- Home
- Policies
- Policy Index
- Cybersecurity
Cybersecurity
Cyber/Physical Security Framework (CPSF)
“Society 5.0”, where cyber and physical spaces are highly integrated, enables dynamic and flexible supply chains while facing new risks such as increasing sources of attacks and adverse impacts on physical space.
The Ministry of Economy, Trade and Industry (METI) published the “Cyber-Physical Security Framework (CPSF) Ver1.0” on April 18, 2019, which outlines security measures against the new risks in Society 5.0.
- Cyber/Physical Security Framework Ver.1.0(PDF:4,743KB)
- Key points of the Cyber/Physical Security Framework Ver.1.0(PDF:1,373KB)
The Cyber/Physical Security Guidelines for Factory Systems
Traditionally, factory systems (industrial control systems (ICS / OT), their constituent equipment, and connected systems / equipment) have been designed based on the assumption that they will not be exposed to networks such as the Internet. This assumption has changed with the advancement of IoT and automation, as the potential of utilizing the operation data of individual machines and devices has increased. Factory systems are increasingly being exposed to networks such as the Internet in an effort to create new added value; however, this means new sources of security risks are also increasing.Furthermore, factory smartification requires modifications to the control system architecture, and must also be resilient to increasing (cybersecurity) threats throughout the supply chain. Therefore, it is necessary to examine the optimal approach to security of factory systems in a world where factories are closely connected to cyberspace.
In light of these circumstances, The Ministry of Economy, Trade and Industry (METI) published the “The Cyber/Physical Security Guidelines for Factory Systems” on November 16, 2022, and “The Cyber/Physical Security Guidelines for Factory Systems [Appendix: Key Considerations for Promoting Smartification]” on April 4, 2024.
- The Cyber/Physical Security Guidelines for Factory Systems(PDF:2,437KB)
- The Cyber/Physical Security Guidelines for Factory Systems [Appendix: Key Considerations for Promoting Smartification](PDF:2,042KB)
Software TF
Collection of Use Case Examples Regarding Management Methods for Utilizing Open-Source Software and Ensuring Its Security
The collection summarizes the points to keep in mind when utilizing open-source software (OSS), and for each point, provides information including use case examples for companies that are conducting instructive initiatives.
Guidance on Introduction of Software Bill of Materials (SBOM) for Software Management
METI has formulated guidance mainly targeting software suppliers as a compilation of the advantages of introducing SBOM in companies and the key points that companies should recognize and undertake in actually introducing SBOM.
- Guidance on Introduction of Software Bill of Materials (SBOM) for Software Management(English(Provisional Translation))(PDF:1,167KB)
- 【Summary】Guidance on Introduction of Software Bill of Materials (SBOM) for Software Management (English(Provisional Translation)(PDF:285KB)
- 【Appendix】Checklist of actions for the introduction of SBOM(English(Provisional Translation))(Excel:12KB)
『2nd layer』 TF
The purpose of the Framework is to provide the “basic common infrastructure” that will enable players in different fields/industries to use the same approach to review the security and safety of devices and systems that connect cyberspace and physical space, and to enable society to effectively accept the new IoT mechanisms.
『3rd layer』 TF
Data Management Framework for Collaborative Data Utilization
This framework is intended to make it possible to implement the measures necessary to ensure the security of data flowing between entities through appropriate data management, in order for the value creation process to create added value by ensuring the trustworthiness of the data.
JP-US-EU ICS Cybersecurity Week for the Indo-Pacific Region
METI and the Industrial Cyber Security Center of Excellence (ICSCoE) under the Information-technology Promotion Agency, Japan (IPA), hosted the JP-US-EU Industrial Control Systems Cybersecurity Week in collaboration with the US government (DHS/CISA, DOS and DOE, INL) as well as the European Commission (DG CONNECT).
The hands-on training brought together participants invited from the Indo-Pacific region.
FY2023: Oct 9-13, 2023
FY2022: Oct 24-28, 2022
FY2021: Oct 25 – 29, 2021
Cybersecurity Management Guidelines for Japanese Enterprise Executives
These guidelines are aimed at the corporate management of major companies as well as small and medium-sized companies and include, from the viewpoint of protecting companies from cyberattacks, three principles which management needs to recognize and ten important items which management should direct their executive in charge (e.g. CISO) to incorporate in implementing cybersecurity measures.
Press Releases and Related Information
- “Cyber/Physical Security Guidelines for Factory Systems [Appendix: Key Considerations for Promoting Smartification]” Formulated (April 4, 2024)
- Study Group for Promotion of Information Sharing on Damages Caused by Cyberattacks under the Study Group for Industrial Cybersecurity Compiles Final Report (November 22, 2023)
- "JP-US-EU Industrial Control Systems Cybersecurity Week for the Indo-Pacific Region" Held (October 16, 2023)
- “Guide of Introduction of Software Bill of Materials (SBOM) for Software Management” Formulated(July 28, 2023)
Division in Charge
Cybersecurity Division, Commerce and Information Policy Bureau
Note: Provisional translations of the original documents are subject to revision for purposes of accuracy.
Last updated:2024-05-27