Japan drives for infosec self-sufficiency – at least in one layer of deep defenses

Japan's National Institute of Information and Communications Technology yesterday launched the CYNEX Alliance – an entity charged with fostering local development of security tools and encouraging their adoption by local industry to reduce dependence on imported infosec tools.

CYNEX, short for Cyber Security Nexus, was formed in 2021 to link industry, academia and government. Yesterday's announcement caps those early efforts by revealing four Co-Nexuses to advance the nation's infosec capabilities, namely:

• An analysis effort that will collate data from existing cybersecurity research efforts, including a next-gen honeypot environment, and foster a community of infosec analysts to consider the data and how to use it in Japan's defense;
• A Security Operation Center (SOC) that shares threat information. This Co-Nexus includes training so that participants from participating organizations can use the SOC and the info it produces to inform their ongoing security activities;
• An Evaluation stream will introduce prototypes of domestic security products developed by participating organizations into the Institutes' network environment, where they'll be refined with a view to developing domestic security products. The Institute will test the products, with help from a CYNEX Red Team;
• Infosec training for private orgs, or educational students, with a suite called "Cyber Range Open Platform" (CYROP).

Another CYNEX Alliance initiative will see Japan's Cybersecurity Universal Repository (CURE) – a platform that aggregates cyber security-related information and enables cross-sectional analysis of disparate information, opened to participating organizations. Some of the info in CURE will be drawn from analysis of the many thousands of computers used by Japan's government and its agencies.

One hoped-for effect of the above initiatives is development of production-ready infosec tools that Japanese orgs can run by 2025, thereby reducing the nation's reliance on imported tools.

• Routers have been rooted by Chinese spies, US and Japan warn
• Japan rebukes Fujitsu for cloud security fails
• Search for phone signal caused oil spill, say Japanese investigators
• US Space Force wants hotline to China amid rising tensions

Japanese news outlet Nikkei reports that the local software will run alongside Microsoft security wares found on most PCs, as part of a defense in depth strategy.

Which seems sensible. While Japan's industry and academia are both world class, creating robust infosec tools is a non-trivial task – attackers would be certain to test the quality of the nation's efforts.

And of course, defense in depth is sound strategy in most scenarios. If Japanese products can own one layer of local outfits' defenses, that will be good for indigenous businesses.

News of the CYNEX Alliance's goals came in the week after Japanese authorities warned that China-aligned attackers have compromised Cisco routers – one of many threats Japan's neighbor is thought to represent to the nation's cyber security. ®