National Cybersecurity Office | NCO
Source: https://www.cyber.go.jp/eng/index.html
Archived: 2026-04-23 15:03
National Cybersecurity Office | NCO
Commitment
to a Free,
Fair and Secure
Cyberspace.
What's new
Outcomes of the 18th ASEAN-Japan Cybersecurity Policy Meeting
16 October 2025
download
NCO jointly sealed International Document "Managing Cryptographic Keys and Secrets –Practitioners Guidance"
26 August 2025
download
Link
Official Website for the ICC TOKYO 2025 Launched
8 August 2025
Link
Official Logo for the ICC TOKYO 2025 Unveiled
6 June 2025
download
NISC jointly sealed International Document "Implementing SIEM and SOAR
Platforms"
27 May 2025
download
Link
The date and venue for the ICC TOKYO 2025 have been set
15 April 2025
download
NISC will jointly host the International Cybersecurity Challenge (ICC) for young
promising talents in November 2025
18 March 2025
download
NISC jointly sealed International Document "Mitigation strategies for edge
devices"
7 February 2025
download
Link
Alert: Cyberattacks by MirrorFace
7 February 2025
download
Alert: Cyberattack by North Korean Cyber Actors, TraderTraitor
7 February 2025
download
Outcomes of the 17th ASEAN-Japan Cybersecurity Policy Meeting
8 November 2024
download
2024 Quad Cyber Challenge Joint Statement (October 21, 2024)
23 October 2024
Link
Japan's effort in 2024 Quad Cyber Challenge
11 October 2024
Link
NISC jointly sealed International Document "Principles of operational technology
cyber security"
2 October 2024
PressRelease
Link
NISC jointly sealed International Guidance "Best practices for event logging and
threat detection"
22 August 2024
PressRelease
Link
Overview of Cybersecurity 2024
10 July 2024
download
NISC jointly sealed International Advisory "APT40 Advisory PRC MSS tradecraft in
action"
9 July 2024
PressRelease
Link
NISC jointly sealed International Guidance "Mitigating Cyber Threats with
Limited Resources: Guidance for Civil Society"
15 May 2024
PressRelease
Link
The Cybersecurity Policy for CIP is revised to designate Ports and Harbours as a
critical infrastructure sector
8 March 2024
download
About NCO
Overview of Administrative Jurisdiction
In recent years, major problems have emerged such as the theft of information from internal
government and corporate systems due to cyberattacks, and concerns are rapidly increasing over
cyberattacks equipped with advanced infiltration and persistence capabilities aimed at disabling the
functions of critical infrastructure. In particular, serious cyberattacks intended to halt or destroy the
functions of critical infrastructure are being carried out routinely, even with state backing, and have
become a major national security concern.
In order to respond to these circumstances, the National Security Strategy (approved by Cabinet on
December 16, 2022) stipulated that the National Center of Incident Readiness and Strategy for
Cybersecurity (NISC) would be reorganized and developed into a new body that centrally and
comprehensively coordinates policies in the field of cybersecurity. Taking into account the
enactment of the Cybersecurity Capability Enhancement Act and related legislation in May 2025, the
NISC was reorganized and the National Cybersecurity Office (NCO*), headed by the National Cyber
Director, was established in July 2025.
*NCO: National Cybersecurity Office
In addition to serving as the secretariat of the Cybersecurity Strategic Headquarters, the primary
areas of responsibilities of the NCO include monitoring and analyzing unauthorized activities
targeting the information systems of government agencies, providing necessary advice, information,
and other support related to ensuring cybersecurity, conducting audits, and acting as the overall
coordinator for matters related to cybersecurity assurance.
download
NCO coordinates cybersecurity policy by formulating
Cybersecurity Strategy
Cybersecurity Policy for Critical Infrastructure Protection
Common Standard on Information Security Measures of Government Entities
Cybersecurity Human Resource Development Plan
Cybersecurity Research and Development Strategy etc.
