Cybersecurity for all, cybersecurity by all

With greater digitalisation of public, private and non-profit sectors, global cybersecurity threats—for governments, businesses and societies—have never been greater.

The Global Risks Report 2022 published by the World Economic Forum (WEF) noted that 2020 saw a 358% increase in malware and a 435% increase in ransomware globally. Meanwhile, respondents to the WEF’s Global Risks Perception Survey ranked “cybersecurity failure” as among the top-10 risks that have worsened most since the outbreak of the COVID-19 pandemic.

The number of cyberattacks globally reached an all-time high in the fourth quarter of 2022, and UK-based organisations experienced an average of 788 weekly cyberattacks in 2022, up 77% year-on-year, said a study by US-based company Check Point Software Technologies. Japan, meanwhile, saw about 7,800 cases of unauthorized access in the first half of 2022, double the number for all of 2019, according to the National Police Agency.

In light of these trends, the British Chamber of Commerce in Japan (BCCJ) held the event “Cybersecurity for all, cybersecurity by all,” which offered views from the Japanese government and industry on how cybersecurity is being tackled in Japan.

Isamu Yamaguchi, counsellor of the International Strategy Group at the National Center of Incident Readiness and Strategy for Cybersecurity (NISC), provided perspectives from NISC, which works as the national coordinator and baseline setter of cybersecurity and as a national computer emergency response team.

Akihiro Wada, chair of the working group on cybersecurity enhancement from the cybersecurity committee at Keidanren (Japan Business Federation), offered insights on Keidanren’s approach to cybersecurity.

Discussion was led by Ken Katayama, project general manager of digital policy at Toyota Motor Corporation and a member of the BCCJ Executive Committee.

UK–Japan cooperation

Susan Oliver, counsellor for defence, security, cyber, space and civil aerospace exports at the British Embassy Tokyo, opened the event by outlining the UK government’s commitment to cybersecurity and efforts to work with Japan, “a key partner” on cybersecurity.

Ranking fourth on the US-based Belfer Center for Science and International Affairs’ National Cyber Power Index 2022, the UK recognises the need for good culture, hygiene and effective public-private partnerships in the field of cybersecurity, she said. In 2022, the UK government’s active cyber defence system took down 2.3 million malicious campaigns while UK-based cybersecurity businesses generated revenue of ¥1.73 trillion and created tens of thousands of skilled cybersecurity jobs, she added.

In December 2022, the British government published its new National Cyber Strategy, designed to “ensure that the UK remains confident, capable and resilient in this fast-moving digital world, and that we continue to adapt, innovate and invest in order to protect and promote our interests in cyberspace,” noted a 2022 British government policy paper.

Oliver said the UK–Japan security relationship “has evolved into the strongest it has been in decades,” pointing to Prime Minister Rishi Sunak’s meeting with Prime Minister Fumio Kishida at the G7 summit in Hiroshima in May to sign the “historic” Hiroshima Accord, an enhanced bilateral global strategic partnership covering defence, trade and investment, science and technology collaboration and joint work on tackling global issues like climate change.

The NISC’s Yamaguchi added that the two countries would also establish a bilateral partnership designed to bolster public-private partnerships, promote shared international interests and increase cyber capabilities.

“We will strengthen the Japan–UK bilateral consultations on cyber issues to advance the full spectrum of cyber cooperation and further reinforce collaboration on promoting the rule of law in cyberspace, responding to emerging threats and enhancing capacity-building efforts,” he said.

Cybersecurity as a management issue

Wada introduced Keidanren’s three-fold approach to cybersecurity, namely “cross-industry cooperation (overlooking the entire supply chain), public-private partnerships (ensuring national security) and international cooperation (strengthening ties with like-minded countries).”

In October 2022, Keidanren revised its Declaration on Cyber Security Management to urge its 1,500 member companies and organisations to enhance cybersecurity. The declaration has five pillars:

• Recognise cybersecurity as a management issue
• Develop management policies and declare intentions
• Build internal and external systems and implement security measures
• Contribute to widespread use of cybersafe products, systems and services
• Contribute to building safe and secure ecosystems

Keidanren is also striving to deliver key messages. In November 2022, at the federation’s top management seminar, Dr Nobuhiro Endo, chair of Keidanren’s cybersecurity committee, said “effective cybersecurity measures are now a key management priority for all companies. Enhancing cybersecurity throughout the entire supply chain is a critical management issue.” And, in February 2023, at Munich Cyber Security Conference, Wada delivered Keidanren’s message: “cybersecurity for all, cybersecurity by all” means “every stakeholder proactively works with a sense of crisis to enhance cybersecurity as a whole.”

Cybersecurity and national security

Japan’s new National Security Strategy, published in December 2022, notes the recent growth in cyberattacks and the importance of protecting the country from cyber threats.

The strategy aims to strengthen response capabilities in the field of cybersecurity to “equal to or surpassing the level of leading Western countries,” said NISC’s Yamaguchi. While continuing to “enhance defence throughout the lifecycle of information systems of government agencies,” Japan will “introduce active cyber defence for eliminating in advance the possibility of serious cyberattacks that may cause national security concerns,” he added.

The Japanese government also aims to advance efforts on information-sharing to the government in the case of cyberattacks among the private sector including critical infrastructures, and to coordinate and support incident response activities for the private sector.

“In order to realize and promote these efforts, including active cyber defence,” the NISC will be restructured to establish a new organisation that will “comprehensively coordinate policies in the field of cybersecurity in a centralised manner,” said Yamaguchi.

“As heightened geopolitical tensions extend into cyberspace, cybersecurity is becoming a crucial domain for national security,” agreed Keidanren’s Wada.