Japan Joins Cybersecurity Framework to Encourage Secure by Design Software, Shift Accountability Burden to Manufacturers

Yomiuri Shimbun file photo
Digital minister Taro Kono

Japan has joined an international framework backed by cyber powers, including the United States, the United Kingdom and Israel, for software manufacturers to ensure security of their products against cyber-attacks, digital minister Taro Kono announced Tuesday.

The 13 participating nations have compiled a guide emphasizing manufacturer accountability to encourage the creation of products that are secure by design and by default to protect customers.

Cyber authorities including from the U.S. Federal Bureau of Investigation (FBI) and the U.K. National Cyber Security Centre are taking part, and Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) has joined in, as the nation aims to deepen cooperation with the other participants and strengthen its own cybersecurity.

The guide, which is not legally binding, sets forth three principles that manufacturers should address at the stage of product design: take ownership of customer security outcomes; embrace radical transparency and accountability; and build organizational structure and leadership to achieve these goals.

Specifically, the guide urges manufacturers to introduce “multiple layers of defense — known as defense-in-depth” to, for example, prevent viruses from spreading to an entire system; eliminate “default passwords that are universally shared”; “mandate multifactor authentication”; and “publicly name a secure by design senior executive sponsor” who can oversee changes that can “dramatically improve the security of the products.”

The framework aims to “move much of the burden of staying secure to manufacturers and reduce the chances that customers will fall victim to security incidents resulting from misconfigurations, insufficiently fast customer patching, or many other common issues.”