top of page
Search
    • Jan 19, 2021
    • 4 min read

SECURITY BRIEF

__________________________________________________________________


Week of January, 04 | Issue 1


Team: PACOM

Mark Christian Soo




Date: January 5, 2021

Location: Tokyo, Japan

Parties involved: Tokyo Organizing Committee of the Olympic and Paralympic Games; National Institute of Information and Communications Technology; UK Foreign, Commonwealth and Development Office; Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU); unnamed ‘white hat’ hackers

The event: The Tokyo Organizing Committee of the Olympic and Paralympic Games announced that around 220 white hat hackers were being trained to ensure the Tokyo Olympic and Paralympic Games are protected from all cyber attacks. These hackers have participated in an extensive training program conducted under the National Institute of Information and Communications Technology in preparation for the Olympic Games originally scheduled for 2020. Sector-dedicated task forces of cyber security experts have also been created to dispel cyber attacks on critical infrastructures. Concerns were raised by the UK regarding the GRU’s alleged hacking activities. Due to the COVID-19 pandemic and the possibility of limiting spectators, the Olympic committee would be forced to use live streaming to broadcast the event. Similarly, since most Olympic Games staff members are working remotely, there are concerns that they will be targeted by hacking into their computers and other electronic devices.

The implications:

  • South Korea was targeted in the 2018 Pyeongchang Winter Olympic Games with hackers messing up the opening ceremony and Wi-Fi services. This event prompted Japan to work and secure the games from a similar incident by recruiting white hat hackers from the private sector aside from putting up anti-hacking measures from law enforcement and the Japanese Self-Defense Forces.

  • The alleged presence of GRU-backed hackers in their previous attempt to target organizations and groups associated with the Tokyo Games would indicate that the move is at least tolerated by Russia. This would put a strain on Japanese-Russian bilateral relations as the two countries are trying to work out certain issues, such as the sovereignty over the Kuril Islands.

  • A potential hacking attack on the Tokyo Olympics-affiliated groups would likely consist of stealing user credentials and other sensitive information from devices that may not have their operating systems updated. This problem was highlighted by the National Police Agency (NPA) after it publicly reported that unknown hackers have breached its cybersecurity defenses from August 2019 to November 2020 to hack into a virtual private network (VPN) made by Fortinet. The NPA reported that the hacking was successful because the VPN did not have the necessary updates installed to better protect it from data breaches.


Date: January 7, 2021

Location: Tokyo, Japan

Parties involved: Minister of State for Science and Technology Policy Takuya Hirai; Former Prime Minister Shinzo Abe

The event: Japan has no system that allows the central and local governments to share data on COVID-19 to the private sector and vice versa, including any data protection to ensure privacy. According to the World Digital Competitiveness Ranking by the Institute for Management Development (IMD), Japan is listed 27th out of 63 nations on the ranking. While Japan is known for its technological framework, it had the worst position in key areas such as big data use and overseas experience of IT engineers. In response, during the 2019 World Economic Forum (WEF) former Prime Minister Shinzo Abe advocated for the Data Free Flow with Trust (DFFT), a concept where countries implement data protection regulations without hampering the free flow of data. Abe then proposed the Osaka Track (OT) initiative at the G20 summit as a follow-up. It would allow countries and international bodies to create regulations on data flow and e-commerce within the World Trade Organization (WTO) framework. Takuya Hirai is tasked as Japan’s Minister of State for Science and Technology Policy to conduct reforms on data governance with the eventual creation of a Japanese digital agency that would be tasked to handle data from the public and private sector and enforce rules on data privacy to ensure that it is not misused.

The implications:

  • The proposal to use the DFFT and the OT indicated Abe’s willingness to take the lead in the international area. Japan has a different data-handling approach from the US (where data are managed by big technology companies like Google and Apple) or the EU that heavily focuses on privacy protection. The Basic Act on the Advancement of Public and Private Sector Data Utilization was passed in the Diet in 2016, making Japan the fourth country belonging to the Organization for Economic Co-operation and Development (OECD) to promote open data. However, Tokyo is hampered because all data is required to be sent via fax or typed manually before it can be sent to the relevant government agency. The proposed digital agency would be responsible for drafting rules on data privacy for individuals, but ensuring that free flow of data would be maintained when access is needed, based on Abe’s DFFT and OT ideas.

  • The creation of a digital agency would be beneficial to the public and private sector because it would get rid of sectionalism between government/administration entities and prevent misunderstandings or data monopolization in times of crisis to ensure they can easily make decisions based on collected information. The agency would use collected data to react during emergencies. Data ordinances enacted for prefectural and municipal governments would need to be updated to reflect the legality of submitting and sharing data with the central government.

45 views
bottom of page