Ja­pan its own en­emy in push to im­prove cy­ber­se­cu­rity

Kuwait Times - - TECHNOLOGY -

OK­I­NAWA: Apart from rogue hack­ers, crim­i­nal or­ga­ni­za­tions or even state-backed cy­ber­war­fare units, Ja­pan’s busi­nesses and gov­ern­ment agen­cies are fac­ing a unique cy­ber­se­cu­rity foe: them­selves.

Even with the fre­quency and sever­ity of cy­ber­at­tacks boom­ing world­wide, ef­forts by the world’s No. 3 eco­nomic power to im­prove its data se­cu­rity are be­ing hob­bled by a wide­spread cor­po­rate cul­ture that views se­cu­rity breaches as a loss of face, lead­ing to poor dis­clo­sure of in­ci­dents or in­for­ma­tion shar­ing at crit­i­cal mo­ments, Ja­panese ex­perts and gov­ern­ment of­fi­cials say. Im­prov­ing cy­ber­se­cu­rity prac­tices has emerged as a top na­tional pri­or­ity for Ja­pan, stung in re­cent years by em­bar­rass­ing leaks at Sony Pic­tures, the na­tional pen­sion fund and its big­gest de­fense con­trac­tor, Mit­subishi Heavy In­dus­tries, which pos­si­bly suf­fered the theft of sub­ma­rine and mis­sile de­signs.

Toshio Nawa, a top Ja­panese se­cu­rity con­sul­tant who is ad­vis­ing the Tokyo 2020 Olympics or­ga­niz­ers, said he en­coun­tered a telling in­stance this sum­mer when he was called to in­ves­ti­gate a breach at a ma­jor Ja­panese gov­ern­ment agency.

Nawa found that five dif­fer­ent cy­ber­se­cu­rity con­trac­tors em­ployed by the agency had dis­cov­ered the breach - but that not one re­ported or shared their find­ings. With ev­i­dence from the con­trac­tors pooled to­gether, Nawa matched the dig­i­tal fin­ger­prints to a Mex­i­can group that he be­lieves was re­spon­si­ble for a pre­vi­ous at­tack on Ja­panese diplo­matic servers. The breach was patched, but Nawa walked away flus­tered.

“In the US, if they find a prob­lem, they have to re­port,” he said. “The Ja­panese engi­neer feels he fails his duty if he es­ca­lates a re­port.

They feel ashamed.” To be sure, the cy­ber­se­cu­rity industry around the world, not just in Ja­pan, fre­quently echoes the call for greater trans­parency within and among or­ga­ni­za­tions.

The U.S. Sen­ate last month passed the Cy­ber­se­cu­rity In­for­ma­tion Shar­ing Act to ease data shar­ing be­tween pri­vate com­pa­nies and the gov­ern­ment for se­cu­rity pur­poses, al­though civil lib­er­ties ad­vo­cates warned it posed a threat to pri­vacy.

Lack of un­der­stand­ing of cy­ber­se­cu­rity But the prob­lem may be par­tic­u­larly acute for Ja­pan’s pri­vate sec­tor be­he­moths and gov­ern­ment min­istries - sprawl­ing bu­reau­cra­cies wrapped in a “neg­a­tive cul­ture that cuts against want­ing to com­mu­ni­cate quickly,” said Wil­liam H. Saito, the top cy­ber­se­cu­rity ad­viser to Prime Min­is­ter Shinzo Abe.

While rank-and-file work­ers fear re­ports of se­cu­rity lapses may get them pun­ished, the prob­lem re­flects a broad lack of un­der­stand­ing of cy­ber­se­cu­rity in the Ja­panese C-suite, Saito said in an in­ter­view on the side­lines of the Cy­ber3 con­fer­ence in Ok­i­nawa.

“This is Ja­panese cul­ture where in some sit­u­a­tions the up­per man­age­ment doesn’t know how to use email and IT in­te­gra­tion is voodoo magic,” said U.S.-born Saito, also an ex­ec­u­tive at Palo Alto Net­works, a se­cu­rity firm. “The re­al­ity is com­pa­nies either have been hacked or will be hacked. My mes­sage is, ‘It’s not your fault.’” In 2013, the lat­est year of avail­able data, the Ja­panese gov­ern­ment net­work faced an eight­fold in­crease in cy­ber­at­tacks from two years prior, with at­tacks spread­ing into civil in­fras­truc­ture, as well as the telecom­mu­ni­ca­tions and en­ergy sec­tors. Against that back­drop, the Abe ad­min­is­tra­tion has pin­pointed the 2020 Tokyo Olympics as a chance to up­grade Ja­pan’s na­tional se­cu­rity ca­pa­bil­i­ties while call­ing for a more hand­son gov­ern­ment role to nudge com­pa­nies to take cy­ber­se­cu­rity se­ri­ously. —AP

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.