Broadband Deployment Strategy in Japan ---Challenge for developing ubiquitous and secure networks--Yasu TANIWAKI Economic Counselor and Telecommunications Attaché Embassy of Japan in US December 2004 -------------------------------------------------------------------------------------------------------------1. Basic Framework of Japanese Telecom Market 2. Current Status of the Broadband Market in Japan 3. New Competition Policies in the IP Age 4. From “Network Deployment” to “Demand Deployment” 5. Deployment of Secure Networks 6. Conclusion -------------------------------------------------------------------------------------------------------------Introduction Japan is now ranked as one of the most advanced countries in the deployment of broadband services. Several factors supporting this deployment can be found in policy measures for the promotion of broadband network infrastructure and promotion of competition in the broadband market. This paper outlines the recently emerging broadband market in Japan and overviews the policy agenda corresponding to the fast changing market environment, which includes the policy issues addressing the recent network transition from PSTNs (Public Switched Telephone Networks) to IP (Internet Protocol) based networks. In addition, along with the progress of broadband service deployment, dependency of social economic activities on the information network has been increasing. In this context, information security policy has been focused as one of the major policy issues in Japan. This paper outlines the current status of Japanese information security policy. In this paper, Section 1 describes the basic framework of the Japanese telecom market. Based on that, Section 2 outlines the current status of the broadband market in Japan. In Section 3, the transition from legacy networks or PSTNs to IP based networks, the latest competition policy issues in Japan, are summarized. In Section 4, the policy agenda on moving from “how to deploy the broadband network” to “how to deploy the broadband demand” represented by “u-Japan program” is discussed. In Section 5, the information security policy tackled by the Japanese government is described. Finally, in Section 6, the conclusion of this paper is shown. This paper was compiled based on the speeches of the author prepared for Progressive Policy Institute (PPI) on November 19th, 2004 and for Vanderbilt Institute for Public Policy Studies (VIPPS) on November 30th, 2004. This paper was written based on the information available as of the beginning of December, 2004. . 1 1.Basic Framework of the Japanese Telecom Market The Japanese telecommunications market was liberalized in 1985 and the NTT Public Corporation was privatized at the same time. This period is placed in Fig. 1 as the first phase of the competition policy. During the second phase, in July 1999, NTT was reorganized into one long distance company and two regional companies under the holding company. Around this time, a number of new competition policies were developed, such as interconnection rules to open up bottleneck facilities owned by NTT regional companies to other competitive carriers. Throughout the first and the second phases, the legacy telephone system always remained unchanged, even though we experienced vast market structure changes such as the transition from analog technology to digital technology. However, the advent of IP technology that we are experiencing is exactly the paradigm change giving a serious impact on our telecom policy. Recognizing this, we are trying to go forward with the new IP based competition policies as soon as possible. Fig. 1 As shown in Fig.2, the number of competitive carriers has been steadily increasing, but the local access market is still monopolized by NTT regional companies, NTT East and NTT West. Specifically, 98 % of all the access lines are still owned by NTT regional companies. 2 Fig. 2 Here, in the legal framework of the telecom related market in Japan, the Telecommunications Business Law (TBL) stipulates the regulations regarding telecom carriers. In addition, CATV Law covers CATV service, but cable modem service is not covered in this law. In other words, cable modem service is classified as a telecommunications service and the telecom regulations are applied (See Fig.3). Fig. 3 3 2. Current Status of the Broadband Market in Japan 2-1. Overview Looking at the number of broadband subscribers, the current number of DSL subscribers amounts to about 12.7 million and the number of cable modem subscribers amounts to 2.8 million (as of the end of August 2004). Here, the speed of DSL service in Japan is normally 24 Mbps and more than 40 Mbps (sometimes up to 50 Mbps) in some metropolitan areas and its monthly charge is about 35 dollars (See Fig. 4). In addition, fiber optic service with 100 Mbps for mass users has been launched by several common carriers in metropolitan areas such as Tokyo and Osaka. This service is offered for about 40 to 50 dollars per month and its number of subscribers amounts to 1.6 million. In total, about 17 million households are now enjoying broadband services. Fig. 4 Along with this broadband service deployment, the ITU survey (September 2004) concludes that Japan is ranked as number one with regard to price for broadband services per 100 kbps, which means broadband service with remarkable high speed is provided with a reasonable price in Japan (See Fig. 5). 