By KOJI NISHIMURA
The Asahi Shimbun
Some of Japan's leading companies are about to deliberately set
themselves up for sneak cyber attacks-but it's all part of a
government plan to improve corporate online security.
Under the plan starting next fiscal year, "legitimate" hackers will
use typical cyber-attack methods-such as trying to infiltrate
corporate networks or inundating Web sites with hits-to expose
Their first targets will be in the telecommunications industry.
It may sound like a frightening misuse of authority, but businesses
should have nothing to fear as the "targets" will be limited to
corporations that volunteer for the drills.
The three-year program, with a budget of about 1.5 billion yen for the
first year alone, is the brainchild of the Ministry of Internal
Affairs and Communications, which oversees Internet service providers
and other businesses.
The mock attacks are aimed at helping businesses arm themselves
against real cyber attacks by exposing system weaknesses and training
personnel, sources said.
Internet service providers already use sophisticated anti-virus
software, firewalls and other protection against the rising threat of
But it is hard to tell how effective measures are until a hacker gets
Another problem is businesses have little experience in working
together to prevent damage from spreading, the sources said.
The vulnerability of Internet businesses was demonstrated when
Kakaku.com's database was invaded by a hacker in May, forcing the
nation's top price-comparison Web site to shut down for about a week.
The ministry plan includes setting up a task force of information
security experts from universities and other institutions.
Over several weeks, the team will stage surprise attacks on businesses
that apply to take part. Because the attack will end when infiltration
succeeds, it will not cause real damage to systems or data leaks,
according to the sources.
Through the exercise, companies will learn not only where problems
lie, but also how well their crisis management plans work, the sources
They can check when and how problems were detected and whether
responses, including internal and external liaison, were adequate.
The findings will be released publicly with the aim of improving
anti-hacker protection. Participants' names won't be revealed, the
sources said.(IHT/Asahi: June 15,2005)
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 -
2,000+ international security experts,
10 tracks, no vendor pitches.