• Home
  • About RSIS
    • Introduction
    • Building the Foundations
    • Welcome Message
    • Board of Governors
    • Staff Profiles
      • Executive Deputy Chairman’s Office
      • Dean’s Office
      • Management
      • Distinguished Fellows
      • Faculty and Research
      • Associate Research Fellows, Senior Analysts and Research Analysts
      • Visiting Fellows
      • Adjunct Fellows
      • Administrative Staff
    • Honours and Awards for RSIS Staff and Students
    • RSIS Endowment Fund
    • Endowed Professorships
    • Career Opportunities
    • Getting to RSIS
  • Research
    • Research Centres
      • Centre for Multilateralism Studies (CMS)
      • Centre for Non-Traditional Security Studies (NTS Centre)
      • Centre of Excellence for National Security (CENS)
      • Institute of Defence and Strategic Studies (IDSS)
      • International Centre for Political Violence and Terrorism Research (ICPVTR)
    • Research Programmes
      • National Security Studies Programme (NSSP)
      • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
    • Research @ RSIS
    • Other Programmes
      • Science and Technology Studies Programme (STSP)
  • Graduate Education
    • Graduate Programmes Office
    • Overview
    • MSc (Asian Studies)
    • MSc (International Political Economy)
    • MSc (International Relations)
    • MSc (Strategic Studies)
    • NTU-Warwick Double Masters Programme
    • PhD Programme
    • Exchange Partners and Programmes
    • How to Apply
    • Financial Assistance
    • Information Sessions
    • RSIS Alumni
  • Alumni & Networks
    • Alumni
    • Asia-Pacific Programme for Senior Military Officers (APPSMO)
    • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
    • SRP Executive Programme
    • Terrorism Analyst Training Course (TATC)
  • Publications
    • RSIS Publications
      • Annual Reviews
      • Books
      • Bulletins and Newsletters
      • Commentaries
      • Counter Terrorist Trends and Analyses
      • Commemorative / Event Reports
      • IDSS Paper
      • Interreligious Relations
      • Monographs
      • NTS Insight
      • Policy Reports
      • Working Papers
      • RSIS Publications for the Year
    • Glossary of Abbreviations
    • External Publications
      • Authored Books
      • Journal Articles
      • Edited Books
      • Chapters in Edited Books
      • Policy Reports
      • Working Papers
      • Op-Eds
      • External Publications for the Year
    • Policy-relevant Articles Given RSIS Award
  • Media
    • COVID-19 Resources
    • Cohesive Societies
    • Great Powers
    • Sustainable Security
    • Other Resource Pages
    • Media Highlights
    • News Releases
    • Speeches
    • Vidcast Channel
    • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
Facebook
Twitter
YouTube
RSISVideoCast RSISVideoCast rsis.sg
Linkedin
instagram instagram rsis.sg
RSS
  • Home
  • About RSIS
      • Introduction
      • Building the Foundations
      • Welcome Message
      • Board of Governors
      • Staff Profiles
        • Executive Deputy Chairman’s Office
        • Dean’s Office
        • Management
        • Distinguished Fellows
        • Faculty and Research
        • Associate Research Fellows, Senior Analysts and Research Analysts
        • Visiting Fellows
        • Adjunct Fellows
        • Administrative Staff
      • Honours and Awards for RSIS Staff and Students
      • RSIS Endowment Fund
      • Endowed Professorships
      • Career Opportunities
      • Getting to RSIS
  • Research
      • Research Centres
        • Centre for Multilateralism Studies (CMS)
        • Centre for Non-Traditional Security Studies (NTS Centre)
        • Centre of Excellence for National Security (CENS)
        • Institute of Defence and Strategic Studies (IDSS)
        • International Centre for Political Violence and Terrorism Research (ICPVTR)
      • Research Programmes
        • National Security Studies Programme (NSSP)
        • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      • Research @ RSIS
      • Other Programmes
        • Science and Technology Studies Programme (STSP)
  • Graduate Education
      • Graduate Programmes Office
      • Overview
      • MSc (Asian Studies)
      • MSc (International Political Economy)
      • MSc (International Relations)
      • MSc (Strategic Studies)
      • NTU-Warwick Double Masters Programme
      • PhD Programme
      • Exchange Partners and Programmes
      • How to Apply
      • Financial Assistance
      • Information Sessions
      • RSIS Alumni
  • Alumni & Networks
      • Alumni
      • Asia-Pacific Programme for Senior Military Officers (APPSMO)
      • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
      • SRP Executive Programme
      • Terrorism Analyst Training Course (TATC)
  • Publications
      • RSIS Publications
        • Annual Reviews
        • Books
        • Bulletins and Newsletters
        • Commentaries
        • Counter Terrorist Trends and Analyses
        • Commemorative / Event Reports
        • IDSS Paper
        • Interreligious Relations
        • Monographs
        • NTS Insight
        • Policy Reports
        • Working Papers
        • RSIS Publications for the Year
      • Glossary of Abbreviations
      • External Publications
        • Authored Books
        • Journal Articles
        • Edited Books
        • Chapters in Edited Books
        • Policy Reports
        • Working Papers
        • Op-Eds
        • External Publications for the Year
      • Policy-relevant Articles Given RSIS Award
  • Media
      • COVID-19 Resources
      • Cohesive Societies
      • Great Powers
      • Sustainable Security
      • Other Resource Pages
      • Media Highlights
      • News Releases
      • Speeches
      • Vidcast Channel
      • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
  • instagram instagram rsis.sg
Connect

