Microsoft ends support for Internet Explorer on June 16, 2022.
We recommend using one of the browsers listed below.
- Microsoft Edge(Latest version)
- Mozilla Firefox(Latest version)
- Google Chrome(Latest version)
- Apple Safari(Latest version)
Please contact your browser provider for download and installation instructions.
Social Challenge 6
Moving towards a safe, secure, and resilient society
Why it matters
As a company that supports the vital infrastructure of a digitalized society, the NTT Group believes one of its responsibilities is to make use of technology to keep people safe and secure from the major threats of this century: epidemics, natural disasters, and digital disasters like cyber-attacks.
What can be accomplished
As a company that supports the vital infrastructure of a digitalized society, we will make full use of technology to keep people safe and secure from epidemics, natural disasters, digital disasters like cyber-attacks, and achieve a more resilient society.
Future vision
The NTT Group is committed to contributing to the development of society by acknowledging diverse cultures, and thus we will contribute to solving social issues by connecting people, goods, and cultures, including communities, nations, and society, while promoting high ethical standards, diversity, and inclusion in fair and equitable ways, and work towards creating a better workplace through powerful and new digital technologies.
Business Activity 19
Ensuring the stability and reliability of services
Our commitment
As a company that supports the vital infrastructure of a digitalized society, we will make full use of technology to keep people safe and secure from epidemics, natural disasters, digital disasters like cyber-attacks, and achieve a more resilient society
Our objectives
0
Number of major accidents
99.99%
Stable service provision rate
Policies and Concepts
As a corporate group with the mission of serving society by sustaining telecommunications infrastructure in normal times, the NTT Group is committed to building highly reliable telecommunications networks that connect people anytime, anywhere. Since telecommunications takes on a greater importance in the event of a disaster, we endeavor to secure the means of communication necessary for maintaining public order and for rescue and restoration operations at times of disasters, and for emergency communications, such as 110, 118, and 119. Japan is a country particularly prone to natural disasters such as earthquakes and typhoons. The importance of telecommunications networks was reaffirmed by the devastating Great East Japan Earthquake. Facing the possibility of an earthquake directly underneath Tokyo or the Nankai Trough off Japan's southern coastline, there is a pressing need for society to prepare for such potential disasters while ensuring the stability and reliability of its telecommunications infrastructure.
The NTT Group has defined three key themes for disaster countermeasures: securing critical communications, prompt restoration of telecommunications services, and improving network reliability. We have been strengthening efforts based on these themes since the Great East Japan Earthquake. We have also included Disaster Countermeasure Initiatives in our medium- term management strategy and are making a focused effort to further reinforce the communications infrastructure, seek proactive disaster response, and adequately provide information to the affected people.
Organization for Implementation
Five Group companies--NTT, NTT East, NTT West, NTT Communications, and NTT DOCOMO--are designated public institutions under the Basic Act on Disaster Control Measures. Accordingly, based on this Act, in preparation for a disaster, the NTT Group has formulated the Disaster Management Operation Plan for the purpose of smooth, appropriate implementation of measures to prevent damage. Each company has prepared their respective Disaster Management Operation Plan by organizing response efforts that are mobilized at the time of a disaster in a manner proportionate to the scope and circumstances of the situation. At the same time, we will maintain close contact with the relevant government institutions to ensure a smooth and appropriate recovery from the disaster and secure critical communications.
We are also taking measures in normal times to improve the reliability of our telecommunications infrastructure. To ensure that our telecommunications services operate without interruption at all times, we employ transmission trunk line multi-routing, have enacted blackout countermeasures for telecommunications buildings and base stations, and are making telecommunications buildings more quakeproof. In addition, we are expanding the assortment of power supply vehicles and other disaster response equipment that we have positioned throughout Japan and are repeatedly conducting training to prepare for major natural disasters. We are making a daily effort to secure the necessary emergency and critical communications.
NTT Group Disaster Management Operation Plan
Main Initiatives
Securing Critical Communications
To secure necessary communications in the event of a disaster, the NTT Group is implementing various response measures, including the installation of emergency-use public phones, a mobile phone lending service in affected areas, and providing means to confirm the safety of people in affected areas. We simultaneously install multiple lines to secure connections to the headquarters of the police department, fire department, and coast guard to prepare against the possibility that the 110, 119, and 118 emergency call services may be damaged.
A major disaster could also lead to social disorder, such as the disruption of transport systems. In such an event, we would consider the overall situation, including whether other telecommunications carriers have put restrictions on mobile and fixed line phones and, if necessary, offer the use of public phones for free.* We will not charge carriers for which we have set call fees and will not settle payments between carriers for which we have set connection fees. For the specific names of carriers, please refer to the following websites.