4 Fig. 5 2-2. Deployment of Fiber Optic Infrastructure With regard to the deployment of fiber optic infrastructure, the Japanese government has a plan to accomplish the nationwide FTTC (Fiber To The Curb) by Fiscal Year 2005, which is the end of March 2006. Under FTTC, the last one-mile is left to a variety of competing paths such as DSL, fiber optics and FWB (Fixed Wireless Broadband). In fact, as of the end of March 2004, the installation rate of FTTC reached about 80% in line with the plan (See Fig. 6). At the same time, focusing on the deployment of broadband in rural areas is also an important issue. A substantial difference can be found in the installation rate of fiber optic cables between metropolitan and rural areas. Specifically, the installation rate for metropolitan areas has reached 97%, whereas the rate for rural areas remains 59%. 2-3. Measures to Promote Broadband Deployment in Japan 2-3-1. DSL market As already mentioned, in Japan, the number of DSL subscribers particularly has been growing very rapidly. Three main reasons can be found for this growth. 5 Fig. 6 Firstly, it can be found in the present price structure of legacy telephone services. That is, before the development of the DSL market, people had been using dial-up internet access with charges for local calls being time sensitive. DSL service, however, was launched on a fixed rate basis and this has accelerated the transition from dial-up internet access to DSL service. A second reason can be found in Japan’s geography. Japan has many highly dense population areas, which is suitable to DSL service with technical constraint on transmission speed due to the distance from central offices. A third and more important reason can be found in the establishment of interconnection rules such as collocation and unbundling rules for DSL service providers planning to provide their services using access networks of NTT East and NTT West. As already mentioned, NTT regional companies have a 98% share of local access lines and this situation has also driven to increase the number of DSL subscribers compared with cable modem services. As shown in Fig. 7, the number of subscribers started increasing dramatically in autumn 2000, which is exactly the same time that the interconnection rule for DSL service was enacted. 6 In this sense, the establishment of interconnection rules for the DSL market has worked quite well to promote service competition. As a result, the market share of NTT East and NTT West has decreased to less than 40%, which is quite different from DSL markets in other major countries. Fig. 7 2-3-2. Fiber Optic Networks The installation of fiber optic networks is evidently the role of the private sector. The role of the government is limited only to ease the financial burden of the common carriers. More specifically, the government offers incentives to carriers such as: - Loan systems with interest rates lower than the market rate, which is available to any carrier with a fiber network installation plan; and, - Tax deductions for investment by carriers for digitization. These policies are broadly recognized in Japan to have worked well especially during the “take-off” period since the year 1996 or so. 7 As already mentioned, a substantial difference can be found in the installation rate of fiber optic cables between metropolitan and rural areas. If this situation is left as it is, the domestic “digital divide” might become a serious social problem. Keeping that in mind, the government has set up a program to subsidize local governments for the cost of establishing Local Area Networks (LANs) using fiber optic networks developed for public services such as e-government projects. In return, allowing common carriers to use the surplus of the network capacities on a non-discriminatory basis would be promoted (See Fig. 8) Fig. 8 Facility based competition has already occurred in metropolitan areas such as Tokyo and Osaka, where several carriers have installed fiber networks to provide high speed broadband services. Even in this case, it was difficult for competitive carriers to install the fiber networks. Why? This is because NTT regional companies and other public utility companies such as power companies and railway companies own facilities such as poles, ducts and conduits. To improve this situation, the MIC (Ministry of Internal Affairs and Communications), in collaboration with other relevant Ministries, stipulated the guideline on Right of Ways (ROWs) in April 2001 and this guideline has been revised annually through public comment procedures. This guideline covers the basic terms and conditions on how poles and ducts owned by public utilities can be utilized by other competitive carriers. If a dispute arises, it can be 8 brought to the Telecom Dispute Settlement Committee at MIC, which addresses disputes among carriers. Regarding the reasons why Japan has been successful in broadband deployment, many people raise such factors such as narrow land and subsidies from the government. Although both these reasons are partially correct, it important to stress that an appropriate combination of competition policy and industry policy has worked well. 2-4. Mobile Market Currently, the number of cell phone subscribers in Japan has reached 82 million (as of the end of February 2004). Under this circumstance, mobile internet access services such as “imode”, provided by NTT DoCoMo, has become quite popular. In fact, 86% of cell phone users enjoy mobile internet access services. In addition, the number of 3G (third generation) service subscribers exceeds 20% of the total number of cell phone subscribers (See Fig. 9). Fig. 9 With the rapidly growing popularity of cell phone and mobile internet access services and the development of technology, the function of cell phones has been shifting from “telephone” to “multimedia tool.” This can be described as cell phones replacing everything-in-the-pocket. When a cell phone subscriber accesses a service provider’s 9 website via the internet, authentication of each subscriber is automatically made. This allows service providers to enhance functions of the cell phone. Fig.10 These kinds of service developments turn cell phones into ID cards and credit cards. As shown in Fig.10, for example, it is planned to use a cell phone as a train ticket. Passengers wave his or her cellular phone over the ticket reading device for access into or out of the gateway. In addition, many things can already be purchased from vending machines in town using cell phones. Shops such as 7-11 Japan have already introduced payment systems using cell phones. 