Getting to RSIS

Map

Address

Nanyang Technological University
Block S4, Level B3,
50 Nanyang Avenue,
Singapore 639798

View location on Google maps Click here for directions to RSIS

Get in Touch

    Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
    RSISVideoCast RSISVideoCast rsisvideocast
      school/rsis-ntu
    instagram instagram rsis.sg
      RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    RSIS Intranet

    S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
    Nanyang Technological University Nanyang Technological University

    Skip to content

     
    • RSIS
    • Publication
    • RSIS Publications
    • CO18121 | Japan’s New Cybersecurity Strategy: Plugging the IoT Gap
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • Commentaries
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • IDSS Paper
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers
    • RSIS Publications for the Year

    CO18121 | Japan’s New Cybersecurity Strategy: Plugging the IoT Gap
    Mihoko Matsubara

    18 July 2018

    download pdf
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies, NTU. These commentaries may be reproduced with prior permission from RSIS and due recognition to the author(s) and RSIS. Please email to Mr Yang Razali Kassim, Editor RSIS Commentary at [email protected]

    Synopsis

    Japan should craft a new Cybersecurity Strategy to encourage risk-averse business leadership to tackle shadow IT and bring visibility and control on two key fronts: first, endpoint security to protect computers, servers, and wireless devices and second, cloud security to protect data, applications, and infrastructure of cloud computing.

    Commentary

    THE JAPANESE government released a draft of the next Cybersecurity Strategy in June 2018 to share its vision for strengthening Japan’s cybersecurity capabilities for the coming few years. The new strategy draft is the first national security document in which endpoint security to defend computers, servers, and wireless devices is mentioned.

    The inclusion of endpoint security showcases the hard lessons learned from the WannaCry incident in 2017. Japanese government and industry were both shocked that the WannaCry disrupted business operations in Japan, even for major Japanese manufacturers, not just foreign companies.

    Endpoint and Cloud Security

    If the final Cybersecurity Strategy is to include a specific type of cybersecurity like endpoint security, it should also refer to cloud security to ensure comprehensive protection of IT resources, not just for the government but also for industry. The Strategy draft emphasises pursuing innovations through artificial intelligence and the Internet of Things (IoT) and taking security measures for private cloud for the government.

