TOKYO: The Japanese government is considering requiring private-sector operators of important infrastructure to report when they suffer damage from cyberattacks, government officials said Sunday.
The move is designed to prevent cyberattack damage from spreading to other businesses by sharing information quickly.
Government officials are concerned that businesses are reluctant to report on cyberattack damage for fears about a possible decline in stock prices.
A panel of experts that the government set up to discuss ways to protect against cyberattacks is expected to compile an interim report shortly that will outline the reporting requirements.
In 2022, the government released an action plan on cybersecurity for important infrastructure in which businesses are encouraged to report on cyberattack damage with no legal obligations.
The Japan Association of Corporate Executives, a major business lobby group, has been calling on the government to make the reporting mandatory.
The requirements are expected to cover operators of infrastructure that will inflict a serious impact on people’s lives and economic activity in the event of a cyberattack.
The economic security promotion law lists 15 sectors, including telecommunications, finance, airports and ports, as basic infrastructure. The government’s cybersecurity task force has designated 15 industries, including government and administrative services and medical care, as critical infrastructure.
JIJI Press