2-5. VoIP Based on the broadband infrastructure deployment, VoIP service is rapidly becoming quite popular as one of the killer applications among IP based services. A recent survey conducted by Nikkei Communications (February 9, 2004) estimates that the number of residential VoIP users amounts to about 3.9 million (as of the end of December 2003). This figure is almost equal to a quarter (25%) of the number of broadband subscribers and about 6.5% of the current total PSTN telephone users. 10 Although we have difficulties projecting the future trend of VoIP due to the rapidly changing market environment, some projections on future VoIP markets in Japan have already been conducted by some think tanks. For example, a report by Yano Research Institute (June 2003) says about 27 million people will use VoIP instead of, or along with, PSTN telephones at the end of December 2007, which means half of the total legacy telephones will be either coexisting with or replaced by IP telephones. 2-6. Video Service over Broadband Networks In the further progression of the broadband service market, video service over broadband networks has begun to be provided by several common carriers such as NTT regional companies and KDDI. One example of this type of video service is described in Fig. 11. This service is being provided for subscribers of “Yahoo!BB,” which is an ADSL service with a downstream speed of up to 50Mbps. This service looks exactly the same with CATV or satellite TV services, which means video service competition on different platforms has already been in progress. Fig.11 11 3.New Competition Policies in the IP Age As already mentioned, development of new telecom policies corresponding to the progress of IP technology is now one of the main issues in Japan as well. Japan has been tackling this difficult task on a two-staged approach. As a first step, the Telecommunications Business Law, which stipulates the telecom competition regime, was revised quite dramatically and became effective this April. The Japanese telecommunications market has been subject to the regulatory framework to classify telecom service providers based on facilities ownership. That is, focusing on the importance of network facilities as social infrastructure, relatively strict regulations have been imposed on Type-1 business carriers, which build and own infrastructure, unlike other service providers known as Type-2 business carriers (See Fig. 12). Fig. 12 This framework, however, has been losing its rationale due to the diversity of the business model along with the progress of IP technology. For this reason, it was decided to abolish Type-1 and Type-2 business categories altogether and adopt a more deregulated competition model to better correspond to the rapidly changing market environment. 12 Following this reform of the first stage, the ongoing second stage of the competition regime reform includes the following five major items. 1) In the rapidly changing market structure, the study on “how to define markets and how to apply regulations to each market at a minimum level” is one of the main issues in Japan; 2) Reflecting on the emergence of IP networks, it is necessary to reconsider interconnection rules including the intercarrier compensation mechanism; 3) The issue of how to ensure a universal service mechanism should be reconsidered. In Japan, several years ago, the universal service fund mechanism to maintain local loops in rural areas was introduced, but actually, this was based on legacy networks of PSTN and its mechanism should be reviewed in line with the review of interconnection rules; 4) Social issues caused by the transition from PSTNs to IP based networks are also important policy issues, especially from the viewpoint of consumer protection; 5) International consistency in relevant regulations should be focused on more in the IP age. 3-1. Review of Market Definition The transition from PSTNs to IP based networks means the advent of the age of “everything-over-IP.” For example, VoIP should not be recognized as the replacement of the PSTN based telephone. Rather, it should be considered as integrated services, where value added services, combining voice, data and video, can be easily provided by adding application software. Fig. 13 In this context, the existing demarcation among services will be completely diminished. In the age of “everything-over-IP,” every IP based service becomes “packet based,” “ubiquitous” “communications.” In this situation, a variety of platforms or services, which 13 previously had been recognized as different, become recognized as the same. This is a sort of convergence of platforms, which is shown in Fig. 13 as “horizontal integration.” Now, the emergence of IP based services allows for lower prices for users with better and more integrated services. On the other hand, the profitability of traditional telecommunication services to transport traffic has been in decline and this trend is envisaged to continue. In order to explore new profit opportunities, every telecom service provider is forced to enhance their business field to the upper layers, such as content and application. This means the emergence of new business models with the “vertical integration” structure. Fig. 14 Fig.14 shows one example of a new-layered competition model proposed in June 2002 by a study group at the MIC in Japan. Here, the “vertical integration” business model includes several layers from the bottom to the top, “physical network layer”, “telecom service layer”, “platform layer” and “content & application layer”. The bottom line here is that horizontal and vertical integration has been taking place in broadband business models and this kind of recognition is important to analyze the broadband service market. 