In December we told you about Yoshitaka Sakurada, Japan's Minister of Cyber Security, who is famously computer illiterate: he has never used a computer nor he is familiar with USB drives.
Recently mainstream news picked up a story about the Japanese government passing legislation allowing their National Institute of Information and Communications Technology (NICT) to attempt to breach their citizens’ home and business networks. According to NHK, Japan’s national public broadcasting organization, the government approved of the first-of-its-kind venture on Friday.
Authorities will compile a list of insecure devices to report to affected users with an overall goal of increasing the public’s safety and security.
Legislation of this kind and the measures it seeks to legitimize will be a matter of debate for centuries. How in depth should security scanning go?
Search engine caching bots are legally allowed to try to gain read-only access to anything you open to the internet. Whether or not you intentionally meant to put it on the internet is irrelevant.
If, however, you hide your service(s) behind a login screen, it is illegal for these search engine bots to attempt to log into the system. If there were to successfully log in, it is considered unauthorized access which is a crime.
The question remains: can the government compile a list of insecure devices from one of these search engines or operate like them? Absolutely and that would fulfill their stated goal of reporting vulnerable devices to their owners without the need to breach their citizens’ devices.
So why is the Japanese government going beyond what is necessary to attain their stated goal?
They are also creating a central repository of their country’s primary cyber security weaknesses. This would make the NICT the most valuable target in the country. Hack into the NICT and you can access extremely valuable data.
This policy could use some improvement. It’s hard not to suspect that it’s deficiencies are at least in part due to their computer illiterate Minister of Cyber Security.