Professor Shozo Naito
Former Nippon Telegraph and Telephone Corporation
Senior Researcher, Information Sharing Platform Laboratory
Director, Cyber Kyoto Laboratory
Professor Shozo Naito worked for (formerly) Nippon Telegraph and Telephone Company (currently NTT) as the Head Researcher in the Information & Distribution Platform Laboratory and is a specialist in networks and information security. Professor Naito spoke with us about security primarily focused on the future trends of system introductions and event hosting in Japan.
Development of My Number System to Strengthen Security Required for Tokyo Olympics
My Number System with Privacy Risks
The My Number (Social Security and Tax Numbers) system has begun.
Utilization of My Number, which was introduced in 2015, such as linking to bank accounts has started. This system has great merit if it is properly used as infrastructure to support the daily life of the population; however, there are also some major risks in terms of security and privacy. It will comprise unique identifies (mainly keys) in a data, so there is a lot of potential, such as its simplicity as well as big data applications through link ups in the information system to support the Japanese public. There are also expanded concerns, such as the illicit use of data and increased harm due to leaks of personal information. There are technical elements being put into place as security measures, such as encryption and authentication protocols to minimize the risks; but not everything is resolved with technology. The design skills to select and appropriately apply suitable security level technology in response to the importance of data that should be protected are also important. In addition, awareness of what range of security measures should be taken with technology is also crucial. For example, SSL (or TLS), a security technology often used on the Internet (when accessing the Web, it used with https), performs server authentication and encryption of data transmission channels, but once data has passed to the server, processing can be performed with raw data. In reality, information leaks mostly occur at this stage.
Cyberspace is the "fifth battlefield"
In recent years, many cases of cyber abuse have been reported, mainly overseas.
Technology is a neutral medium. It can be used with good or bad intention. There are various laws and systems being proposed and enforced to curb or eliminate the bad and to promote the good; but, IT (ICT) advances quickly, and these laws and systems usually trail behind. In Japan, the Basic Act on Cyber Security came into force on January 9, 2015 and stipulates the duties of the national government in measures against cyber-attacks. Awareness is rising around the world towards the fact that cyberspace, following land, sea, air and space, is the fifth battlefield. Also, cyberspace easily transcends the borders of countries, and is continuing to expand. A draft international law (the Tallinn Manual) is also under evaluation to handle conflicts in cyberspace. Even though ISIL doesn't actually have any real territory that's internationally recognized, I've heard that they are using cyberspace to obtain funding, weapons and recruits. I've also heard that they are utilizing advanced technology, such as with encryption. They are also improving the skills of their hackers. Naturally, those on the defense must also respond. People who are involved in the design and operation of security in cyberspace must have a robust imagination against unknown risks. Also, there are no perfect security measures. Preparation of response measures to take after an incident is also important. The formulation of a business continuation plan (BCP) is also required for after an accident, including large-scale natural disasters.
Security measures required in conjunction with "hospitality"
In 2021, the Tokyo Olympics will be held.Measures are also necessary from the IT side.
An event like the Olympics, where lots of people from all over the world come together, is attractive venue for malicious hackers. The London Olympics also fell victim to numerous, repeated cyber-attacks. The Tokyo Olympics will also likely be a target for attack. Also, Japan is trying to encourage more tourism and is actively expanding WiFi spots all over. It is good to improve convenience, but there are also concerns that they will be abused, such as with fraud or threats. I hope that the security measures will be fully prepared and we will be ready for the hospitable Tokyo Olympics.