan's realization of its cybersecurity deficit is an important development for the health of global cyber readiness. Increases in cybercrime and the hosting of the 2020 Olympics should give Japan the motivation it needs to catch up and provide global leadership in cybersecurity. Japan is proving that partnerships between the government, large organizations, and technology companies can overcome decades of policy inaction and create an example for other countries to follow.