National center of Incident readiness and Strategy for Cybersecurity - Outreach Activity

Outreach Activity

Joint Advisory

Engaging with Artificial Intelligence

NISC co-sealed a joint publication "Engaging with Artificial Intelligence" led by the Australian Signals Directorate's (ASD's) Australian Cyber Security Centre (ACSC).
This paper helps explain to organizations how to use AI systems securely, summarizes the key threats related to AI systems and suggesting how best to assist AI system users and mitigate these issues.

Reference:

https://www.cyber.gov.au/resources-business-and-government/governance-and-user-education/governance/engaging-with-artificial-intelligence

Guidelines for secure AI system development

The Council for Science, Technology and Innovation (CSTI) and NISC co-sealed the “Guidelines for secure AI system development” developed by the UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA) and 18 international partners.
The guideline helps all stakeholders (including data scientists, developers, managers, decision-makers and risk owners) make informed decisions about how their AI systems should be designed, developed, deployed and operated.

Reference:

https://www.ncsc.gov.uk/collection/guidelines-secure-ai-system-development

Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security by Design and Default

Shifting_the_Balance_of_Cybersecurity_FBLKINTWR

NISC co-sealed a secure-by-design product compiled by the US Cybersecurity and Infrastructure Security Agency(CISA) and 17 international partners, "Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software".
This guidance includes the following three principles, namely: Take Ownership of Customer Security Outcomes, Embrace Radical Transparency and Accountability, and Lead From the Top.
This joint guidance gives software manufacturers all the tools they need to demonstrate their commitment to secure by design as well as letting customers evaluate their progress, thus creating a demand signal for secure by design.
This guidance implements the Security by Design concept described in the Cyber Security Strategy of the Japanese government. Following the decision and verdict of the cybersecurity strategic headquarters that this guidance would help enhance Japan’s cybersecurity, NISC joined the co-sealers.

Reference:

https://www.cisa.gov/resources-tools/resources/secure-by-design

Cooperation with ASEAN countries

2023 Joint Awareness Raising Activity

As a part of the ASEAN-Japan Cybersecurity Policy Meeting, ASEAN countries and Japanese students were invited to submit an awareness-raising video on cybersecurity.
The videos were submitted to help educate the general public and convey a message to boost awareness of a specific aspect of cybersecurity.

Typosquatting (Brunei)

Never use the same password (Cambodia)

Safeguarding kids online (Indonesia)

Journey into Cybersecurity (Japan)

Think before clicking. Life will be safe.(Lao PDR)

Beware of Phishing Scam (Malaysia)

Data Dilemma (Myanmar)

Influencer (Philippines)

Child Bright Safety Life (Thailand)

4Be Safety Online Tip for Children (Vietnam)

Reference:

https://www.nisc.go.jp/eng/pdf/16thAJCPM_en.pdf

ASEAN-Japan Performance Report on Cybersecurity Cooperation

ASEAN-Japan Cybersecurity Past and Future

The year 2023 marks the 50th commemorative year (half-centenary) of ASEAN-Japan relations.
The NISC and the cybersecurity agencies of ASEAN member states have participated in the “ASEAN-JAPAN Cybersecurity Policy Meeting” and WG activities since 2009. To further enhance cybersecurity cooperation and build even more capacity in the ASEAN-Japan region, we have summarized the activities and the results in an E-booklet.

Performance Report on Cybersecurity Cooperation

English

download

日本語

download

Reference:

Cross-sectoral Exercise

NISC implements a Cross-sectoral Exercise every fiscal year as part of efforts to ensure critical infrastructure services can be provided on an ongoing basis, however adverse the circumstances.
The exercise is conducted in cooperation between NISC and the ministries responsible for critical infrastructure protection (CIP).

1.Objectives

Verify and improve incident response capabilities across entire organizations
Contribute to other activities in the Cybersecurity Policy for Critical Infrastructure Protection

2.Overview (FY2023)

Tabletop exercise (participating either at the meeting site or online from the workplace or home)
Theme: management involvement and supply-chain measures against ransomware attacks
- Assuming that a critical infrastructure operator suffers a ransomware attack that results in its own systems breaking down, several days may be needed to determine the cause and recover, which will impact on its supply chain.
- Assuming that the incident response involves management decisions like "deciding on the level of critical infrastructure service provision" and "public relations to stakeholders," and practicing cybersecurity as a part of organizational governance.
Communication among critical infrastructure operators
- Engaging in a roundtable discussion in which critical infrastructure operators exchange opinions with experts at the assembly site prior to the exercise.

3.Participants (FY2023)

Around 6,100 people from 780 organizations
- Critical infrastructure operators (14 sectors)
- Ministries responsible for (FSA, MIC, MHLW, METI, MLIT)
- Crisis management ministries (NPA, MOD)
- Cybersecurity-related agencies (IPA, JPCERT/CC)

Meeting site of the Cross-sectoral Exercise (FY2023)

PR Video:

https://www.youtube.com/watch?v=_erfsguYCa8