Cybersecurity

METI Cybersecurity Division

Who we are: METI’s Role in Cybersecurity

figure2

In Japan, each ministry is responsible for cyber security policies in their respective areas, and overall coordination of cybersecurity policy is conducted by NISC (National center of Incident readiness and Strategy for Cybersecurity) under the Cybersecurity Strategic Headquarters.

METI’s mission is to improve cybersecurity measures in the industrial sector.

 

Our Policies

Press Release

For all companies

Cybersecurity Management Guidelines

guideline on company management for all sectors and sizes, as management must be involved with implementing cybersecurity measures before cyberattacks and cyber incidents occur.

figure3

For SMEs

5-Minute Self-Assessment

A Self-Assessment Questionnaire sheet to easily identify the information security measures your organization should prioritize, particularly for SME owners and practitioners.

figure4

For certain sectors

Guidelines for Factory Systems

A guideline for factories to protect data and equipment when in operation, as cyber attacks targeting factories are increasing in number and sophistication. Specifically targeted for ICS and OT (does not include IT systems).
figure5

Guidelines for Automotive Industry

A framework of countermeasures for automakers and their supply chain companies to address cybersecurity risks unique to the automotive industry.
Includes industry-wide self-evaluation to improve the level of cybersecurity measures for the entire automotive industry and to promote efficient inspections of the level of countermeasures.

JAMA/JAPIA Cybersecurity GuidelinesLink

See the PDF document JAMA/JAPIA Cybersecurity Guidelines (English Version).
The handbook provides detailed explanation of the guidelines is also available on the website.

figure6

Guidelines for Space Systems Security

Product Security

IoT (Internet of Things)

figure7

Software Security

Software Bill of Materials (SBOM)

figure8

Guidance ver.2.0 (August 29, 2024)

Note: Revisions from ver 1.0

  1. Approaches to specifying the process for managing vulnerability (Chapter 7)
  2. Addition of SBOM-compliance model (8. Appendix)
  3. Addition of SBOM-contract model (9. Appendix)

Guidance ver.1.0 (July 28, 2023)

Open-source software management

A collection of use case examples on management methods for utilizing open-source software (OSS).

Cyber Skills

Human Resource Development Program

The Industrial Cyber Security Center of Excellence (ICSCoE) under the Information-technology Promotion Agency, Japan (IPA) provides three programs: 1. Core Human Resource Development Program, 2. Programs for Managers, 3. Programs for Practitioners.

JP-US-EU Industrial Control Systems Cybersecurity Week for the Indo-Pacific Region

A one-week training program for the Indo-Pacific region has been held annually by the governments of Japan (METI, ICSCoE IPA), US, and the EU since 2018. Focusing on industrial control system (ICS) cybersecurity, the program aims to improve ICS cybersecurity for critical infrastructure providers, manufacturers, and others in the Indo-Pacific region.

figure9

Registered Information Security Specialist (RISS)

The “Registered Information Security Specialist (RISS)” system is a national qualification system for cybersecurity professionals. The RISS system began in October 2016 based on the revised “Act on Facilitation of Information Processing. “

22,845 individuals have been registered as RISS as of October 1, 2024.

Research and Development

Under Construction

Promoting Cyber Industry

Under Construction

Critical Infrastructure:
Gas, Electric power, Petroleum, Credit, Chemical

Under Construction

Underlying Framework:
Cyber/Physical Security Framework

Last updated:2025-04-11