The Japanese government, working in tandem with the World Economic Forum, will host a two-day multinational dialogue on cybersecurity in November. William H. Saito, who is organizing the event in Okinawa, explained in an interview why the issue isn’t just for IT people and how Japan has a chance to become a global leader in the field.
Mr. Saito, a California-born second-generation Japanese-American, is the top adviser to Prime Minister Shinzo Abe on cybersecurity. He recently became a senior official of Palo Alto Networks, a California-based network security provider.
Below are edited excerpts from the interview.
Is cybersecurity an issue that ordinary people should be aware of?
Yes. Most people think that cybersecurity only applies to their desktop PC or notebook. However, cybersecurity affects all areas of today’s economy because it is very much dependent on IT technologies: public transportation systems, financial transactions, health records, communications, water and energy distribution are just a few areas that are completely reliant on IT. Consumers should be very aware of what their cybersecurity profile is, and everyone should understand that cybersecurity is a shared responsibility.
Will there ever be a perfect cybersecurity solution?
It will never be perfect, just like cars and airplanes can never be perfect. There will still be incidents, but we can make the Internet a safer place and an increasingly useful tool. In order to do so, it’s important to make cybersecurity risks measurable and thus insurable. Right now we are in an evolutionary period where commercial cybersecurity is still in its infancy and had not really been incorporated as a design philosophy into today’s increasingly IT dependent products and services. The Internet was initially made for open communications and cybersecurity was just added on as a bandage. We are now increasingly using the Internet for sensitive, high value transactions, but the infrastructure was never originally designed for that purpose. We need to look at cybersecurity holistically, as an integral part of the system – there is a lot of catching up to do.
What do you mean by “look it at holistically?”
What we are doing really is the last-minute fixes and not addressing the source of the problem. Cybersecurity is no longer an IT issue, it has truly transformed into an organizational problem. Cybersecurity, at its basic form, is just a triangle, with apexes being cost, usability and security–all which have distinct tradeoffs that need to be balanced based on the user’s needs. In an organization, cost is a CFO issue, usability is an HR issue, and security is partly an IT issue but also a risk management and governance issue. There are trade-offs among them–we just have find the right balance. The recent cyberattack on Japan’s pension system was a classic example of that. The main database, was in fact, so secure that usability became a problem. Workers who just want to get their job done, downloaded the necessary data to their own computers, which then leads to the vulnerability and breach. It is very important that cybersecurity is seen holistically by the entire board of the company as a key governance issue going forward.
Why does Japan have a chance to become a global leader on cybersecurity?
Today’s cybersecurity environment in Japan is very similar to that of the automobile industry in the 1960s, when Japanese cars were poorly designed. Today’s cybersecurity is a quality revolution waiting to happen, Japan has an opportunity to produce a world-class cybersecurity industry given the country’s strengths in science education, technological skills and hardworking, selfless spirit. And the 2020 Tokyo Olympics could be a catalyst because when they have a fixed deadline, they will throw however many bodies at the problem and eventually make cybersecurity a business strength from the “tax” as it is seen now.