Outreach Activity

Outreach Activity

Joint Advisory

Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society

Mitigating Cyber Threats

The NISC jointly sealed international guidance for “Mitigating Cyberthreats with Limited Resources: Guidance for Civil Society” which is led by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). In addition to U.S. and Japan, Canada, Estonia, Finland, and the United Kingdom co-sealed this guidance.This guidance lists, and it recommends risk mitigations for organizations and individuals related to Civil Society and asks software manufacturers actively implement the Secure by Design Pledge.For details, please refer to the press release below



Engaging with Artificial Intelligence


NISC co-sealed a joint publication "Engaging with Artificial Intelligence" led by the Australian Signals Directorate's (ASD's) Australian Cyber Security Centre (ACSC).
This paper helps explain to organizations how to use AI systems securely, summarizes the key threats related to AI systems and suggesting how best to assist AI system users and mitigate these issues.


Guidelines for secure AI system development

The Council for Science, Technology and Innovation (CSTI) and NISC co-sealed the “Guidelines for secure AI system development” developed by the UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA) and 18 international partners.
The guideline helps all stakeholders (including data scientists, developers, managers, decision-makers and risk owners) make informed decisions about how their AI systems should be designed, developed, deployed and operated.


Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security by Design and Default


NISC co-sealed a secure-by-design product compiled by the US Cybersecurity and Infrastructure Security Agency(CISA) and 17 international partners, "Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software".
This guidance includes the following three principles, namely: Take Ownership of Customer Security Outcomes, Embrace Radical Transparency and Accountability, and Lead From the Top.
This joint guidance gives software manufacturers all the tools they need to demonstrate their commitment to secure by design as well as letting customers evaluate their progress, thus creating a demand signal for secure by design.
This guidance implements the Security by Design concept described in the Cyber Security Strategy of the Japanese government. Following the decision and verdict of the cybersecurity strategic headquarters that this guidance would help enhance Japan’s cybersecurity, NISC joined the co-sealers.


Cooperation with ASEAN countries

2023 Joint Awareness Raising Activity

As a part of the ASEAN-Japan Cybersecurity Policy Meeting, ASEAN countries and Japanese students were invited to submit an awareness-raising video on cybersecurity.
The videos were submitted to help educate the general public and convey a message to boost awareness of a specific aspect of cybersecurity.

Typosquatting (Brunei)

Never use the same password (Cambodia)

Safeguarding kids online (Indonesia)

Journey into Cybersecurity (Japan)

Think before clicking. Life will be safe.(Lao PDR)

Beware of Phishing Scam (Malaysia)

Data Dilemma (Myanmar)

Influencer (Philippines)

Child Bright Safety Life (Thailand)

4Be Safety Online Tip for Children (Vietnam)


ASEAN-Japan Performance Report on Cybersecurity Cooperation

ASEAN-Japan Cybersecurity Past and Future

The year 2023 marks the 50th commemorative year (half-centenary) of ASEAN-Japan relations.
The NISC and the cybersecurity agencies of ASEAN member states have participated in the “ASEAN-JAPAN Cybersecurity Policy Meeting” and WG activities since 2009. To further enhance cybersecurity cooperation and build even more capacity in the ASEAN-Japan region, we have summarized the activities and the results in an E-booklet.

Performance Report on Cybersecurity Cooperation






Cross-sectoral Exercise

NISC implements a Cross-sectoral Exercise every fiscal year as part of efforts to ensure critical infrastructure services can be provided on an ongoing basis, however adverse the circumstances.
The exercise is conducted in cooperation between NISC and the ministries responsible for critical infrastructure protection (CIP).


  • Verify and improve incident response capabilities across entire organizations
  • Contribute to other activities in the Cybersecurity Policy for Critical Infrastructure Protection

2.Overview (FY2023)

  • Tabletop exercise (participating either at the meeting site or online from the workplace or home)
  • Theme: management involvement and supply-chain measures against ransomware attacks
    • Assuming that a critical infrastructure operator suffers a ransomware attack that results in its own systems breaking down, several days may be needed to determine the cause and recover, which will impact on its supply chain.
    • Assuming that the incident response involves management decisions like "deciding on the level of critical infrastructure service provision" and "public relations to stakeholders," and practicing cybersecurity as a part of organizational governance.
  • Communication among critical infrastructure operators
    • Engaging in a roundtable discussion in which critical infrastructure operators exchange opinions with experts at the assembly site prior to the exercise.

3.Participants (FY2023)

  • Around 6,100 people from 780 organizations
    • Critical infrastructure operators (14 sectors)
    • Ministries responsible for (FSA, MIC, MHLW, METI, MLIT)
    • Crisis management ministries (NPA, MOD)
    • Cybersecurity-related agencies (IPA, JPCERT/CC)
Meeting site of the Cross-sectoral Exercise (FY2023)

Meeting site of the Cross-sectoral Exercise (FY2023)


PR Video: