MIC urges municipalities to review systems for AI cyberattacks
The Ministry of Internal Affairs and Communications will ask municipalities to conduct a comprehensive review of their information systems as a precaution against cyberattacks that exploit artificial intelligence, or AI. The ministry aims to identify vulnerabilities and urge repairs where needed, in order to prevent sensitive information such as personal data from leaking from national and local government systems.
Inspection framework and repairs
The ministry will soon issue a notice to municipalities. Each local government will be asked to inventory the information systems it operates, ask system vendors to check for vulnerabilities, and apply repair 'patches' where needed.
Some municipalities have small administrative staffs, and in some cases they do not fully understand the systems they use. The ministry is also considering building a framework to respond to inquiries from municipalities.
Leak cases and attack risks
Municipal systems are also connected to government systems. If they are attacked while vulnerabilities remain, there is a risk that important government systems could be breached, making countermeasures on the municipal side an urgent priority.
In Yamagata in April, a company entrusted with managing personal data was hit by a cyberattack, and about 510,000 items of information, including addresses, names and insurer numbers contained in a city health information system, are believed to have leaked. In Genkai, Saga Prefecture, in 2024, personal information on as many as about 410,000 people, including donors, was leaked from a special local donation website.
Advanced AI, including 'Claude Motus' developed by U.S. startup Anthropic, is said to be vastly more capable than conventional models at finding system vulnerabilities. If used maliciously in attacks, the damage could become severe.
Some municipalities have said the cost of asking system vendors to carry out inspections is a heavy burden. A municipal official said, 'It is difficult to prevent DDoS attacks and other threats 100%, but all we can do is thoroughly implement basic measures.'
Enjoyed this article? Share it with your network!