    Big data is key to machine learning and IoT to create new business values and opportunities. IBM estimates that 2.5 quintillion bytes of data are created daily. To keep up with exploding data, it is impossible to remain dependent on computers on the premises (on-premises) is not as flexible and scalable as the cloud.

    IoT Adoption in Asia-Pacific vs. Japan

    Yet Japanese companies have taken more time than other countries to introduce IoT and cloud services. The Vodafone IoT Barometer 2017/18 report shows that 36 percent of organisations in the Asia Pacific have implemented IoT, compared to 27 percent in the Americas and 26 percent in Europe. In contrast, the adoption ratio in Japan was only 12 percent, which the Asia-Pacific region achieved in 2013. As of 2016, 46.9 percent of Japanese companies use cloud computing for emails, data storage, and/or file sharing, whereas  the adoption ratio was 70 percent in the United States.

    There are a few reasons why IoT adoption in Japan is lagging. First, Japanese companies tend to begin conducting IoT proof of concept (POC) without setting a clear goal or deadline. They end up pursuing POC indefinitely rather than turning it into a new business operation. Second, compared to their counterparts in other countries, fewer Japanese business leaders understand the potential effects of the digital revolution on employment and work.

    While only eight percent of non-Japanese business leaders do not know those impacts outside Japan, the ratio is 20 percent in Japan. Third, Japanese business leadership is becoming more risk averse, which makes it difficult to adopt new business models. Forty-three percent of Japanese business leaders were risk averse in 2014, and this ratio went up to 60 percent in 2016.

    The Japanese government started to incentivise industry’s investments in IoT this summer to reduce companies’ corporate tax if they can prove their investments in IoT devices such as sensors and robots will increase productivity and cybersecurity. This movement can be a gamechanger to galvanize IoT and IoT security in Japan. It will also require Japanese industry to rethink how to use cloud to keep up with big data produced by IoT.

    Cloud in Japan

    According to the Japanese Ministry of Internal Affairs and Communications’ 2017 White Paper, 47.3 percent and 35.4 percent of Japanese companies responded that they do not use the cloud because they do not need to or they are concerned about cloud security, respectively. Still, employees acknowledge the convenience of cloud services. In fact, shadow IT poses a huge challenge to corporate governance and cybersecurity. Shadow IT refers to IT products and services that employees use within their organisation without explicit approval from their employer.

    NRI Secure Technologies’ “Cyber Security Trend Annual Review 2017” report shows that only 40.4 percent of Japanese companies believe they use software-as-a-service (SaaS). However, NRI Secure Technologies, Ltd. discovered that 61 percent of those companies use Office 365 and 58.6 percent use Dropbox. Corporate employees have begun to use such cloud services for accessibility and convenience, even though their IT team is not necessarily aware of such SaaS usage and cannot apply security to it.

    Nevertheless, 42 percent of Japanese companies believe that SaaS usage is not an issue as long as employees use it carefully. This optimistic view of cloud security and governance has led to insufficient knowledge of cloud security solutions. For example, cloud access security broker (CASB) provides visibility, access control, and data protection.

    Gartner expects that 85 percent of major companies will use CASB in the world by 2020, although less than five percent of companies use it as of 2016. Cloud Security Alliance’s Japan Chapter revealed that 63 percent of Japanese companies do not know about CASB. Japan is in urgent need to raise awareness of cloud security and increase visibility of IT assets connected to the internet or in the cloud.

    Japan’s New Cybersecurity Strategy

    Japan is the third largest world economy and its economic prosperity and success largely rely on cybersecurity as IT resources are fundamental part of business activities including innovations. It is Japan’s responsibility as an economic power and global leader to ensure comprehensive and robust cybersecurity. As WannaCry demonstrated, a cyberattack can have cascading impacts, and its damage may not be contained within one organization, one sector, or one country.

