About CYNEX
What Japan needs to do to break out of the data-losing spiral
CYNEX (Cybersecurity Nexus), launched in April 2021, is a new organization of the Cybersecurity Research Institute. Nexus means “nodal point,” and as the name suggests, the mission is to create a nodal point, that is, “a nexus of cybersecurity,” for industry-academia-government.
The background behind the launch of Nexus was an anxiety that Japan might be in a data-losing spiral after a long period of cybersecurity research. Japan has never emphasized domestic security data collection. This is because it takes time to collect data. It also takes time to get results. However, if data is not collected, research and development based on the latest cyberattacks and human resource development cannot be conducted. Then, domestic technology cannot be created, and that technology will not spread. And new data cannot be gathered and research based on it cannot be conducted - and so on. We are now in an unbalanced situation where information in Japan is being taken overseas by security appliances and services, and cyberattack threat information analyzed overseas is being purchased at high prices.
What Japan needs now is to collect and accumulate data on a large scale, analyze it routinely and systematically, create home-grown security technology, and deploy it in society. CYNEX was established for this purpose.
Four sub-projects
Four sub-projects aimed at improving Japan’s cybersecurity response capabilities
In addition to the research and development results and data accumulated by the Cybersecurity Laboratory over the years, NICT has the know-how of the National Cyber Training Center, an organization that has conducted human resource development programs such as CYDER, a practical cyber defense exercise, which are combined in this CYNEX. CYNEX brings together the expertise of these organizations.
CYNEX aims to improve Japan’s cybersecurity response capabilities by collaborating with outside organizations to jointly analyze data, conducting long-term operations at CYNEX to verify prototypes of security products from private companies, and accepting personnel to be trained.
To this end, CYNEX has launched four sub-projects called Co-Nexus. Co-Nexus A (Accumulation & Analysis) involves data collection using a common data collection infrastructure and joint analysis. For example, NICT has developed STARDUST, a large-scale analysis environment that looks like an actual organization’s network, and by having participating organizations use it, we are creating a system that enables domestic analysis of various types of attack events. Co-Nexus S (Security Operation & Sharing) is a human resource development and threat information sharing program. For human resource development, we have corporate engineers join our analysis team to improve their skills. Co-Nexus E (Evaluation) builds a test environment for domestically produced security products, and NICT security engineers perform functional verification and provide feedback. Co-Nexus C (CYROP: Cyber Range Open Platform) aims to accelerate human resource development in Japan by opening up the environment and content for cyber training.
Although CYNEX is a new organization with less than two years of history, it has already begun collaborating with private companies and universities around these four Co-Nexuses.
Future prospects
Aiming for security self-sufficiency
NISC (the National center of Incident readiness and Strategy for Cybersecurity) has a Cybersecurity Strategy Headquarters, and in May 2019, the Research and Development Strategy Expert Committee issued a plan for cybersecurity research and technology development initiatives. The plan states that one of the challenges facing Japan is its low cybersecurity self-sufficiency rate. The term “security self-sufficiency rate” is actually a term we started to use, but just as the food self-sufficiency rate indicates the percentage of food produced domestically out of the domestic food supply, the security self-sufficiency rate indicates the percentage of security technologies and products we use that are made in Japan. Japan has one of the lowest food self-sufficiency rates among developed countries, and a low food self-sufficiency rate means that the country relies heavily on imports from overseas, which poses a risk to a stable supply. In the same way, a low self-sufficiency rate in security is a problem both from the perspective of ensuring international competitiveness and from the perspective of risk.
CYNEX is working to improve the self-sufficiency rate of security as its ultimate goal. It launched Co-Nexus and pilot projects with the initial participating organizations until FY2022 and plans to start full-scale operation of the Alliance in FY2023. More than 30 organizations have already participated in the first year, and we have a feeling that this will lead to a variety of interesting results. As a different phase of research and development from that conducted by the Cybersecurity Laboratory, I hope that we can work to make Japan a safer country from the bottom up.