NCO takes a role of a governmental CERT, and NCO and JPCERT/CC, as a CERT covering private
entities, work together as a national CERT.
NCO consists of the following five groups. The main activities are as follows.
download
Strategy
Cybersecurity Strategy
The current Cybersecurity Strategy issued in September 2021 is the third one under the Basic Act
on Cybersecurity. The Cybersecurity Strategy shows a basic position on cybersecurity policy, its objectives
and its implementation for 3 years domestically and internationally. Overview of the Cybersecurity Strategy is
as below.
download
Cybersecurity strategy (Booklet)
download
Cybersecurity Strategy (September 2021)
Full Text
Summary
The Basic Act on Cybersecurity
The Basic Act on Cybersecurity has been implemented since 2015 to promote the cybersecurity
policy by
setting basic principles of cybersecurity policy
clarifying the responsibilities of the government, private entities, and citizens
stipulating the framework for cybersecurity policy such as the cybersecurity strategy formulation and the
establishment of the Cybersecurity Strategic Headquaters.
The Basic Act on Cybersecurity
Government Network
Standard
NISC has set the Common Standards on Information Security Measures of Government Entities to
raise the level of information security for all governmental agencies and related agencies, as the baseline
standard. Based on the
standard, NISC oversees the status of implementation of it across agencies by audits.
Common Model of
Cybersecurity Measures for Government Agencies and Related Agencies
Common Standards for
Cybersecurity Measures for Government Agencies and Related Agencies (FY2023)
download
Operation
NISC operates real-time government-wide monitoring team called the Government Security Operation
Coordination team (GSOC). GSOC not only monitors malicious communications incoming to or outgoing from
government owned systems
but also works as information sharing framework among governmental entities. GSOC provides alerts and advice
for the governmental entities when they detect suspicious signals or malware.
download
Critical Infrastructure
Since 2005, the ‘Cybersecurity Policy for Critical Infrastructure Protection’ has been set as a
common action plan shared between
the government, which bears responsibility for promoting independent measures by CI operators relating to CI
cybersecurity and implementing other
necessary measures, and CI operators which independently carry out relevant protective measures, and the new
edition was published in 2022.
This document identifies the 14 sectors as critical infrastructure and it expects stakeholders to undertake
the five measures as below.
Enhancement of Incident Response Capability
Maintenance and Promotion of the Safety Principles
Enhancement of Information Sharing System
Utilization of Risk Management
Enhancement of the Basis for CIP
The Cybersecurity Policy for Critical Infrastructure Protection
Full Text
Abstract of
The Cybersecurity Policy for Critical Infrastructure Protection
Guideline for
Establishing Safety Principles for Ensuring Cybersecurity of Critical Infrastructure(July 2023)
International Cooperation
As mentioned in the Cybersecurity Strategy of Japanese government, Japan strengthens
collaboration with its ally and like-minded countries as well as multi-layered frameworks that enable the
Japanese government to engage in practical international collaboration with their counterparts.
A part of the outcome of the activities in NISC as the national cybersecurity center is shown as below.
For further cybersecurity cooperation and capacity building in the ASEAN-Japan
region, the activity result was summarized in the E-booklet.
Link
NISC co-sealed “Principles of operational technology cyber security”.
Link
Outreach Activity
Other Projects
Quad Cyber Challenge
Japan, Australia, India, and the U.S. share fundamental values and are committed to
strengthening a free and open international order based on the rule of law. The four countries have been
promoting practical cooperation in various fields, including vaccines, infrastructure, climate change, and
critical and emerging technologies, to realize a "Free and Open Indo-Pacific (FOIP)". The four countries have
also concurred on the importance of making positive contribution to the region. (Reference:
Japan-Australia-India-U.S.(Quad)
meetings
)
Cooperation is also expected to be promoted in the field of cyber security, and
the Japan-US-Australia-India
Summit Joint Statement
(September 21, 2024) mentioned that throughout this fall, Quad countries each plan
to host campaigns to mark the annual Quad Cyber Challenge promoting responsible cyber ecosystems, public
resources, and cybersecurity awareness.
