An Open Letter to the Japanese Government on Cybersecurity

Times are changing, and the Japanese Government’s Cybersecurity posture lags behind the best of NATO and other prominent countries.

Every nation that has grown in the Cybersecurity space has felt the woes of malicious threat actors exploiting their systems. The United States for instance, has felt the pain of continued occurrences of ransomware, with one of the worst US Government-affected instances being DarkSide’s attack on the Colonial Pipeline. The pipeline carries fuel from Texas to as far away as New York. Forty-five percent of all fuel consumed on the East Coast arrives via this system. The Colonial Pipeline ransomware attack was one instance of heaps of malicious threat activity carried out over the years.

The United States, however, is one country out of dozens that allow responsible vulnerability reporting. In previous years, allowing ethical hackers to report discovered security concerns was premature, offloading nearly all government vulnerability discoveries onto the plate of US CERT/CC. A breakthrough as a result of the Cybersecurity & Infrastructure Security Agency’s Binding Operational Directive (BOD) 20-01 made it a federal requirement for every government entity to develop, publish, and maintain a vulnerability disclosure program - opening the door for ethical hackers to report security issues in good faith.

Other countries such as the United Kingdom and the Netherlands operate their own form of responsible vulnerability disclosure. The United Kingdom operates through a third party, allowing hackers to conduct vulnerability assessment through Hackerone. The UK’s scope of Government assessment is defined here and issues are routed to the National Cyber Security Centre. In a similar sense, the Netherlands also allows responsible vulnerability reporting through their National Cyber Security Centrum, here.

Leave a Comment