japan’s cyber security market€¦ · japan’s cyber security market opportunity &...
TRANSCRIPT
Japan’s Cyber Security Market
OPPORTUNITY & CHALLENGES
FEBRUARY 2016
William “Bud” RothVisiting Fellow
Today’s Agenda
2
Recognizing the Threat from Cyber Attacks
Japan’s Cyber Security Market
Japan’s New Cyber Security Framework
Doing Business as a Foreigner in Japan
Foreign Cyber Security Companies in Japan
The Threat to JapanAs Seen by NISC – Anonymous on a rampage
Sophisticated Attacks against Sensitive Targets
Critical Infrastructure
Gov’t Institutions
(2) GSOC unauthorized access data
# of Attacks ⑥ Gas
⑦ gov’t
& gov’t services
⑧ medical
⑨ water
⑩ logistics
Types of Critical Infrastructure
① telecom
② finance
③ Aerospace
④ Trains
⑤ Electricity
⑪ chemical
⑫ credit card
⑬ petroleum
Source: NISC Deputy Director Yasuhiko Taniwaki, Wagakuni no Cyber Security Senryaku (2 Feb. 2015) (delivered at GRIPS); updated with Yasuhiko Taniwaki, Cybersecurity Strategy in Japan, National Information Security Center (9 Oct. 2014); Tomoko Otake, 1.25 million affected by Japan Pension Service hack, Japan Times (1 Jun. 2015)
(2)
FY2011 FY2012 FY2013
# of cases reported by
Infrastructure Operators15 76 133
FY2012 FY2013
Spear Phishing
Incidents246 385 Breakdown
Unauthorized access,
DoS
Virus infections
Other
12175
3
Sept2011
Mitsubishi Heavy Industries, Ltd. (MHI), House of Representative (HR) etc.Found virus infection by targeted attacks
May 2012
Japan Nuclear Energy Safety Organization (JNES)Information leakage for possibly months
Jan2013
Ministry of Agriculture, Forestry & FisheriesTPP negotiations-related information stolen
April2013
Japan Aerospace Exploration Agency (JAXA) Found unauthorized access to servers from outside
Fall2013
Various government agencies Zero-day attack infected targeted user’s web browsers
Jan2014
Japan Atomic Energy Agency (JAEA)Found likely information leakage via virus infection
May2015
Japan Pension Service Email virus infects desktops; loss of 1.25m records
FY2011 FY2012 FY2013
Unauthorized Access Attempts
660K 1.08m 5.4m
Potential Compromise Notices sent
139 175 139
Warnings triggered by suspicious emails
209 415 381
Cyber Security Legal Framework Diet passed Cyber Security Basic Law on November 6, 2014
Empowers National Center of Incident Readiness and Strategy for Cybersecurity (NISC) to issue and enforce Cyber security guidelines for other agencies and critical infrastructure
Gives NISC authority to order audits of government agencies and to investigate security incidents
Law uses the term Jiritsu which has been interpreted in media reports to mean that NISC will strengthen the national Cyber security skill base while minimizing reliance on overseas resources
May 2015, Cabinet approved Cyber Security Policy that calls for government / private sector collaboration to develop a regulatory framework that will keep Internet users safe, but not thwart growth and innovation
Japan seeks to act as regional leader in developing Cyber Security capabilities while collaborating with Europeans and North Americans
Cabinet approved amendment to law this month to bring independent agencies such as Japan Pension Service under NISC’s purview as well as increase government-sponsored training initiatives
Nikkei predicts 19% growth in Japanese Cyber Security Market in 2016—reaching USD ~2.7b
Source: METI Industrial Structure Council, Commerce Distribution Information Subcommittee, Information Economy Sub-Subcommittee (First Round of Materials)
Human Resource GapJobs outnumber skilled domestic labor pool
80K positions unfilled
Human Resources
265K INFOSEC industry employees
160K lack required skills
Developing Internal INFOSEC Resources
# of IT Personnel
USA China India Japan
End User FirmIT FirmUSA Japan
Breakdown of IT Personnel by %
IT Firm End User Firm
Needs
High End Training
Places to use & Refine skill
More Training
Doing Business in Japan Ranked #29 out of 189 in 2015 Top class infrastructure, low crime, educated work force
Hiring talented workers Cyber industry-specific shortage
Business culture & etiquette Understanding your status as a foreigner Establishing strong relationships with Japanese
employees & customers
Financing for foreigners No domestic credit history & no chop
Risk adverse culture
Hacking is counter Japanese culture Honesty & do things the right way
Firms reluctant to spend on IT
Challenges
Doing Business in Japan as a Foreigner No perfect solution Need to look at your product(s), the competitive landscape, financing options, IP
risk, etc.
Wrap upGovernment and business recognize Cyber threat is real
Cyber security industry is growing (19% forecast)
Human Resource bottleneck real challenge
Great infrastructure in Japan
Foreign Cyber security firms face same sorts of challenges faced by all foreign companies
Success in this market requires dedication and a well-thought out business plan that reflects local realities
Sources (and Useful Links)Culture & Etiquette
1. Kwintessentials’ Doing Business in Japan
http://www.kwintessential.co.uk/etiquette/doing-business-japan.html
2. Things You Need To Know About Doing Business In Japan
http://www.businessinsider.com/6-things-to-know-about-business-in-japan-2014-6
3. Doing Business in Japan: 10 Etiquette Rules You Should Knowhttps://www.americanexpress.com/us/small-business/openforum/articles/doing-business-in-japan-10-etiquette-rules-you-should-know/
4. Venture Japan’s Japanese Business Etiquette
http://www.venturejapan.com/japanese-business-etiquette.htm
Sources (and Useful Links)Setting Up & Running a Business
1. Entrepreneur’s Blog on working in Japanhttp://www.kalzumeus.com/2014/11/07/doing-business-in-japan/
2. JETRO – How to Set up a Business in Japanhttp://www.jetro.go.jp/en/invest/setting_up/
1. US Export.gov Doing Business in Japan http://www.export.gov/japan/doingbusinessinjapan/index.asp
Sources (and Useful Links)Macro Issues
1. World Bank Macro Studies http://www.doingbusiness.org/data/exploreeconomies/japan http://www.doingbusiness.org/~/media/GIAWB/Doing%20Business
/Documents/Annual-Reports/English/DB15-Full-Report.pdf
2. JNSA 2015 Cyber Security Market Survey http://www.jnsa.org/result/2014/surv_mrk/2013_mrk-report_v1.0.pdf
3. Export Virginia Study on Japan Cyber Security Markethttp://exportvirginia.org/resources2/publications/cyber-security/
Sources Updates• http://www.nikkei.com/article/DGXLASDZ20HYA_Q6A120C1TI5000/
• http://news.softpedia.com/news/anonymous-shuts-down-japanese-airport-website-after-the-cove-actor-is-arrested-499373.shtml
• https://www.rt.com/news/326580-anonymous-japan-whaling-hacks/
•Cyber Security Legal Framework:
• http://japan.zdnet.com/article/35056603/
• http://blogs.cfr.org/cyber/2015/11/02/japans-new-cybersecurity-strategy-security-without-thwarting-economic-growth/
• http://www.nikkei.com/article/DGXLASFS02H4Y_S6A200C1PP8000/
•http://www.sankeibiz.jp/macro/news/160116/mca1601160500006-n1.htm