Japan Blocks 'Security Threats from China'... Introduces Security Contractor Review System

【Tokyo=Kim Kyung-min Correspondent】 The Japanese government is considering introducing a new system to review the reliability of information security contractors that inspect the cyber measures of companies and others. If the safety of so-called 'concerned countries' like China is proven, the government will grant certification.
According to Nihon Keizai Shimbun (Nikkei) on the 10th, the Japanese government will soon begin discussions on the design of this system. To this end, a task force will be established under the 'Industrial Cybersecurity Research Group' of the Ministry of Economy, Trade and Industry to address it as a review task.
In May, the Japanese government enacted and implemented related laws for the introduction of active cyber defense (preemptive blocking of attacks). The law mandates that important infrastructure operators closely related to the lives of citizens report damages in the event of a cyberattack and also requires the registration of information technology (IT) devices used.
With the implementation of the law, demand for checking defects and vulnerabilities in corporate systems, consulting on security measures, etc., is expected to increase. The risk of information leakage through information security contractors conducting inspections, as well as important infrastructure companies that have been attacked, has also emerged as a new issue.
The new review system targets these information security contractors. As contractors certified by the government are officially recognized for their reliability and safety, they can serve as a criterion for private companies' outsourcing decisions. Furthermore, there is talk of allowing only certified contractors to participate in government procurement bids.
Review items are expected to include the contractor's base and data storage country, the use of foreign software, the composition of shareholders and executives, and whether foreign employees have access to information.
Currently, an information security service review and registration system is in operation, but it focuses on service quality rather than verifying the reliability of the company itself, such as foreign influence.
There are concerns from the government and ruling party that if a security contractor has individuals with close ties to foreign countries, the vulnerability of corporate systems may be exposed to the outside. The possibility of information leakage through foreign programs is also pointed out, highlighting security issues.

km@fnnews.com Kim Kyung-min Reporter