14 In this situation, there is the possibility that market dominance in the telecom service layer will be abused in other layers, thus leading to the distortion of the market as a whole. In this context, along with the emergence of vertically integrated business models, ensuring “openness” among each layer should be more of a focus now. In other words, the “market definition” issue is closely related to the issue of how to apply dominant regulations in the broadband market. MIC set up another study group on this “market definition” issue in 2002. The first report of this study group was completed this June on the internet access market. The second study on the mobile market was launched in October 2004 (See Fig. 15). Fig. 15 3-2. Interconnection Rules As already mentioned, NTT East and NTT West monopolize the local network in Japan and every competitive carrier wishing to provide telephone services is obliged to use NTT’s local networks. This is the reason why the problem of how to set the access charge (which is the price paid by competitive carriers to use NTT’s local networks) is extremely critical to every telephone user in Japan. 15 The access charge, which is paid by competitive carriers to NTT East and NTT West, is calculated by dividing the cost owed by NTT to maintain the local networks by fixed call volumes. The fixed telephone traffic, however, has been in decline since 2000. In fact, the decrease of the calling time from 2001 to 2002 has reached 17.9%, which we have never experienced before (See Fig. 16). The background of this sharp decrease has been caused by such factors as the transition from dial-up internet access to high-speed internet access, market growth in mobile phones, and the emergence of VoIP. Fig. 16 This decrease of traffic volume means the access charge is forced to increase even if the cost remains the same. If this increase of access charge is not socially acceptable, alternatives to compensate for the cost to maintain the local networks should be found. The key question is something like this, “By what time and how should we keep our mechanism to maintain legacy networks?” 3-3. Universal Service In response to the emergence of new IP based services, review of the universal service mechanism is one of the most important issues to be considered. 16 At this moment in the Japanese system, universal service includes local calls, emergency calls and public telephone calls. In Japan, however, there are many arguments that “universal service” should also cover broadband services. In this context, it might be possible to redefine, periodically, the scope of “universal service.” Under the circumstance of rapid technological progress, however, it is much more difficult to define “essential services indispensable to social and economic activities.” Even if 1Mpbs service is set as the new universal service today, there is no guarantee that we can keep this definition tomorrow. Actually, it has become much more difficult to draw the line between “universal service” and other services. One possible alternative is to focus on maintenance of the physical network, which enables broadband services. In other words, the concept of “universal service” may be replaced by the concept of “universal access.” (See Fig. 17) Fig. 17 A review of this universal service fund mechanism was launched in November 2004 by the Telecommunications Council, an advisory board to the Minister of Internal Affairs and Communications, and their recommendation is expected to be compiled in October 2005. 17 3-4. Other Issues to Be Reviewed In addition, some other issues are to be considered actively as well. First, during the progression of IP based services, a number of social issues should be taken into consideration. Spam VoIP, emergency call issues on VoIP, and service quality rules on “best effort service” being among them. Second, keeping in mind that IP based services easily span international borders, international policy coordination among countries should be further explored in international fora such as ITU and OECD. In the legacy network era, it was OK to ensure the connectivity of different networks. In the IP age, however, in addition to connectivity issues, policy coordination will be much more important than before because IP based service can easily cross borders and some kind of leverage based on the difference of levels of regulation among countries might take place. 18 4. From “Network Deployment” to “Demand Deployment” The deployment of broadband infrastructure in Japan has been progressing well so far. But the next stage of how to stimulate the demand for broadband services is extremely challenging. In a sense, we have already built the information highways, but we need more cars and driving assistance technologies to increase the traffic on these information highways. To share these policy directions among the people concerned, the development of an overall broadband deployment strategy at a national level is critical. Actually, as shown in Fig. 18, the first national broadband deployment program called “eJapan strategy” was decided upon in January 2001 by the Japanese government focusing on the promotion of broadband infrastructure. Keeping in mind the current situation, “e-Japan strategy II” was decided upon in July 2003, and has been focusing more on broadband content and applications. Fig. 18 To promote the development of broadband service markets as a whole, escaping from the chicken-and-egg situation, it is necessary to generate more interaction between the deployment of broadband infrastructure and the development of new applications. 