The Japanese government is requiring defense manufacturers’ within its supply chain to start adhering to the NIST 800-171 standard in order to implement cyber resilience and protect against cyber attacks.
In November 2018, at the C&C User Forum & iEXPO2018 Special Seminar, Mr. Toshihiko Fujii (Assistant Commissioner, Acquisition, Technology and Logistics Agency, Ministry of Defense) is quoted as saying, “Japan, which is an ally of the United States, is working with the U.S. along many fronts in carrying out development, research, and manufacturing related to defense equipment. This means that information on defense equipment is shared not only between the Japanese and U.S. governments, but also among private companies in the two countries. There is therefore a need for the cyber security standards of the supply chains of the two countries to be at comparable levels.”
Per Nikkie Asian Review:
Around 300 contractors, such as Mitsubishi Heavy Industries and Kawasaki Heavy Industries, that do business directly with the Ministry of Defense will be required to submit data protection plans and undergo compliance checks.
The new rule could extend to subcontractors in Japan’s 2 trillion yen ($18 billion) defense industry. About 7,000 companies are involved in making naval destroyers alone. Businesses involved in making warplanes and military vehicles number 1,000 companies each.
The move is designed to prevent weapons technology from reaching China in an unauthorized way.
The expected implementation of the rule should start in fiscal year 2020, and will further strengthen an alliance with Japan and the United States.