November 5, 2020
The English version of “Response to Public Comments on the Draft of “IoT Security Safety Framework“(IoT-SSF)” in the reference, has been posted on November 18, 2020.
The Ministry of Economy, Trade and Industry (METI) formulated an “IoT Security Safety Framework” (hereinafter referred to as “IoT-SSF”), a well-organized compilation of approaches to securing trustworthiness of mutual connections between cyberspace and physical space in advancing the “Society 5.0” policy and the “Connected Industries” policy concept, which are goals achieved by utilizing IoT and AI.
1. Background and purpose
On August 2, 2019, METI launched the 2nd Layer Task Force (hereinafter referred to as the “2nd Layer TF”) under Working Group 1 (WG1) of the Study Group for Industrial Cybersecurity. Since then, the 2nd Layer TF has been holding discussions on approaches to securing trustworthiness of mutual connections between cyberspace and physical space.
In “Society 5.0” and “Connected Industries” where cyberspace and physical space are highly integrated, it is extremely important to secure the accurate conversion of information at the border between cyberspace and physical space, i.e., the accuracy of transcription and translation functions.
Security measures for devices and systems connecting physical space and cyberspace, i.e., IoT devices and systems, are required to be conducted by taking into consideration not only a diversity of issues involving IoT devices and systems but also a diversity of environments in which IoT devices and systems are utilized.
Accordingly, the 2nd Layer TF focused on new risks that may be brought about by a new framework connecting cyberspace and physical space and advanced formulation of IoT-SSF as a compilation presenting the configurations of risks and the methods for categorizing security and safety measures for treating such risks.
In the process of advancing its discussions, the 2nd Layer TF published a draft IoT-SSF, including its English version, invited public comments from March 31 to June 24, 2020, and received many opinions from a wide variety of people at home and abroad. In parallel with this, the 2nd Layer TF, the Cross-Sectoral Sub Working Group (SWG) and WG1 also advanced deliberations taking into consideration the received public comments and opinions of experts.
Against this backdrop, in light of the discussion results at WG1, SWG and the 2nd Layer TF, METI formulated the IoT-SSF. Taking advantage of the IoT-SSF, businesses and others are able to smoothly categorize devices and systems connecting physical space and cyberspace by taking into consideration potential risks that may lie in such devices and systems, ascertain viewpoints of security and safety requirements needed for each category, and compare the viewpoints between categories. Through this approach, METI considers it possible for businesses to secure a certain level of consistency among such viewpoints and details of security and safety measures required for the respective devices and systems in a manner tailored to new frameworks and services, even if such devices and systems are considered in separate processes.
2. Related material
- IoT Security Safety Framework (IoT-SSF) Ver 1.0(PDF:683KB)
- Outline of the IoT Security Safety Framework (IoT-SSF)(PDF:153KB)
Division in Charge
Cybersecurity Division, Commerce and Information Policy Bureau