Cybersecurity to Include oil, Credit Cards, Dyman & Associates Risk Management Projects



The Yomiuri Shimbun

Taking its cue from rising cyber threats and lessons from the 2011 earthquake, the government will add credit card companies and the oil and chemical industries to the list of key infrastructure that require greater protective measures against system failure, according to draft revisions of a government action plan.

The plan functions as a guideline for public-private cooperation in preventing system failures due to cyber-attacks and natural disasters.

With the latest revision, which was unveiled on Saturday, the government aims to provide crisis management support for these companies to minimize damage in case of such events.

This revision is the second for the government action plan, originally compiled in 2005.

The information security policy council, headed by Chief Cabinet Secretary Yoshihide Suga, will make a formal decision on the plan in March.

The government has designated certain domains as critical infrastructure in consideration of their public nature and based on the potential impact of a system failure on economic activities and people’s daily lives.

Companies in the designated business categories will be required to share information with relevant ministries and agencies and take part in drills to prepare against cyber-attacks.

The 2005 action plan designated the following business categories as critical infrastructure: information and telecommunication; financial services; aviation; railways; electric power; gas supply; government and administrative services, medical services; water utility and distribution businesses.

This revision is the first time that new domains have been added to the designated critical infrastructure.

In the chemical field, companies dealing with naphtha, or crude gasoline, and ethylene also were designated as important infrastructure. In the event of a system failure, there is the possibility of losing control of plant operations, which creates an increased risk of explosion, or leaks of hazardous materials from the premises.

Following the 2011 Great East Japan Earthquake, several oil refineries in the Kanto region and elsewhere were shut down.

In the event of a protracted disruption of the oil supply, backup power at companies related to the important infrastructure is expected to stop functioning, potentially causing a series of system-wide issues.

In the consumer credit domain, the 2011 hacking of Sony Corp.’s PlayStation online services caused the leak of a large amount of personal information from various parts of the world. The incident stoked fears that leaked credit card information might be used for fraudulent purposes.

The government will furnish companies in the credit card industry with information on related cases from overseas and relevant countermeasures, and will compile international guidelines for the firms to help protect them from such inci-dents.

The draft stipulates for the first time the social responsibility of the companies to continue to offer their customers services even in the event of cyber-attacks.

In the draft, the government required affected companies to draft necessary plans, secure budgets and implement systems to deal with these situations