🎯The ICS Security Conference 2025 was like a big meeting where experts talked about how to keep important systems safe from cyber attacks, especially as these attacks are getting smarter and more dangerous. They shared new rules and help for businesses to protect themselves better.
What Happened
In a world increasingly threatened by cyber attacks, the ICS Security Conference 2025 took place on February 5, 2025, organized by JPCERT/CC. This significant event gathered 50 participants onsite and 511 online viewers, focusing on the current threats to Industrial Control Systems (ICS) both in Japan and globally. With 17 years of history, the conference aims to enhance ICS security measures and establish best practices among stakeholders.
Opening the event, Nobutaka Takeo, Director of Cybersecurity at Japan's Ministry of Economy, Trade and Industry (METI), highlighted the growing risk of ransomware and supply chain attacks. He expressed concerns about the sophistication of cyber attack techniques, particularly with advancements in AI and the ongoing geopolitical tensions. Takeo emphasized the need for companies to adopt a “Secure by Design” approach, ensuring that security is integrated into products from the outset.
Mr. Takeo also introduced METI's initiatives aimed at strengthening cybersecurity in industries, including guidelines for security measures, support services for SMEs, and the development of IoT device security certification. He concluded by stressing the importance of collaboration between public and private sectors to build a safer society against the backdrop of increasing cyber threats.
Why Should You Care
You might think, "Why does this matter to me?" Well, if you use any smart devices or work for a company that relies on technology, you are affected. Cyber attacks can disrupt not just large corporations but also small and medium enterprises (SMEs), which often lack robust security measures. Imagine your favorite store suddenly unable to process payments because of a ransomware attack — it could happen.
The key takeaway is that as cyber threats evolve, so must our approach to security. Just like you lock your doors at night, businesses need to implement strong cybersecurity measures to protect their operations and customer data. This conference serves as a reminder that everyone has a role in maintaining cybersecurity, from individual users to large organizations.
What's Being Done
In response to the increasing threats, several initiatives are underway:
- METI is publishing guidelines to help businesses improve their security measures.
- They are offering services specifically aimed at supporting SMEs.
- Efforts are being made to visualize security measures for supply chain companies.
- The development of IoT device security certification is also in progress.
Additionally, the conference underscored the establishment of the SCS scheme to raise the baseline of security measures across the supply chain, along with the formulation of OT security guidelines for semiconductor device factories. Japan's recent endorsement of international joint guidance on Software Bill of Materials (SBOM) indicates a strong commitment to improving software supply chain security.
Experts are closely watching how the new Cyber Incident Reporting for Critical Infrastructure Act will influence incident reporting and overall security in the coming years. The expectation is that as companies become more accountable, the landscape of ICS security will improve significantly. As emphasized by industry experts, integrating safety and security design in ICS is becoming increasingly important in response to sophisticated cyber threats and regulatory requirements.
The conference highlighted critical initiatives such as the establishment of the SCS scheme and the formulation of OT security guidelines, showcasing Japan's proactive approach to enhancing ICS security in the face of evolving threats.