NISC invited three Japanese cybersecurity professionals on the front lines of their fields to deliver
special video messages highlighting the importance of cybersecurity jobs and the challenges they face. The
three experts also discussed their own experiences and their decision to choose a cybersecurity career path to
motivate students and young people to pursue this critical and challenging field.
※In Japanese alphabetical order
※Organizations and Job titles below are as of the time of the
interview
Ms.Momoko Aoyama
Security Analyst, The Security Solutions Business Division of the Security Cyber Resilience
Headquarters Dept. of Hitachi Solutions, Ltd.
Mr.Tsubasa Umeuchi
Security Engineer, The Professional Services Division of Flatt Security Inc.
Ms.Shiho Moriai
Senior Executive Director, Director General of the Cybersecurity Research Institute at the
National Institute of Information and Communications Technology (NICT)
Enhancement of Information Sharing
In order to enhance the information sharing among relevant stakeholders in public and
private sector, with the amendment of the Basic Act on Cybersecurity, the Cybersecurity Council was newly
established in April 2019,
composed of national government bodies, critical infrastructure operators, security vendors, and other related
organizations. The amended Act imposes the obligation of confidentiality on the members of the Council and so
on to encourage the
willingness of information sharing.
download
General Framework for Secure IoT Systems
NISC has set the ‘General Framework for Secure IoT Systems’ in 2016 which clarifies the
fundamental and essential security requirements for secure IoT systems.
General Framework for Secure IoT Systems
General
Framework for Secure IoT Systems
Archive
The Previous version of key documents such as Cybersecurity Strategy is shown in the
link below.
Archive
Relevant Links
National Police Agency
Ministry of
Internal Affairs and Communications
Ministry of Foreign Affairs
Ministry of Economy, Trade and Industry
Ministry of
Defense
Japan
Computer Emergency Response Team Coordination Center (JPCERT/CC)
Commitment
to a Free,
Fair and Secure
Cyberspace.
What's new
Outcomes of the 18th ASEAN-Japan Cybersecurity Policy Meeting
16 October 2025
download
NCO jointly sealed International Document "Managing Cryptographic Keys and Secrets –Practitioners Guidance"
26 August 2025
download
Link
Official Website for the ICC TOKYO 2025 Launched
8 August 2025
Link
Official Logo for the ICC TOKYO 2025 Unveiled
6 June 2025
download
NISC jointly sealed International Document "Implementing SIEM and SOAR
Platforms"
27 May 2025
download
Link
The date and venue for the ICC TOKYO 2025 have been set
15 April 2025
download
NISC will jointly host the International Cybersecurity Challenge (ICC) for young
promising talents in November 2025
18 March 2025
download
NISC jointly sealed International Document "Mitigation strategies for edge
devices"
7 February 2025
download
Link
Alert: Cyberattacks by MirrorFace
7 February 2025
download
Alert: Cyberattack by North Korean Cyber Actors, TraderTraitor
7 February 2025
download
Outcomes of the 17th ASEAN-Japan Cybersecurity Policy Meeting
8 November 2024
download
2024 Quad Cyber Challenge Joint Statement (October 21, 2024)
23 October 2024
Link
Japan's effort in 2024 Quad Cyber Challenge
11 October 2024
Link
NISC jointly sealed International Document "Principles of operational technology
cyber security"
2 October 2024
PressRelease
Link
NISC jointly sealed International Guidance "Best practices for event logging and
threat detection"
22 August 2024
PressRelease
Link
Overview of Cybersecurity 2024
10 July 2024
download
NISC jointly sealed International Advisory "APT40 Advisory PRC MSS tradecraft in
action"
9 July 2024
PressRelease
Link
NISC jointly sealed International Guidance "Mitigating Cyber Threats with
Limited Resources: Guidance for Civil Society"
15 May 2024
PressRelease
Link
The Cybersecurity Policy for CIP is revised to designate Ports and Harbours as a
critical infrastructure sector
8 March 2024
download
About NCO
Overview of Administrative Jurisdiction
In recent years, major problems have emerged such as the theft of information from internal
government and corporate systems due to cyberattacks, and concerns are rapidly increasing over
cyberattacks equipped with advanced infiltration and persistence capabilities aimed at disabling the
functions of critical infrastructure. In particular, serious cyberattacks intended to halt or destroy the
functions of critical infrastructure are being carried out routinely, even with state backing, and have
become a major national security concern.
