A major Japanese telecom company has agreed to help expand awareness of the U.S. framework of cybersecurity standards throughout Asia, while launching a new effort to build up a system of information sharing and analysis centers in Japan based on the ISAC model in the United States.
Shinichi Yokohama, who heads cybersecurity efforts for Nippon Telegraph and Telephone, said U.S. stakeholders including National Institute of Standards and Technology officials are eager for NTT to act as an informal emissary for the NIST framework in Asia.
At the same time, NTT is working to enhance its role in the U.S. cyber policymaking process while it brings insights on issues such as sectoral and cross-sector info-sharing back to Japan.
Yokohama appeared as a panelist at President Obama's February "cybersecurity summit" at Stanford University, which focused on info-sharing. He returned to the United States last week with a team of NTT cybersecurity officials and sat down for an interview with Inside Cybersecurity while in Washington, DC.
He has been engaging with NIST and White House officials frequently over the past year and is participating in various cyber initiatives at the Federal Communications Commission, within the Communications Sector Coordinating Council and the U.S. communications sector's information sharing and analysis center, or ISAC.
"We have not yet made our significant contribution to the U.S. cybersecurity resilience effort," Yokohama said. For instance, he said, the telecom company intends to play a substantial role in the three cybersecurity working groups under the FCC's re-chartered Communications Security, Resiliency and Interoperability Council.
Last week, Yokohama met with White House cybersecurity official Ari Schwartz; NIST officials Donna Dodson and Kevin Stine; FCC security chief David Simpson; Commerce Department officials; and representatives of business groups including the U.S. Telecom Association and Information Technology Industry Council. He also met with the team at the Center for Strategic and International Studies that has begun work on a cybersecurity policy guide for the next president.
"A common topic in the meetings was international alignment," Yokohama said, pointing to an issue that NIST and industry officials have frequently raised as a critical area for further development. He said NIST as well as ITI and CSIS have suggested an ongoing role for the Japanese telecom company in creating a channel with other Asian countries.
"I get the sense that NTT is seen as helping bring in an international view" to U.S. policy making "so ultimately we are all in synch," Yokohama said. The NTT cyber group has held "a first round of discussions" with government officials in Vietnam and Indonesia, he said, and is "expanding this team's activities in both the United States and Asia."
The moves are part of an overall business strategy to increase NTT's overseas revenues from $15 billion to $20 billion over the next three years, he said. Currently, 85 percent of NTT's $100 billion in revenue is generated in Japan.
Cybersecurity services, individually, are not a huge part of "pure revenue" for the company, Yokohama explained, but NTT's focus on aspects such as cloud security and the end-to-end security of all its products is a crucial part of the NTT value proposition.
On cybersecurity policy, Yokohama said, the information-sharing system in Japan is at a nascent stage and the financial sector entity is the only fully functioning ISAC. That entity receives support from the U.S. FS-ISAC.
NTT is seeking to step into this policy gap and help drive a broad industry initiative to improve cyber info-sharing and cybersecurity efforts in general.
In June, NTT convened the first meeting of Japan's new "Cross-Sector Cybersecurity Forum," bringing in 36 companies to discuss info-sharing policy needs as well as cyber workforce development. Companies from the energy, transportation and other sectors participated.
"We hope this leads to really functional ISACs, that's the goal," Yokohama said. "Each company can learn from the others and improve their cybersecurity practices. Hopefully these particular companies become leaders in their industries." -- Charlie Mitchell (firstname.lastname@example.org)