Commitment to a Free,
Fair and Secure
Cyberspace.

What's new

  • Outcomes of the 17th ASEAN-Japan Cybersecurity Policy Meeting
    8 November 2024
  • 2024 Quad Cyber Challenge Joint Statement (October 21, 2024)
    23 October 2024
  • Japan's effort in 2024 Quad Cyber Challenge
    11 October 2024
  • NISC jointly sealed International Document "Principles of operational technology cyber security"
    2 October 2024
  • NISC jointly sealed International Guidance "Best practices for event logging and threat detection"
    22 August 2024
  • NISC jointly sealed International Advisory "APT40 Advisory PRC MSS tradecraft in action"
    9 July 2024
  • NISC jointly sealed International Guidance "Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society"
    15 May 2024
  • The Cybersecurity Policy for CIP is revised to designate Ports and Harbours as a critical infrastructure sector
    8 March 2024
  • NISC jointly sealed International Guidance "Guidelines for secure AI system development"
    28 November 2023
  • NISC jointly sealed International Guidance "Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security by Design and Default"
    17 October 2023
  • Outcomes of the 16th ASEAN-Japan Cybersecurity Policy Meeting
    6 October 2023

About NISC

The Cybersecurity Strategic Headquarters was established under the Cabinet in November, 2014 for the purpose of effectively and comprehensively promoting cybersecurity policies. The Cybersecurity Strategic Headquarters is headed by the Chief Cabinet Secretary, with his deputy - the Minister in charge of Cybersecurity - and composed of the Chairman of the National Public Safety Commission, the other relevant Ministers and knowledgeable experts from academia and business sectors.

National center of Incident readiness and Strategy for Cybersecurity, “NISC” has been established since 2015 which was formerly called National Information Security Center since 2005, under the same abbreviation “NISC”, as a secretariat of the Cybersecurity Strategy Headquarters, working together with the public and private sectors on a variety of activities to create a "free, fair and secure cyberspace". NISC plays its leading role as a focal point in coordinating intra-government collaboration and promoting partnerships between industry, academia, and public and private sectors.

NISC coordinates cybersecurity policy by formulating

  • Cybersecurity Strategy
  • Cybersecurity Policy for Critical Infrastructure Protection
  • Common Standard on Information Security Measures of Government Entities
  • Cybersecurity Human Resource Development Plan
  • Cybersecurity Research and Development Strategy etc.

NISC takes a role of a governmental CERT, and NISC and JPCERT/CC, as a CERT covering private entities, work together as a national CERT.

NISC consists of the following seven groups. The main activities are as follows.

Strategy

Cybersecurity Strategy

The current Cybersecurity Strategy issued in September 2021 is the third one under the Basic Act on Cybersecurity. The Cybersecurity Strategy shows a basic position on cybersecurity policy, its objectives and its implementation for 3 years domestically and internationally. Overview of the Cybersecurity Strategy is as below.

Cybersecurity strategy booklet

Cybersecurity strategy (Booklet)

download

The Basic Act on Cybersecurity

The Basic Act on Cybersecurity has been implemented since 2015 to promote the cybersecurity policy by

  • setting basic principles of cybersecurity policy
  • clarifying the responsibilities of the government, private entities, and citizens
  • stipulating the framework for cybersecurity policy such as the cybersecurity strategy formulation and the establishment of the Cybersecurity Strategic Headquaters.

Government Network

Standard

NISC has set the Common Standards on Information Security Measures of Government Entities to raise the level of information security for all governmental agencies and related agencies, as the baseline standard. Based on the standard, NISC oversees the status of implementation of it across agencies by audits.

Operation

NISC operates real-time government-wide monitoring team called the Government Security Operation Coordination team (GSOC). GSOC not only monitors malicious communications incoming to or outgoing from government owned systems but also works as information sharing framework among governmental entities. GSOC provides alerts and advice for the governmental entities when they detect suspicious signals or malware.

Critical Infrastructure

Since 2005, the ‘Cybersecurity Policy for Critical Infrastructure Protection’ has been set as a common action plan shared between the government, which bears responsibility for promoting independent measures by CI operators relating to CI cybersecurity and implementing other necessary measures, and CI operators which independently carry out relevant protective measures, and the new edition was published in 2022.
This document identifies the 14 sectors as critical infrastructure and it expects stakeholders to undertake the five measures as below.

  1. Enhancement of Incident Response Capability
  2. Maintenance and Promotion of the Safety Principles
  3. Enhancement of Information Sharing System
  4. Utilization of Risk Management
  5. Enhancement of the Basis for CIP

International Cooperation

As mentioned in the Cybersecurity Strategy of Japanese government, Japan strengthens collaboration with its ally and like-minded countries as well as multi-layered frameworks that enable the Japanese government to engage in practical international collaboration with their counterparts.
A part of the outcome of the activities in NISC as the national cybersecurity center is shown as below.

ASEAN-Japan_Performance_Report

For further cybersecurity cooperation and capacity building in the ASEAN-Japan region, the activity result was summarized in the E-booklet.

Link
OT_guidance.png

NISC co-sealed “Principles of operational technology cyber security”.

Link

Other Projects

Quad Cyber Challenge

Japan, Australia, India, and the U.S. share fundamental values and are committed to strengthening a free and open international order based on the rule of law. The four countries have been promoting practical cooperation in various fields, including vaccines, infrastructure, climate change, and critical and emerging technologies, to realize a "Free and Open Indo-Pacific (FOIP)". The four countries have also concurred on the importance of making positive contribution to the region. (Reference: Japan-Australia-India-U.S.(Quad) meetings

Cooperation is also expected to be promoted in the field of cyber security, and the Japan-US-Australia-India Summit Joint Statement(September 21, 2024) mentioned that throughout this fall, Quad countries each plan to host campaigns to mark the annual Quad Cyber Challenge promoting responsible cyber ecosystems, public resources, and cybersecurity awareness.

NISC invited three Japanese cybersecurity professionals on the front lines of their fields to deliver special video messages highlighting the importance of cybersecurity jobs and the challenges they face. The three experts also discussed their own experiences and their decision to choose a cybersecurity career path to motivate students and young people to pursue this critical and challenging field.

※In Japanese alphabetical order
※Organizations and Job titles below are as of the time of the interview

Ms.Momoko Aoyama

Security Analyst, The Security Solutions Business Division of the Security Cyber Resilience Headquarters Dept. of Hitachi Solutions, Ltd.

Mr.Tsubasa Umeuchi

Security Engineer, The Professional Services Division of Flatt Security Inc.

Ms.Shiho Moriai

Senior Executive Director, Director General of the Cybersecurity Research Institute at the National Institute of Information and Communications Technology (NICT)

Enhancement of Information Sharing

In order to enhance the information sharing among relevant stakeholders in public and private sector, with the amendment of the Basic Act on Cybersecurity, the Cybersecurity Council was newly established in April 2019, composed of national government bodies, critical infrastructure operators, security vendors, and other related organizations. The amended Act imposes the obligation of confidentiality on the members of the Council and so on to encourage the willingness of information sharing.

General Framework for Secure IoT Systems

NISC has set the ‘General Framework for Secure IoT Systems’ in 2016 which clarifies the fundamental and essential security requirements for secure IoT systems.

Archive

The Previous version of key documents such as Cybersecurity Strategy is shown in the link below.