19 Especially keeping in mind the emergence of vertically integrated business models, the function of the platform, including authentication and charging systems in Fig. 19, has become more and more important to generate better interaction between networks and applications. For example, the copyright clearance system or the DRM (Digital Rights Management) mechanism and its relevant rules should be established as soon as possible to ensure the smooth and secure delivery of content over broadband networks. Fig. 19 In addition to focusing more on platform functions of newly emerging business models, another spotlight has been shed on Fixed Mobile Convergence (FMC). As already mentioned, IP technology allows us to combine wired networks and wireless networks and to provide seamless services in the very near future. For example, using IP technology, one personal terminal can be used as a telephone terminal at home and also can be used as a cell phone compatible to both 3G and WiFi. This FMC terminal can be used as a digital television receiver and much more functions can be possibly added. In this situation, P2P (peer to peer) communication becomes one of the main services. That is, “machine to person” or “machine to machine” communication should rapidly prevail. This means deployment of “ubiquitous networks.” 20 One example of ubiquitous networks can be realized with new applications using RFID or Radio Tag. This type of technology has the potential to change social and economic activities such as logistics and product traceability. Along with dissemination of RFID, new Internet Protocols or IPv6 based applications should be promoted to cope with the scarcity of IP addresses and to ensure more advanced and secure IP based services. Promoting the deployment of “ubiquitous networks” is expected to allow a broad range of industries to develop new business opportunities. Keeping in mind the policy issues to promote a “ubiquitous network” society, MIC will have developed the “u-Japan” or “ubiquitous-net Japan” strategy within a couple of months. This strategy aims to establish the concept and policy goals of “u-Japan” to be realized by 2010, where every device is connected to the network and can be managed anytime and anywhere. Here, communication becomes like air. This “u-Japan” strategy (See Fig. 20) tries to clarify the role of both the government and of the private sector to achieve the same goals. Although the deployment of ubiquitous networks is exactly the role of the private sector, if any institutional barrier hampering the efforts of the private sector exists, this must be eliminated by government initiatives. Fig. 20 21 5.Deployment of Secure Networks 5-1. Increasing Dependence on Information Networks The rapid deployment of broadband network infrastructure has increased the dependence of social and economic activities on information networks. In this situation, once any damage occurs in the information networks, it might become massive and serious. Specifically, attacks on sites have changed from simple attacks such as “breaking passwords” to the “exploitation of security holes” and “DDoS (Distributed Denial of Services) attacks. In addition, the effect of virus attacks have shifted from individual site damage to self-replicating viruses that cause confusion and paralysis over a wide range of networks due to the heavy traffic loads. In this situation, damage is not limited to among the closed user groups. Rather, this damage can be easily widespread across the entire internet. Actually, a survey conducted last year by the MIC shows that 72% of corporations and 34% of individuals have experienced security related damage such as illegal access, DoS (Denial of Service) attacks and viruses. Having said that, the readiness against these threats in the private sector as well as the government sector cannot be said to be sufficient at this moment. For example, although many companies have adopted measures against viruses and illegal access, just 35.6% of companies have drawn-up “security policies” (MIC ”Survey of Trends on Information Security” (July 2004)), which indicates that the measures taken by the private sector are still limited and many issues are yet to be addressed. 5-2. Information Security Policies in Japan The principles of Japanese information security policy is stipulated in the IT Basic Law, which was enacted in 2000. This law says, “it is necessary to guarantee the safety and reliability for advanced information and telecommunications networks.” Following this, “e-Japan strategy II,” which was decided upon in July 2003, placed the “development of a safe and secure IT environment” as one of the five policy pillars in this program. Following this “e-Japan Strategy II,” many issues on information security policies were specified with time frames in “e-Japan II priority programs 2004,” which was decided upon in June 2004. Although information security policy is covered by many government agencies, IT Strategy Headquarters, led by the Prime Minister, is the center of the policy as a whole. Under IT Strategy Headquarters, the IT Policy Office in the Cabinet Office has been coordinating information security policies throughout all Ministries and agencies (See Fig. 21). Regarding information security policy, another specialized office called the IT Security Office has been working on developing relevant policies. 