In order to respond to these circumstances, the National Security Strategy (approved by Cabinet on
December 16, 2022) stipulated that the National Center of Incident Readiness and Strategy for
Cybersecurity (NISC) would be reorganized and developed into a new body that centrally and
comprehensively coordinates policies in the field of cybersecurity. Taking into account the
enactment of the Cybersecurity Capability Enhancement Act and related legislation in May 2025, the
NISC was reorganized and the National Cybersecurity Office (NCO*), headed by the National Cyber
Director, was established in July 2025.
*NCO: National Cybersecurity Office
In addition to serving as the secretariat of the Cybersecurity Strategic Headquarters, the primary
areas of responsibilities of the NCO include monitoring and analyzing unauthorized activities
targeting the information systems of government agencies, providing necessary advice, information,
and other support related to ensuring cybersecurity, conducting audits, and acting as the overall
coordinator for matters related to cybersecurity assurance.
download
NCO coordinates cybersecurity policy by formulating
Cybersecurity Strategy
Cybersecurity Policy for Critical Infrastructure Protection
Common Standard on Information Security Measures of Government Entities
Cybersecurity Human Resource Development Plan
Cybersecurity Research and Development Strategy etc.
NCO takes a role of a governmental CERT, and NCO and JPCERT/CC, as a CERT covering private
entities, work together as a national CERT.
NCO consists of the following five groups. The main activities are as follows.
download
Strategy
Cybersecurity Strategy
The current Cybersecurity Strategy issued in September 2021 is the third one under the Basic Act
on Cybersecurity. The Cybersecurity Strategy shows a basic position on cybersecurity policy, its objectives
and its implementation for 3 years domestically and internationally. Overview of the Cybersecurity Strategy is
as below.
download
Cybersecurity strategy (Booklet)
download
Cybersecurity Strategy (September 2021)
Full Text
Summary
The Basic Act on Cybersecurity
The Basic Act on Cybersecurity has been implemented since 2015 to promote the cybersecurity
policy by
setting basic principles of cybersecurity policy
clarifying the responsibilities of the government, private entities, and citizens
stipulating the framework for cybersecurity policy such as the cybersecurity strategy formulation and the
establishment of the Cybersecurity Strategic Headquaters.
The Basic Act on Cybersecurity
Government Network
Standard
NISC has set the Common Standards on Information Security Measures of Government Entities to
raise the level of information security for all governmental agencies and related agencies, as the baseline
standard. Based on the
standard, NISC oversees the status of implementation of it across agencies by audits.
Common Model of
Cybersecurity Measures for Government Agencies and Related Agencies
Common Standards for
Cybersecurity Measures for Government Agencies and Related Agencies (FY2023)
download
Operation
NISC operates real-time government-wide monitoring team called the Government Security Operation
Coordination team (GSOC). GSOC not only monitors malicious communications incoming to or outgoing from
government owned systems
but also works as information sharing framework among governmental entities. GSOC provides alerts and advice
for the governmental entities when they detect suspicious signals or malware.
download
Critical Infrastructure
Since 2005, the ‘Cybersecurity Policy for Critical Infrastructure Protection’ has been set as a
common action plan shared between
the government, which bears responsibility for promoting independent measures by CI operators relating to CI
cybersecurity and implementing other
necessary measures, and CI operators which independently carry out relevant protective measures, and the new
edition was published in 2022.