    Since Japan started a new tax incentive for IoT investments, it is crucial for the new Cybersecurity Strategy to acknowledge the gap between Japan and other countries in cloud and IoT adoption and provide a vision of how Japan should accelerate its cybersecurity efforts.

    The Strategy draft’s referral to endpoint security sends a positive signal about Japan’s commitment to cybersecurity and business continuity. Now it is time to craft a new Strategy to encourage risk-averse business leadership to tackle shadow IT and bring visibility and control to endpoint and cloud security.

    About the Author

    Mihoko Matsubara, an Adjunct Fellow at Pacific Forum, contributed this specially to RSIS Commentary. Starting her career with the Japanese Ministry of Defence, she later worked at Hitachi Systems as a cybersecurity analyst, Intel Corporation as Cyber Security Policy Director, Palo Alto Networks as Chief Security Officer (CSO) in Japan and Vice President & Public Sector CSO for Asia-Pacific in Singapore.

    Categories: Commentaries / Country and Region Studies / International Political Economy / International Politics and Security / Non-Traditional Security

    Last updated on 18/07/2018

    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies, NTU. These commentaries may be reproduced with prior permission from RSIS and due recognition to the author(s) and RSIS. Please email to Mr Yang Razali Kassim, Editor RSIS Commentary at [email protected]

    Synopsis

    Japan should craft a new Cybersecurity Strategy to encourage risk-averse business leadership to tackle shadow IT and bring visibility and control on two key fronts: first, endpoint security to protect computers, servers, and wireless devices and second, cloud security to protect data, applications, and infrastructure of cloud computing.

    Commentary

    THE JAPANESE government released a draft of the next Cybersecurity Strategy in June 2018 to share its vision for strengthening Japan’s cybersecurity capabilities for the coming few years. The new strategy draft is the first national security document in which endpoint security to defend computers, servers, and wireless devices is mentioned.

    The inclusion of endpoint security showcases the hard lessons learned from the WannaCry incident in 2017. Japanese government and industry were both shocked that the WannaCry disrupted business operations in Japan, even for major Japanese manufacturers, not just foreign companies.

    Endpoint and Cloud Security

    If the final Cybersecurity Strategy is to include a specific type of cybersecurity like endpoint security, it should also refer to cloud security to ensure comprehensive protection of IT resources, not just for the government but also for industry. The Strategy draft emphasises pursuing innovations through artificial intelligence and the Internet of Things (IoT) and taking security measures for private cloud for the government.

    Big data is key to machine learning and IoT to create new business values and opportunities. IBM estimates that 2.5 quintillion bytes of data are created daily. To keep up with exploding data, it is impossible to remain dependent on computers on the premises (on-premises) is not as flexible and scalable as the cloud.

    IoT Adoption in Asia-Pacific vs. Japan

    Yet Japanese companies have taken more time than other countries to introduce IoT and cloud services. The Vodafone IoT Barometer 2017/18 report shows that 36 percent of organisations in the Asia Pacific have implemented IoT, compared to 27 percent in the Americas and 26 percent in Europe. In contrast, the adoption ratio in Japan was only 12 percent, which the Asia-Pacific region achieved in 2013. As of 2016, 46.9 percent of Japanese companies use cloud computing for emails, data storage, and/or file sharing, whereas  the adoption ratio was 70 percent in the United States.

    There are a few reasons why IoT adoption in Japan is lagging. First, Japanese companies tend to begin conducting IoT proof of concept (POC) without setting a clear goal or deadline. They end up pursuing POC indefinitely rather than turning it into a new business operation. Second, compared to their counterparts in other countries, fewer Japanese business leaders understand the potential effects of the digital revolution on employment and work.

    While only eight percent of non-Japanese business leaders do not know those impacts outside Japan, the ratio is 20 percent in Japan. Third, Japanese business leadership is becoming more risk averse, which makes it difficult to adopt new business models. Forty-three percent of Japanese business leaders were risk averse in 2014, and this ratio went up to 60 percent in 2016.