22 Fig. 21 The IT Security Office is charged with making concrete the information security policies based upon the considerations of the IT Security Promotion Committee and IT Security Expert Meeting. The IT Security Expert Meeting has six members from the IT industry and academia and makes recommendations on information security policies to be addressed by the government. Another function of the IT Security Office is to strengthen the capability to cope with serious incidents such as cyber terrorism attacks made on government systems. In this context, the Office has a National Incident Response Team (NIRT), which was formed in April 2002 and has been working to make quick responses to emergencies such as cyber terrorism. At NIRT, 17 members from different government staffs and experts from the private sector collect information on incidents such as cyber terrorism, consider countermeasures, and give advice to various Ministries and agencies. In addition, in April 2004, an “Advisor on Information Security” was appointed from the private sector to the IT Security Office to encourage and coordinate information security policies. The information security policy in Japan can be classified into three areas including the central government, local government, and the private sector as follows. 23 (1) Central Government Issues First, regarding information security policies within the central government, in November 2002, the guideline on information security policy was decided and a variety of policies have been developed based on this guideline. For example, ----- An information sharing mechanism in case of an emergency within the government and between the private sector and the government has been developed. ----- In progress of e-government and through the initiative of the IT Security Office, since 2003, a vulnerability test has been launched on the information network system of each Ministry. In addition to these measures, as described in the “priority program 2004,” security standards and audit mechanisms on government information systems are scheduled to be developed by 2005 in order to minimize the damage caused by such incidents as DoS attacks and illegal access. (2) Local Government Issues Second, in the local governments as well, the deployment of e-government has been well in progress and information security policies have been broadly recognized as one of the key issues. To assist the efforts of local governments to ensure information network security, the central government is scheduled to develop specific programs by the end of March 2005. (3) Critical Infrastructure Issues Third, a liaison or collaboration between the government and the private sector for critical infrastructure should be developed as soon as possible. Each Ministry has been developing policies for critical infrastructure protection in each administrative area (See Fig. 22). Here, keeping in mind both the difference in the characteristics of each industry and the similarity of information security issues, each Ministry, in collaboration with the IT Security Office, has been considering various policies. As decided in the “priority program 2004,” the minimum technical requirement and its management standards to protect critical infrastructure from natural disasters and attacks from outside have been under consideration. 24 Fig. 22 5-3. Necessity of Development of Basic Strategies on Information Security Policy Having said that, the information security policy is in the very first stage to take off and many policy issues are to be continued in collaboration with the relevant Ministries and agencies. In this context, Japan needs to develop the roadmap to accelerate information security policy. Keeping that in mind, in November 2004, the IT Security Expert Meeting compiled the first recommendations on directions to be taken by the government on information security policy (See Fig. 23). The recommendations focused on measures to enhance the functions within the government on information security policy. Specifically, they proposed a new “Information Security Policy Meeting” under the IT Strategy Headquarters to develop basic strategies on government information security policy. The other proposal is to set up a “National Information Security Center,” which would enhance the function of the IT Security Office by increasing the number of staff and by giving the current IT Security Office more authority to coordinate information security policy among the Ministries and agencies. Based on this recommendation, IT Strategy Headquarters decided, in December 2004, to set up an “Information Security Policy Meeting” and a “National Information Security Center” in FY 2005. 25 Fig. 23 The IT Security Expert Meeting is expected to complete the second round of recommendations on Critical Infrastructure related information security policy by the end of March 2005. In addition, followed by the third round of recommendations on information security policy regarding corporations and individuals by the end of July 2005. At this moment, Japanese information security policy has been made on a piecemeal basis, but based on the recommendations by the IT Security Expert Meeting, the Japanese government started moving forward to set up comprehensive strategies and to enforce specific policies based on these strategies. 5-4. Efforts to Develop Safe and Secure Networks in the Telecom Field This section touches upon the efforts by the MIC to develop safe and secure networks in the telecommunications field. There are five pillars in the information security policy in the filed of telecommunications as follows. 1) Deployment of secure network infrastructure; 26 2) R&D to improve safety and security of information infrastructure; 3) Establishment of information distribution and collaboration mechanisms to ensure safety and security; 4) Improvement of security and safety on the users’ side; 5) Development of secure trusted networks. 