Japanese officials are considering creating a new government agency that will be tasked with protecting critical infrastructure against cyber-attacks, Japanese newspaperreports.
The new agency, currently named Industrial Cybersecurity Promotion Agency (ICPA), will start functioning in 2017, and the government wants it to be ready to defend the country’s most critical industrial equipment by 2020, when Tokyo will host the Olympic Games.
The targets that ICPA personnel will have to protect include electricity, gas, petroleum, chemical, and nuclear facilities. Additionally, smaller private firms in the defense industry will also benefit from the agency’s protection.
ICPA will be made up of two main divisions
Leaked details reveal the government will organize ICPA activity into two divisions: one for research and one for active response.
The ICPA research division will conduct joint studies and real-world cyber exercises with local universities and overseas agencies like the US Department of Homeland Security.
On the other hand, the ICPA active response division will be where all the action takes place. This group will train professionals, so-called white hat hackers, to use hacking techniques in order to prevent cyber-attacks and mitigate existing threats.
ICPA will focus on critical infrastructure
The newly announced agency will only protect critical infrastructure points, and not all government agencies, for which other security agencies already exist in Japan.
Japan’s government justified ICPA’s creation by pointing out similar attacks that took place against Ukraine’s electric grid system (successful) and against the US’ power grid and dam system (failed).
In all cases, these critical systems don’t only employ computer and mobile devices but also include critical ICS/SCADA systems for which very few security software solutions exist.
If it is to be successful, ICPA will have to develop custom security solutions specifically aimed at industrial systems. Outside a few security protocols that mandate air gaps between SCADA and regular IT networks, these sensitive infrastructures lack any other type of protection.