Fearing a situation like the Colonial Pipeline-like hack, the Japanese government is set to impose restrictions on the usage of foreign equipment and technology in its private sector. It will introduce new security regulations for 14 critical infrastructure sectors including, telecommunications, electricity, finance, railroads, government services, and health care will be covered.
The Policy in Public Sector
Japan had reportedly stopped procuring foreign equipment in government purchases since 2018 “to avoid hacks and intelligence leaks.” The move was specifically aimed at keeping China at bay, who at the time were being blamed by the U.S. for carrying out spying and espionage campaigns through Huawei’s 5G equipment. Following these accusations, the U.S., the U.K., and Australia ordered an immediate ban on importing Huawei’s 5G equipment and ordered the removal and replacement of the installed equipment too. Japan being a close ally of the U.S., and the fact that it could cause economic security risks to its homeland, followed suit.
However, the recent turn of events in the U.S., where the privately run Colonial Pipelines was hacked, probably pressured the Japanese government into extending this ban to the private sector too. The brutal ransomware attack on the Colonial Pipeline infrastructure saw a temporary halt in its supplies affecting many major East Coast cities including Washington, D.C.; Baltimore; and Atlanta. Concerns over a fuel crunch and price hike saw frantic buying from citizens of these regions, which further escalated the fuel shortage. The situation was later brought under control as a partial recovery of fuel supplies was attained soon. The chaos led to the POTUS signing an Executive Order to bolster the nation’s fight against rising cyberattacks.
Present Private Sector Woes
In the same week, another Japanese tech giant Toshiba’s subsidiary in Europe fell victim to a ransomware attack, which was probably conducted by the same threat group involved in the Colonial Pipeline hack. The attack led to the suspension of all communication lines between Toshiba’s European and Japanese offices. The investigation, as last reported, is still underway. However, it seems to have already tolled the warning bells for the Japanese government, which is cautious about a potential cyberthreat aimed at its private sector.
A report from Nikkei Asia said, “The government plans to amend the various laws governing each sector in one sweeping motion and add a clause requiring each sector to be conscious of national security risks.” These new security regulations will also apply to foreign services including cloud storage, data centers, and servers located offshore. Additionally, the government will also undertake frequent monitoring of private sector companies for compliance and shall withhold them if they are found flouting the norms. This can also lead to the cancellation of their license in case of a major issue.