5-4-1. Deployment of Secure Network Infrastructure To promote the deployment of secure network infrastructure, firstly, the MIC has developed a “guideline on security and reliability regarding telecommunications networks,” which describes the technical requirements for telecommunications service providers to ensure network safety and reliability. This guideline has been reviewed occasionally as necessary. Second, there is a tax deduction system for telecom service providers to promote the introduction of systems and equipment to improve service reliability. Third, as shown in Fig. 24, the “Telecom-ISAC (Information Sharing and Analysis Center) Japan” was established in July 2002. This consortium consists of major telecom service providers, ISPs and manufacturing companies. Telecom-ISAC Japan has been working on collecting information on system vulnerability and providing the information on the best practices to address system vulnerability. Fig. 24 27 To minimize the damage caused by attacks from outside, it is necessary to detect the outbreak or incident as early as possible and to prevent the escalation of damage. To achieve this policy goal, several members of Telecom-ISAC Japan have begun R&D for a wide-area monitoring system for the swift detection of proliferating incidents in collaboration with the government. In addition, Telecom-ISAC Japan has been working on building a database for the collection and active preservation of computer viruses and a test bed of mock networks, which allows them to analyze the projection and analysis of viruses on information networks and to develop measures to quickly address new types of viruses. 5-4-2. R&D to improve safety and security of information infrastructure With regard to R&D activities, R&D on technologies for ensuring security of telecommunications infrastructure, such as wide-area monitoring system technology and high precision trace back technology has been focused. In this context, as one of the key functions of this R&D, the Information Security Center was set up in April 2004 at the National Institute of Information and Communications Technology (NICT), which is non-profit government agency under the authority of MIC. As shown in Fig. 25, the Information Security Center is expected to work as a catalyst to promote cooperation among industry, academia and government. In addition, in the process of much collaboration, it is expected to develop human resources for research activities. Fig. 25 28 5-4-3. Establishment of Measures of Information Distribution and Collaboration Mechanism In the world of information networks, many players such as common carriers, ISPs, manufacturing companies, and software companies have been working in concert. Actually, the more the incidents become complicated and combined, the more players are expected to be involved. In this situation, providing security related information to users in a comprehensive way has been much more important. Keeping that in mind, in order to establish information distribution and collaboration mechanisms, a new function called SPREAD (Security Promotion Realizing sEcurity meAsures Distribution) was established in June 2004 through the initiative of the private sector (See Fig. 26). This group consists of many players in the industry and this wide range of participation is expected to make it possible for SPREAD to effectively share critical information on the security and safety of information networks and to provide that information to internet users in a comprehensive way. MIC and METI have been supporting the activities of SPREAD and government staff are attending these activities with the status of “observers.” Fig. 26 29 5-4-4. Improvement of Security and Safety on Users’ Side Along with the growing popularity and importance of the internet, several measures have been taken from a consumer protection point of view (See Fig. 27). For example, the “Safety and Security Mark,” which is shown in this slide, has been introduced. In this system, ISPs qualified as notifying sufficient information to their users in an appropriate manner can show this mark on their advertisements and so on. In addition, there is a tax deduction for private companies that introduce systems for preventing illegal access to their networks. Fig. 27 5-4-5. Development of Secure Trusted Networks In general, to ensure the safety and security of networks, users are required to take a variety of measures at their own cost. To lessen the burden on users and allow mass users to access information networks without any special consciousness, new technologies are expected to be introduced into the networks. To proceed with this concept, the Secure Trusted Network Forum, which is a private sector initiative, was set up in December 2003. This Forum, with 90 member companies, has been working on setting specific targets on how to achieve this policy goal and to share information on this project. 30 Currently, this Forum has been focusing on authentication technologies to realize its policy goals. The MIC has been working on R&D for advanced authentication infrastructure technologies to prevent spoofing on the internet and collaboration between this Forum and MIC has been in progress. This committee has been conducting outreach activities to international organizations such as ITU because these kinds of trials cannot be successfully achieved without global and multilateral collaboration. 