Cybersecurity

Cyber/Physical Security Framework (CPSF)

“Society 5.0”, where cyber and physical spaces are highly integrated, enables dynamic and flexible supply chains while facing new risks such as increasing sources of attacks and adverse impacts on physical space.
The Ministry of Economy, Trade and Industry (METI) published the “Cyber-Physical Security Framework (CPSF) Ver1.0” on April 18, 2019, which outlines security measures against the new risks in Society 5.0.

The Cyber/Physical Security Guidelines for Factory Systems

Traditionally, factory systems (industrial control systems (ICS / OT), their constituent equipment, and connected systems / equipment) have been designed based on the assumption that they will not be exposed to networks such as the Internet. This assumption has changed with the advancement of IoT and automation, as the potential of utilizing the operation data of individual machines and devices has increased. Factory systems are increasingly being exposed to networks such as the Internet in an effort to create new added value; however, this means new sources of security risks are also increasing.
Furthermore, factory smartification requires modifications to the control system architecture, and must also be resilient to increasing (cybersecurity) threats throughout the supply chain. Therefore, it is necessary to examine the optimal approach to security of factory systems in a world where factories are closely connected to cyberspace.
In light of these circumstances, The Ministry of Economy, Trade and Industry (METI) published the “The Cyber/Physical Security Guidelines for Factory Systems” on November 16, 2022, and “The Cyber/Physical Security Guidelines for Factory Systems [Appendix: Key Considerations for Promoting Smartification]” on April 4, 2024.
 

Software TF

Collection of Use Case Examples Regarding Management Methods for Utilizing Open-Source Software and Ensuring Its Security

The collection summarizes the points to keep in mind when utilizing open-source software (OSS), and for each point, provides information including use case examples for companies that are conducting instructive initiatives.

Guidance on Introduction of Software Bill of Materials (SBOM) for Software Management

METI has formulated guidance mainly targeting software suppliers as a compilation of the advantages of introducing SBOM in companies and the key points that companies should recognize and undertake in actually introducing SBOM.

『2nd layer』 TF

The purpose of the Framework is to provide the “basic common infrastructure” that will enable players in different fields/industries to use the same approach to review the security and safety of devices and systems that connect cyberspace and physical space, and to enable society to effectively accept  the new IoT mechanisms.

『3rd layer』 TF

Data Management Framework for Collaborative Data Utilization

This framework is intended to make it possible to implement the measures necessary to ensure the security of data flowing between entities through appropriate data management, in order for the value creation process to create added value by ensuring the trustworthiness of the data.

JP-US-EU ICS Cybersecurity Week for the Indo-Pacific Region

METI and the Industrial Cyber Security Center of Excellence (ICSCoE) under the Information-technology Promotion Agency, Japan (IPA), hosted the JP-US-EU Industrial Control Systems Cybersecurity Week in collaboration with the US government (DHS/CISA, DOS and DOE, INL) as well as the European Commission (DG CONNECT).
The hands-on training brought together participants invited from the Indo-Pacific region.

FY2023: Oct 9-13, 2023

FY2022: Oct 24-28, 2022

FY2021: Oct 25 – 29, 2021

Cybersecurity Management Guidelines for Japanese Enterprise Executives

These guidelines are aimed at the corporate management of major companies as well as small and medium-sized companies and include, from the viewpoint of protecting companies from cyberattacks, three principles which management needs to recognize and ten important items which management should direct their executive in charge (e.g. CISO) to incorporate in implementing cybersecurity measures.

Press Releases and Related Information

Division in Charge

Cybersecurity Division, Commerce and Information Policy Bureau

Note: Provisional translations of the original documents are subject to revision for purposes of accuracy.

Last updated:2024-05-27