Japan's cybersecurity 'experts' lacking in numbers, skill

Japan's cybersecurity 'experts' lacking in numbers, skill

Amid ever-increasing cyber-attacks, a shortage of cybersecurity experts has become a serious problem.

At least 80,000 more information security experts are reportedly needed, with private companies in particular facing an acute shortage of engineers who can deal with cyber-attacks.

Under such circumstances, various efforts have been made not only by the government, but also by universities and private organisations.

Slow to act

Japan Airlines' Mileage Bank website was exposed to illegal logins in February, but it was not until July 31 that JAL introduced a system under which users are now required to enter their passwords twice to prevent illegal access.

An official in charge of the issue explained it took about six months to implement the measure because of a shortage of cybersecurity personnel.

"Due to the rapid advancement of technology, we couldn't deal with the problem using our engineers or those from our affiliated companies alone," the official said.

According to an estimate by the Information-Technology Promotion Agency, Japan (IPA), there are about 265,000 private-sector engineers involved in cybersecurity in the country.

Of them, about 160,000 do not have enough expertise and skills to adequately respond to cyber-attacks, such as the altering website content or the theft of information.

Even if they enhance their expertise and skills, an additional 80,000 engineers would still be required, according to the estimate.

When a cybersecurity expert informed a domestic parts maker of its computers having been infected with a virus, the maker's cybersecurity chief-who also worked for the personnel affairs section-did not have enough knowledge about computer viruses to respond.

A leading US bank is said to have about 1,500 employees solely involved in security issues.

"Unless government offices or private companies vulnerable to cyber-attacks increase their manpower and equip personnel with the necessary knowledge and skills, it would be impossible for them to swiftly deal with such attacks," said Itsuro Nishimoto, director of the major information security company Lac Co.

Cyberdefense exercises

The Security Camp, where young people improve their cybersecurity skills in a training-camp-style session, began Tuesday in Chiba.

About 301 people applied for the event, organised by the IPA and others, and 42, including a 13-year-old middle school student, passed the prescreening to participate.

"We'd like to make the event a place to develop capable people who have knowledge about information security even if they may move on to other fields in the future," said Nobuo Miwa, chairman of the Security Camp Executive Committee.

Meanwhile, Fumiaki Yamazaki, a visiting professor at the University of Aizu, held a cyberdefense exercise at the university in July. Yamazaki, who has served as a member of the central government's committee regarding information security, believes it is essential to learn about cyberdefense measures from the viewpoint of attackers.

Participants pay nearly ¥320,000 (S$4,000) to experience realistic cyberattacks in the 10-day workshop, but the bookings for 30 slots were immediately filled, with adults and students applying to participate.

"Company officials in charge of information security who are exposed to cyber-attacks every day have come to understand the necessity of such exercises," Yamazaki said.

Kyushu University and the University of Nagasaki plan to create a department or a required course specialising in information security.

Six years from now

As a national event is susceptible to cyber-attacks, Japan's handling of the issue ahead of the 2020 Tokyo Olympics and Paralympics will be of great interest.

While time is limited to develop relevant manpower, it is believed the volume of telecommunication traffic will increase due to the spread of wearable devices such as smartglasses and smartwatches, and as a result, cyber-attacks are expected to drastically change in both nature and scale.

With such a situation in mind, the Japanese and US governments jointly held their first meeting of the Cyber Defence Policy Working Group at the Defence Ministry in February, where the issue of manpower development in the field of cyberdefense was the main topic of discussion.

An expert panel concerning the utilization of information technology proposed that the government focus on measures to develop relevant manpower earlier this month.

"It is important to develop staff who are capable of dealing with cyber-attacks, and then show them a career path where they will be properly treated within the organisation in the future," said an official at the National Information Security Center.

"It is a pressing issue to be dealt with through a business-government-academia collaboration."

More about

Purchase this article for republication.



Your daily good stuff - AsiaOne stories delivered straight to your inbox
By signing up, you agree to our Privacy policy and Terms and Conditions.