Cybersecurity, commonly defined as collective defense against any form of malicious attack exploiting network computer vulnerabilities, is recognized as a buzz word in our society today. The term emerges from a complex system of digital communication infrastructure, which accelerates the innovation of internet communication technology for effective transaction and distribution on one hand, and induces the incident of cyberattacks that will result in personal information leakages, data manipulations, denial of services and so on..
In overseas, cyberattacks are seen elsewhere and the attackers choose indiscriminately their targets regardless of national government, private institutions, public service, or infrastructure facilities. Such representatives of recent cyberattacks can be exemplified as STUXNET (a secret hacking spyware invented by US and Israel military intelligence in an attempt to destroy uranium reactors suspected of preserving nuclear weapons in 2010), Ukraine cyber attacks on an electric power grid, and Russian intervention into 2016 US national election (unanimous hackers working closely with a Russian internet company hacked into the DNC e-mail server and disclosed John Podesta’s(Clinton’s then campaign strategist) private e-mails dumped into the WikiLeaks).
What becomes clear in recent trend is an increasing deceptiveness and preciseness of cyberattack in general. WannaCry, a refined ransomeware that stunned the world in May 2017, is believed to be a common product that became widely available to those involving in engineering the exploits that were re-designed from previous malware and spyware programs. A notorious illegal trading website such as Dark Webs have also provided a key distribution channel to these online dealers across the border. Subsequently, it opened the floodgate for a threat of ransomeware attack spreading across the border and business fields. WannaCry outbreak was followed by its successors, Petya and NotPetya, respectively. They continued to strike the fear into the heart of private corporations and national governments.
Japan took its first major step to establish national cybersecurity policy, led by a data breach incident occurred at the website of Public Pension Service in June 2013. Since the Basic Cybersecurity Law was passed in November 2014, the national government worked energetically with foreign countries to provide effective analysis and monitoring mechanism of cyberthreats and hands-on training to public and private sectors. Fortunately or not, people in Japan have not seen any remarkable incident that would cause a catastrophic injury to national infrastructure or corporate interest (such as attacks on electric power grid, water resource facility, or a giant supermarket chain) so far. However, witnessing its far-flung effect into domestic soil (news of a teenage boy arrested for using the software to steal money), the nation found that the Wanna Cry pandemonium was compelling enough to take its risk seriously and urged for continuous investment in security policy at both government and civilian level. Still, Japan’s security policy faced numerous challenges: 1) consolidating discrete governing bodies of cybersecurity for effective policy-making decision; 2) developing educational programs across the academic and tertiary institutions; 3) budget constraint; and 4) need for experienced professionals, specialists, and administrators who can discern the practice of cybersecurity from crisis communication perspective. Particularly, a thorny issue is that practice of security personnel training is highly constrained into domestic industrial structure. It would come as no surprise to see training methodology and prospect for career-path as a hot topic.
In spite of such complex culture of challenges, Japan is receiving a strong request from ASEANS reading intellectual capacity and expertise. Cybersecurity is an interdisciplinary field that consists of legal and political frameworks and solid input from the practice of information analysis and network infrastructure. Our research focuses on the ongoing security trend in business enterprises and policy practice at national/international level. Particularly, we are thinking of addressing the issues focusing on IoT and information sharing system, by collaborating with business leaders and policy makers from domestic and overseas, as well as working closely with academia and industrial clique. As our ultimate goal, we are seeking an initiative for sound advice to policy makers on security professional training and related policy practice, and propose open campus lectures at university campus as well.