Taking the podium at the Opening Session was Jun Murai, Distinguished Professor at Keio University, who talked about the theme of the event, “Toward a Sustainable and Resilient Digital Society: How to Prepare for Cyber Risk and Building Trust.” Defining 2023 as “the year of raising the curtain on a new post-Covid era,” he noted that “during the three years at the height of the Covid pandemic, digital transformation made exponential gains, making the public keenly aware of the arrival of the digital society.”

He cited the establishment of Japan’s Digital Agency and growing use of the Individual Number (“My Number”) system as examples of how the foundations for realizing the digital society are steadily being put into place. Pointing to the acceleration of the Vision for a Digital Garden City Nation, he expressed hope that digitalization will lead to reinvigoration of regional communities and do away with overconcentration in Tokyo. Professor Murai, predicting that Japan’s role in international society will become larger, said that “looking ahead to the emergence of the quantum computer, Japan can contribute in such technology areas as the standardization of Post-Quantum Cryptography.”

At the G7 Summit in 2023, Japan as host country played a leading role in the cybersecurity area. For Japan to maintain this standing into the future, the role to be played by the CISO (Chief Information Security Officer) in government and private corporations is a major one.

Taking part in the panel discussion, “Cybersecurity as a Management Strategy: What should CISOs do in 2024?” were Satoko Shisai, Executive Vice President at Chugai Pharmaceutical; Masaya Higuchi, CEO of Beisia Group Solutions; and Masafumi Nomiyama, Chief Operating Officer of Deloitte Tohmatsu Cyber LLC. With Toshinori Kajiura, President of Japan Cybersecurity Innovation Committee, serving as moderator, they discussed the issues faced by CISOs today and the roles they should play.

Ms. Shisai talked about the balance between digital transformation (DX) and cybersecurity. “With the expansion of business areas by DX, security risks increase. The CISO, at the same time as pushing for DX, is tasked with putting in place security measures.”

Mr. Higuchi of Beisia, which has around 30 Group companies, explained Beisia’s approach of taking security measures in line with each individual company’s circumstances along with measures common to the whole Group. He pointed out the importance of training security personnel while also raising each employee’s awareness. Mr. Nomiyama said that both for retaining security personnel, who are in short supply, and for raising their productivity, it is essential to improve their working environment and compensation.

The latest technologies, such as generative AI and quantum computers, while having many advantages for society, come with the negative aspect of being open to exploitation by cyber attackers. In the panel session, “New Opportunities and Threats Posed by the Latest Technologies,” the participants discussed the impacts on society from the latest technologies and the risks from a cybersecurity standpoint.

Madan M. Oberoi of Interpol pointed out that “with the emergence of new technologies, the threshold for cybercrime exploits has been lowered.” There is now even Ransomware-as-a-Service (RaaS), providing tools to criminal groups for their ransomware attacks. To deal with this rapid rise of criminal actors, building a platform for globally sharing the latest trends in cyberattacks is urgently needed.

Joichi Ito, President of the Chiba Institute of Technology, also noted that while the spread of AI is progressing as costs come down, there are concerns about its use for malicious purposes. He expressed the view that preventing such use requires making AI architecture “secure by design” and managing it so that compliance is built in from the start.

Kana Shinoda, CEO of BLUE Co., pointed to the global trend of increased cybercrime involving blockchain abuse, and the problem of insufficient human resources for countering it. Moderator Jun Murai, in his summary of the discussions, noted that fighting cybercrime requires a framework not limited to technology but including institutional and ethical aspects, and called for Japan to involve both public and private sectors in creating such a framework.

One approach drawing attention as an institutional and ethical framework is the “security clearance” system. In the panel discussion, “Getting to the Essence of Security Clearance,” moderated by Professor Ikuo Misumi of Tokai University, Mayu Arimoto of the Alesia International Law Office and Cabinet Councillor Yoichi Iida were joined by Mr. Kajiura in talking about the new security clearance system in Japan and the impacts after it goes into effect.

Mr. Iida explained that the purpose of this system is to “strengthen protection of important information in possession of the government from the standpoint of economic security.” The current stage, however, is still one of Expert Committee discussions about the scope of the information covered and investigation methods, so that many elements remain uncertain.

Mr. Kajiura also noted that while there were hopes this system will be effective in defending social infrastructure, the coverage scope was not yet clear. Among his concerns were the possibility of large costs being incurred by corporations, and whether employee rights will be properly protected.

Ms. Arimoto addressed these issues by commenting that “for information protection, ‘people,’ ‘organizations,’ and ‘facilities’ are essential; and careful explanations through non-disclosure agreements are demanded.”

According to Japan’s Information-technology Promotion Agency (IPA) in its “10 Major Security Threats in 2023,” the biggest threat to organizations is the damage caused by ransomware attacks, followed in second place by attacks taking advantage of supply chain vulnerabilities. Devising measures to defend the supply chain from increasingly high-level and ingenious attacks is an urgent issue.

Taking the stage for the panel session “Supply Chain Defense 2024” were Keisuke Ohara of Chugai Pharmaceutical; Yuichi Katsube, General Manager of Kinki Roentgen Industrial; and Atsushi Soma, Managing Director of Deloitte Tohmatsu Cyber. With Masahiro Uemura, Deputy Director-General for Cybersecurity and Information Technology of the Ministry of Economy, Trade and Industry (METI) serving as moderator, the panelists discussed the latest situation for supply chain attacks and countermeasures.

Mr. Ohara introduced the initiatives being taken by Chugai Pharmaceutical. Chugai selected 70 firms with relatively high business continuity from those in its supply chain and conducted an evaluation of their security readiness from a technology standpoint. Where improvements were deemed necessary, Chugai offered advice and followed up, aimed at raising the overall level of the supply chain.

Mr. Katsube described how his company introduced a Software Bill of Materials (SBOM) initiative from the standpoint of a medical equipment manufacturer. He said that while his company undertook SBOM introduction aimed at compliance with laws and regulations, the problems of the difficulty in creating an accurate SBOM and the high cost of introduction also became apparent. Mr. Soma, noting that the definition of supply chain security is broad, pointed to the needs for identifying your own firm’s priority issues and for developing human resources, and further stressed the importance of strengthening industry-wide initiatives.

In the final panel session, “Preparing for Ransomware and the Infrastructure Crisis,” the participants talked about the ransomware attack on the Osaka General Medical Center operated by the Osaka Prefectural Hospital Organization, that took place in October 2022, and the response. One of the panelists was Hirofumi Morito, who works for the Medical Center He said that what he learned from the attack and all the damage it caused was that “any organization, no matter how small, can be targeted by an attack. Companies must acknowledge that the risk of cyberattacks is real, and must keep in mind the countermeasures to be taken if actual damage occurs.”

Another panelist, Kobe University Professor Masakatsu Morii, highlighted the need for industry-wide information sharing and cooperation. Panel member Tomoji Furuta of the Japan Automobile Manufacturers Association described how the automotive industry as a whole has drawn up security guidelines, and introduced their initiatives for strengthening overall supply chain security.

Kenichi Sakurazawa, Managing Director of the Japan Cybercrime Control Center who served as moderator, closed the session by commenting that the importance of fostering common awareness of cyberattacks and sharing specific technical countermeasures is recognized across industries.