The Japanese Government formally adopted its new Cybersecurity Strategy last Friday. The Strategy outlines the directions of Japanese cybersecurity policy as the country approaches the 2020 Olympics and Paralympics in Tokyo, and faces the challenges of a rising China. The Strategy’s ultimate objective is to ensure a free, fair and secure cyberspace—balancing the need for security with freedom of access and expression.
The cyber threats posed to the Tokyo Olympics are at the forefront of the Strategy, which notes that extensive public, private and academic cooperation will be required to develop secure networks from the ground up, particularly as the interface between cyberspace and physical objects grows with the ‘Internet of Things’. This includes the recommendation that corporations position their Chief Information Security Officers at suitably senior levels to adequately make the changes necessary for more secure networks. Public-private partnerships are also noted as critical for the security of Japan’s critical information infrastructure (CII), as is better information sharing between government agencies and CII operators. The Strategy was released for comment in May this year, and was originally due for release in June, but was delayed to incorporate the lessons learned from the Japan Pension Service hack.
Meanwhile, the Australian cyber community will be waiting until late October for the Australian Cyber Security Review to be released, according to a Prime Minister & Cabinet spokesperson. The launch of the Strategy will reportedly follow closely after the fourth annual Cyber Security Challenge Australia on 30 September. The Challenge is a public-private event for Australian tertiary students to test their cyber security skills and engage with key government and private sector cyber security leaders.
Competitors in the Cyber Security Challenge may one day be press-ganged into national cyber service if Australian Information Security Association executive James Turner’s proposal to nationalise the Australian cyber security industry is adopted. Turner’s proposal would see the role of the Australian Cyber Security Centre expand, and the pooling of cyber security expertise to provide a critical mass to support government and private sector cyber security. While suggestions like this seem extreme, governments around the world may start to consider similar measures to tackle this increasingly expensive problem. The US is reportedly planning to spend US$14 billion on government cybersecurity in the 2015-2016 financial year, while corporate entities will spend US$31.5 billion in the same timeframe, but the vulnerability of both sectors to hackers is unlikely to decrease any time soon.
Australia and India’s bilateral cyber policy and security engagement took another forward step last month as the first Australia–India Cyber Policy Dialogue concluded successfully in New Delhi. Announced as part of the Framework for Security Cooperation agreed by Prime Ministers Modi and Abbott last November, the Dialogue reportedly discussed the ‘full range’ of cyber issues including threat perceptions and government cyber security arrangements, and international cyber security policy, governance and cybercrime cooperation. Notably, the two national CERT teams signed a framework to enhance their operational collaboration for information sharing and incident response. The Modi government’s Digital India programme was also discussed at the Dialogue—an initiative that seeks to increase internet penetration to enable the delivery of core government services through high speed internet connections. However, India is facing the same cyber skills shortages as many other nations, requiring an estimated 1 million cyber security professionals by 2025 to meet its goals, from its current base of 62,000.