    The Japanese government started to incentivise industry’s investments in IoT this summer to reduce companies’ corporate tax if they can prove their investments in IoT devices such as sensors and robots will increase productivity and cybersecurity. This movement can be a gamechanger to galvanize IoT and IoT security in Japan. It will also require Japanese industry to rethink how to use cloud to keep up with big data produced by IoT.

    Cloud in Japan

    According to the Japanese Ministry of Internal Affairs and Communications’ 2017 White Paper, 47.3 percent and 35.4 percent of Japanese companies responded that they do not use the cloud because they do not need to or they are concerned about cloud security, respectively. Still, employees acknowledge the convenience of cloud services. In fact, shadow IT poses a huge challenge to corporate governance and cybersecurity. Shadow IT refers to IT products and services that employees use within their organisation without explicit approval from their employer.

    NRI Secure Technologies’ “Cyber Security Trend Annual Review 2017” report shows that only 40.4 percent of Japanese companies believe they use software-as-a-service (SaaS). However, NRI Secure Technologies, Ltd. discovered that 61 percent of those companies use Office 365 and 58.6 percent use Dropbox. Corporate employees have begun to use such cloud services for accessibility and convenience, even though their IT team is not necessarily aware of such SaaS usage and cannot apply security to it.

    Nevertheless, 42 percent of Japanese companies believe that SaaS usage is not an issue as long as employees use it carefully. This optimistic view of cloud security and governance has led to insufficient knowledge of cloud security solutions. For example, cloud access security broker (CASB) provides visibility, access control, and data protection.

    Gartner expects that 85 percent of major companies will use CASB in the world by 2020, although less than five percent of companies use it as of 2016. Cloud Security Alliance’s Japan Chapter revealed that 63 percent of Japanese companies do not know about CASB. Japan is in urgent need to raise awareness of cloud security and increase visibility of IT assets connected to the internet or in the cloud.

    Japan’s New Cybersecurity Strategy

    Japan is the third largest world economy and its economic prosperity and success largely rely on cybersecurity as IT resources are fundamental part of business activities including innovations. It is Japan’s responsibility as an economic power and global leader to ensure comprehensive and robust cybersecurity. As WannaCry demonstrated, a cyberattack can have cascading impacts, and its damage may not be contained within one organization, one sector, or one country.

    Since Japan started a new tax incentive for IoT investments, it is crucial for the new Cybersecurity Strategy to acknowledge the gap between Japan and other countries in cloud and IoT adoption and provide a vision of how Japan should accelerate its cybersecurity efforts.

    The Strategy draft’s referral to endpoint security sends a positive signal about Japan’s commitment to cybersecurity and business continuity. Now it is time to craft a new Strategy to encourage risk-averse business leadership to tackle shadow IT and bring visibility and control to endpoint and cloud security.

    About the Author

    Mihoko Matsubara, an Adjunct Fellow at Pacific Forum, contributed this specially to RSIS Commentary. Starting her career with the Japanese Ministry of Defence, she later worked at Hitachi Systems as a cybersecurity analyst, Intel Corporation as Cyber Security Policy Director, Palo Alto Networks as Chief Security Officer (CSO) in Japan and Vice President & Public Sector CSO for Asia-Pacific in Singapore.

    Categories: Commentaries / Country and Region Studies / International Political Economy / International Politics and Security / Non-Traditional Security

    Last updated on 18/07/2018

    Back to top

    Terms of Use | Privacy Statement
    Copyright © S. Rajaratnam School of International Studies. All rights reserved.
    This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
    OK
    Book introduction of "Extremist Islam: Recognition and Response in Southeast Asia"
    Since the Bali terrorist attacks in 2002, law enforcement agencies have rigorously combatted terrorist networks in Southeast Asia, yet groups motivated by violent extremi ...
    more info