5-4-6. Human Resource Development In the process of developing secure and safe information networks, one more important area is human resource development. According to the survey conducted by the Telecommunications Software Forum (December 2003), Japan is still faced with a lack of 120 thousand experts for information network security issues. In this context, for example, in 2001, several industry associations founded the “Network Information Security Manager” program as a private security certification. In addition, private training programs to develop human resources in the field of telecommunications have been designated projects for which subsidies can be granted from the MIC. 31 6. Conclusion In Japan, currently, broadband deployment has been well in progress including DSL, fiber optic service and 3G services. Several factors can be found for this deployment. Regarding the DSL market, interconnection rules such as collocation and unbundling has worked well under the circumstance that 98% of local access lines are owned by NTT regional companies. Regarding fiber optic cables, financial assistance from the government, including low-interest loans and tax deduction systems, has triggered investment for common carriers to install fiber optic networks. In addition, reform of competition regimes with light touch regulations was done in 2003, although dominant regulations such as interconnection rules are kept under the Japanese market structure where 98% of the local networks is monopolized by NTT regional companies. The next broadband policy issue we should tackle has two pillars. One pillar is to continue developing competition policies, which includes continuous review of market definitions, review of interconnection rules and the Universal Service Fund. The other pillar is how to promote broadband demand. Actually, to promote demand for broadband services, in addition to a review of competition policy, many issues should be tackled as one industry policy package, in collaboration with different government agencies. In this context, national programs such as “e-Japan strategy” worked well to share policy targets among the people concerned. The Japanese broadband policy, however, has been shifting from “deployment of broadband network” to “deployment of broadband demand.” The key word is now “ubiquitous-net Japan.” This “u-Japan” strategy” to be completed by the year 2010 is expected to be finalized soon. In the progress of broadband service deployment, it has been getting extremely important to develop information security policies comprehensively to address incidents such as cyber terrorism attacks. In this context, the Japanese government has just developed a series of information security policies covering critical infrastructure protection such as railways, electric power, financial service and telecommunications in collaboration with relevant Ministries and agencies. 32 About the author Yasu Taniwaki, Economic Counselor and Telecommunications Attaché, Embassy of Japan in US, joined the Ministry of Posts and Telecommunications (Ministry of Internal Affairs and Communications) in 1984. After serving in several positions, including ICCP Division of the OECD (1987-1989), he served as Deputy-Director of the Telecommunications Policy Division (1993-1997), where he dealt with several telecommunications policies such as the reorganization of NTT, and a variety of deregulation programs of the Telecommunications Business Law (TBL). After serving as Secretary to the Minister of Posts and Telecommunications (2000-2001), he served as Director for Telecommunications Policy, where he drafted a report on new Japanese telecom competition schemes compiled by the Telecommunications Council in August 2002 and a report on layered competition models in the IP age, compiled by the Study Group on New business Models in June 2002. He also contributed to setting up the Telecommunications Dispute Settlement Commission and Japanese Universal Service Fund, as well as to introduce the concept of “dominant regulations” through revision of the TBL in 2001. He has served in his capacity since June 2002. His work includes “Emerging Broadband Market and the Relevant Policy Agenda in Japan,” Journal of Interactive Advertising (http://jiad.org), Volume 4, Number 1, Fall 2003, Michigan State University and the University of Texas at Austin. In addition, his presentations on Japanese broadband policies since 2002 are listed as follows: [1]“Broadband Policies in Japan: Experiences and Challenges, “ “Global Forum 2002: Shaping the Future,” ITEMS International and Foundation Sofia-Antipolis, October 17th, 2002. http://www.medicif.org/events/MEDICI_events/GlobalForum02/sessions/Sessions2/Tani waki.pdf [2]“Outline of the Japanese Broadband Market,” “The Internet in Asia: Is the US Falling Behind?” Advisory Committee to Internet Caucus, November 20th, 2003. http://www.netcaucus.org/events/2003/asia/presentations.shtml [3]“Outline of the Japanese Broadband Market,” 2004 Broadband Forum, The Alliance for Public Technology: 2004 Broadband Forum, March 5th, 2004. http://www.apt.org/confer/yasu-taniwaki-presentation.ppt [4]“Outline of Japanese Broadband Policy,” One Step Ahead: Technology Management Series “Seeing the Telecom Future in Japan,” George Mason University, April 28th, 2004. 33 [5]“Broadband Deployment in Japan,” CSIS (Center for Strategic & International Studies), June 10th, 2004. http://www.csis.org/tech/events/040604_tanwiaki.pdf [6]“Current Status of VoIP in Japan,” Internet Policy Working Group, FCC (Federal Communications Commission), July 30th, 2004. http://www.fcc.gov/realaudio/rounds.html [7]“Broadband Deployment in Japan: Challenges for “u-Japan,” National Summit on Broadband Deployment III, NCTA(National Cable and Telecommunications Association) and NARUC (National Association of Regulatory Utility Commissioners), October 25th, 2004. http://www.neca.org/media/Revised_2004_BB_Brochure.pdf [8]“Broadband Deployment in Japan: Challenges for “u-Japan,” Friday Forum, PPI (Progressive Policy Institute), November 19th, 2004. http://www.ppionline.org/ppi_ci.cfm?contentid=253020&knlgAreaID=126&subsecid=90 0096 [9]“Information Security Policy in Japan,” US-Japan CIP (Critical Infrastructure Protection Forum), US-Japan Center for Studies and Cooperation, Vanderbilt Institute for Public Policy Studies (VIPPS), Vanderbilt University, November 30th, 2004. 34