In recent years, cyberattacks exploiting vulnerable IoT* devices have been increasing, and IoT device users need to take proper security measures.
Starting on February 20, 2019, the Ministry of Internal Affairs and Communications (MIC) and the National Institute of Information and Communications Technology (NICT), in cooperation with telecommunications carriers, will conduct the “NOTICE” (National Operation Towards IoT Clean Environment) project to survey vulnerable IoT devices and to alert users to the problem.
* An abbreviation for the “Internet of things.” An IoT device refers to a device that can connect to the Internet.

1. Background

In the age of IoT/AI, everything is being connected to a network, such as the Internet. Cybersecurity for them is a critical issue from the viewpoint of the safety and security of people’s lives and their social and economic activities.
On the other hand, cyberattacks targeting IoT devices have been on an increasing trend in recent years. IoT devices have characteristics that are easily targeted by cyberattacks, such as limited functions, difficulty in maintenance, and a long life cycle. In other countries, in fact, serious damage has been reported, including internet outage caused by a large-scale cyberattack (DDoS attacks) that co-opted IoT devices.
With consideration of the situation, “the amendment of the Telecommunications Business Act and the Act on the National Institute of Information and Communications Technology” came into force on November 1, 2018, adding the survey of vulnerable IoT devices to NICT operations for a period of 5 years.

2. Outline of “NOTICE” Implementation

In compliance with the above amendment, NICT will survey IoT devices on the Internet from February 20, 2019, identify vulnerable devices, such as those with weak password settings, and provide the information of the devices to the telecommunications carriers. Then, the telecommunications carrier will identify the users of the devices and alert users to the problem.
In response to inquiries from the users, the “NOTICE” Support Center (to be established on February 4, 2019) will guide appropriate security measures.
The survey is to check whether the password setting in each IoT device is easily guessed (e.g., “123456”, “password”, etc.), and the survey will not intrude into the device or acquire information other than that required for the survey. As for the information obtained by the survey, strict safety control measures will be taken in accordance with NICT’s implementation plan approved by the Minister for Internal Affairs and Communications.
The implementation of NOTICE is outlined in Attachment 1.

3. Public Announcement of “NOTICE”

Starting on February 4, 2019, the project will be publicized with posters and other signage, in public transport, train stations and home appliance retailers (Attachment 2)
 
• NOTICE Support Center (on and after Monday, February 4, 2019)
Reference press reference sources
  1. Implementation of Operations Prescribed in Article 8, paragraph 2 of the Supplement of the Act on the National Institute of Information and Communications Technology—Response from the Information and Communications and Posts Administrative Council (January 25, 2019)
    https://www.soumu.go.jp/menu_news/s-news/01cyber01_02000001_00012.html
 
  1. Results of Appeal for Opinions pertaining to the Ministerial Ordinance concerning the Plan on the Implementation of the Work Prescribed in Article 9 of the Act on Partial Revisions to the Telecommunications Business Act and the Act on the National Institute of Information and Communications Technology as well as the Criteria Specified by an Ordinance of the Ministry of Internal Affairs and Communications as prescribed in Article 8, paragraph 4, item 1 of the Supplement of the Act on the National Institute of Information and Communications Technology, along with the Response of the Information and Communications and Posts Administrative Council (October 19, 2018)
    https://www.soumu.go.jp/menu_news/s-news/01cyber01_02000001_00003.html
 
  1. Appeal for Opinions pertaining to the Ministerial Ordinance concerning the Plan on the Implementation of the Work Prescribed in Article 9 of the Act on Partial Revisions to the Telecommunications Business Act and the Act on the National Institute of Information and Communications Technology as well as the Criteria Specified by an Ordinance of the Ministry of Internal Affairs and Communications as prescribed in Article 8, paragraph 4, item 1 of the Supplement of the Act on the National Institute of Information and Communications Technology (August 24, 2018) 
    https://www.soumu.go.jp/menu_news/s-news/01cyber01_02000001_00002.html

Inquiry

Ministry of Internal Affairs and Communications

• Office of the Director-General for Cybersecurity
In charge: Deputy Director Goto, Assistant Director Aoki, Assistant Director Oriishi, Researcher Iizuka, Official Endo

Tel.: 03-5253-5749; Fax: 03-5253-5752

E-mail: notice_atmark_ml.soumu.go.jp

National Institute of Information and Communications Technology

• Press Office, Public Relations Department
In charge: Hirota

Tel.: 042-327-6923; Fax. 042-327-7587

E-mail: publicity_atmark_nict.go.jp

• National Cyber Observation Center
In charge: Yoshida

Tel.: 042-327-7501

E-mail: iot-contact_atmark_ml.nict.go.jp