PPP (Public-Private Partnership)-Based Cyber Resilience Enhancement Efforts for National Critical Infrastructures Protection in Japan

  • Kenji WatanabeEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11260)


Emerging vulnerability of the national critical infrastructures (CIs) against to the cyber risk including cyberattacks and unintentional large-scale information system or network failures have increased frequency and the scale of socioeconomic impacts to our society. As dependencies among critical infrastructures have increased rapidly, the impact of a single cyber incident at a certain critical infrastructure tends to spread very quickly and widely to external systems and networks in other critical infrastructures or areas through widely connected networks. Considering the situation, PPP (Public-Private Partnership) efforts between critical infrastructure service providers and responsible governmental agencies have become very important to protect critical infrastructures from cyber risks. Based on this recognition, PPP-based cybersecurity exercises for critical infrastructure protection (CIP) have been executed for the last decade in Japan. This paper summarizes the over 10 years joint efforts of the Japanese government and critical infrastructure service providers and discusses the lessons learned and challenges to be shared with other countries to collaborate in the cybersecurity field.


PPP (Public-Private Partnership) BCM (Business Continuity Management) Cross-sector exercise 


  1. 1.
    Cybersecurity Strategic Headquarters (Government of Japan): The Cybersecurity Policy for Critical Infrastructure Protection (4th Edition, Tentative Translation), 18 April 2017.
  2. 2.
    ISO 22301:2012 Societal security – Business continuity management systems—Requirements, International Organization for Standardization (2012)Google Scholar
  3. 3.
    Aung, Z.Z., Watanabe, K.: A framework for modeling interdependencies in japan’s critical infrastructures. In: Palmer, C., Shenoi, S. (eds.) ICCIP 2009. IAICT, vol. 311, pp. 243–257. Springer, Heidelberg (2009). Scholar
  4. 4.
    Hellström, T.: Critical infrastructure and systemic vulnerability: towards a planning framework. Saf. Sci. 45, 415–430 (2007)CrossRefGoogle Scholar
  5. 5.
    Zimmerman, R.: Decision-making and the vulnerability of interdependent critical infrastructure, CREATEREPORT, Report#04-005 (2004)Google Scholar
  6. 6.
    Cybersecurity Strategic Headquarters (Government of Japan): The Developing Guideline for Safety Standards at Critical Infrastructures to Assure Information Security, 5th edn. (2018). (in Japanese)Google Scholar
  7. 7.
    ISO/TS 22317:2015 Societal Security – Business continuity management systems – Guidelines for business impact analysis (BIA)Google Scholar
  8. 8.
    Watanabe, K., Hayashi, T.: PPP (Public-Private Partnership)-Based Business Continuity of Regional Banking Services for Communities in Wide-Area Disasters. In: Rome, E., Theocharidou, M., Wolthusen, S. (eds.) CRITIS 2015. LNCS, vol. 9578, pp. 67–76. Springer, Cham (2016). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Graduate School of EngineeringNagoya Institute of TechnologyAichiJapan

Personalised recommendations