Strengthening its cybersecurity measures against China and other potential state-sponsored threats, Japan is on track to impose domestic storage of electronic data generated by critical infrastructures like power and water suppliers.
Products of Chinese manufacturers of telecom equipment are increasingly being excluded from government procurement in the West, following reports that these products might have back doors baked into them allowing China to gather intelligence. Japan has apparently boarded the same bandwagon after deciding to store locally all the electronic data generated by domestic critical infrastructures – 14 of them, to be precise.
The Japanese government reportedly plans to hold a meeting at its Cybersecurity Strategic Headquarters in April. The declared purpose: to revise the Guideline for Establishing Safety Principles for the security of areas of infrastructure deemed crucial.
According to the-japan-news.com, those fields are: information and communication, finance, aviation, airports, railways, electricity, gas, government and administrative services, medicine, water, logistics, chemical industries, credit cards, and petroleum.
“The government will encourage companies in each field to voluntarily store data in Japan, but the establishment of a guideline would effectively be compelling because companies in such fields as electric power and financial services are obliged to take adequate measures on information security that meet certain standards under related laws,” reads the English-language version of the report.
Japan has quietly conducted field surveys to determine how many servers used by the country’s administrative bodies and important companies are located outside its borders. It found that although the data wasn’t crucial, much of it was stored outside Japan. However, fears are mounting that data generated by critical infrastructures is also being stored irresponsibly outside Japan.
“Cyber-attacks aimed at such information would cause tremendous harm to people’s lives, and it would be difficult for Japanese police and supervisory agencies to cope with the attacks if the data was stored outside Japan,” the report says.
Japan’s fears are justified. In 2017, one of the most notable ransomware outbreaks (christened NotPetya by the media) crippled critical infrastructures in Ukraine, bringing crucial utilities to their knees. And the contagion before it (WannaCry) affected more than a 100 countries worldwide dealing damages in the billions for those falling victim to the attack. Both pandemics are thought to be the hand of state-sponsored actors.