This document identifies the 14 sectors as critical infrastructure and it expects stakeholders to undertake
the five measures as below.
Enhancement of Incident Response Capability
Maintenance and Promotion of the Safety Principles
Enhancement of Information Sharing System
Utilization of Risk Management
Enhancement of the Basis for CIP
The Cybersecurity Policy for Critical Infrastructure Protection
Full Text
Abstract of
The Cybersecurity Policy for Critical Infrastructure Protection
Guideline for
Establishing Safety Principles for Ensuring Cybersecurity of Critical Infrastructure(July 2023)
International Cooperation
As mentioned in the Cybersecurity Strategy of Japanese government, Japan strengthens
collaboration with its ally and like-minded countries as well as multi-layered frameworks that enable the
Japanese government to engage in practical international collaboration with their counterparts.
A part of the outcome of the activities in NISC as the national cybersecurity center is shown as below.
For further cybersecurity cooperation and capacity building in the ASEAN-Japan
region, the activity result was summarized in the E-booklet.
Link
NISC co-sealed “Principles of operational technology cyber security”.
Link
Outreach Activity
Other Projects
Quad Cyber Challenge
Japan, Australia, India, and the U.S. share fundamental values and are committed to
strengthening a free and open international order based on the rule of law. The four countries have been
promoting practical cooperation in various fields, including vaccines, infrastructure, climate change, and
critical and emerging technologies, to realize a "Free and Open Indo-Pacific (FOIP)". The four countries have
also concurred on the importance of making positive contribution to the region. (Reference:
Japan-Australia-India-U.S.(Quad)
meetings
)
Cooperation is also expected to be promoted in the field of cyber security, and
the Japan-US-Australia-India
Summit Joint Statement
(September 21, 2024) mentioned that throughout this fall, Quad countries each plan
to host campaigns to mark the annual Quad Cyber Challenge promoting responsible cyber ecosystems, public
resources, and cybersecurity awareness.
NISC invited three Japanese cybersecurity professionals on the front lines of their fields to deliver
special video messages highlighting the importance of cybersecurity jobs and the challenges they face. The
three experts also discussed their own experiences and their decision to choose a cybersecurity career path to
motivate students and young people to pursue this critical and challenging field.
※In Japanese alphabetical order
※Organizations and Job titles below are as of the time of the
interview
Ms.Momoko Aoyama
Security Analyst, The Security Solutions Business Division of the Security Cyber Resilience
Headquarters Dept. of Hitachi Solutions, Ltd.
Mr.Tsubasa Umeuchi
Security Engineer, The Professional Services Division of Flatt Security Inc.
Ms.Shiho Moriai
Senior Executive Director, Director General of the Cybersecurity Research Institute at the
National Institute of Information and Communications Technology (NICT)
Enhancement of Information Sharing
In order to enhance the information sharing among relevant stakeholders in public and
private sector, with the amendment of the Basic Act on Cybersecurity, the Cybersecurity Council was newly
established in April 2019,
composed of national government bodies, critical infrastructure operators, security vendors, and other related
organizations. The amended Act imposes the obligation of confidentiality on the members of the Council and so
on to encourage the
willingness of information sharing.
download
General Framework for Secure IoT Systems
NISC has set the ‘General Framework for Secure IoT Systems’ in 2016 which clarifies the
fundamental and essential security requirements for secure IoT systems.
General Framework for Secure IoT Systems
General
Framework for Secure IoT Systems
Archive
The Previous version of key documents such as Cybersecurity Strategy is shown in the
link below.
Archive
Relevant Links
National Police Agency
Ministry of
Internal Affairs and Communications
Ministry of Foreign Affairs
Ministry of Economy, Trade and Industry
Ministry of
Defense
Japan
Computer Emergency Response Team Coordination Center (JPCERT/CC)