(Japanese only)
Free charge public phone policy for areas covered by NTT East
Free charge public phone policy for areas covered by NTT West
Providing Services for Easy Safety Status Checking and Information Gathering When Disaster Strikes
The NTT Group launches and provides the following services to enable people to confirm the safety of relatives and friends in areas hit by a major disaster that has disrupted phone connections.
When we launch these emergency services in the event of a disaster or other contingency, we promptly inform our customers through the mass media, website, and other means.
By integrating the Web 171 Disaster Message Board with the Disaster Message Board Service for mobile and PHS phones (i-mode/sp-mode), we have also made it possible to conduct one-stop searches spanning both services from the companies providing those services. There are additional functions for notifying designated contacts by e-mail or voice when safety status information is posted.
We are continuing to make improvements, such as by offering support in English, Chinese, and Korean for the Web 171 Disaster Message Board, and in English for the Disaster Message Board Service (i-mode/spmode), increasing the number of messages that can be posted and extending message storage time.
With regard to the Web 171 Disaster Message Board, NTT East, and NTT West agreed to collaborate with the disaster message boards operated by NTT DOCOMO, KDDI, and SoftBank to allow users to check each other's messages left with these carriers since August 2019.
Main Services
-
171 Disaster Emergency Message Dial
We store recorded voice messages left by users to confirm the safety of those in affected areas -
Web 171 Disaster Message Board
We store text messages left by users via the Internet -
Disaster Message Board Service (i-mode/sp-mode)
We store text messages left by users via mobile phone
Securing the Stability and Reliability of Telecommunications Services
Damage from natural disasters is becoming increasingly common in recent years as climate change causes more frequent instances of heavy rains, frequent typhoons, and other natural disasters. As a result, there is a growing risk of water and lightning damage and power outages, which now threaten to cause extensive damage should they occur.
The NTT Group is devoted to early restoration of telecommunications services by deploying and enhancing the functions of mobile power supply vehicles, portable satellite equipment, and other mobile equipment as well as participating in disaster drills held in the respective regions.
The NTT Group endeavors to build disaster-resistant communications infrastructure and maintain and operate it in a way that ensures its proper functioning at all times by conducting regular safety patrols, replacing devices as a preventive maintenance measure, and other such means, in an effort to develop disaster-resilient communication networks and equipment.
Ensuring the Disaster Resistance of Telecommunications Equipment
We also strive to enable telecommunications equipment housings, pylons, and other facilities to withstand contingencies such as earthquakes, storms, flooding, fire, and power outages in accordance with predetermined design standards.
Main Measures
- NTT's telecommunications buildings and pylons are designed to withstand earthquakes of a seismic intensity of 7 on Japan's intensity scale and 60 m/sec winds experienced during the strongest typhoons
- Our facilities are equipped with flood doors and other defenses according to location to prevent inundation of telecommunications equipment by tsunamis or floods
- We equip our telecommunications equipment rooms with fire doors or shutters
- Our telecommunications buildings and wireless base stations are fitted with backup power sources to keep them running for extended periods in the event of sudden power outages
- As a further fallback, power supply vehicles can be hooked up to them to supply power
- We use trunk line multi-routing to ensure that our telecommunications services operate without interruption at all times
- We deploy large-zone base stations capable of covering wide areas during disasters and other emergency situations
- We install emergency power supply fuel tanks
Increasing the Resilience of Equipment and Speeding Up Our Response
In recent years, disasters of greater magnitude have had significant impact. To address the increased impact on telecommunications equipment and services, as well as the longer time required to resume operations, we are also promoting additional initiatives toward such goals as increasing the resilience of our equipment and speeding up recovery.
Main Initiatives for Increasing the Resilience of Telecommunications Equipment
- Expansion in medium-zone base stations equipped to deal with disasters, such as blackout countermeasures
- Blackout countermeasures that use electric vehicles at base stations
- Centralized management and mobilization of approximately 400 power supply vehicles owned by the NTT Group
- Consideration of underground installation of power transmission cables and use of fixed line phones to deal with the impact of disasters
Main Initiatives for Speeding Up Service Recovery
- Advanced launch of recovery framework (national wide-area support system and other frameworks) based on damage prediction using AI
- Reinforcement of the recovery framework and recruitment of personnel, including the use of retired NTT employees
Initiatives for Bolstering Support for Disaster Victims
- Delivery of realistic and concise information, including status of damage to communications, status of recovery, location of charging stations, public phones in operation during disasters, information for visitors and foreign residents, and more to support evacuation and other activities
- Response to consultations on problems related to communications through emergency 113 call centers dispatched to affected areas
- Collaboration with local governments and other public offices for installing Wi-Fi and charging stations inside public phone booths to secure telecommunications during a disaster
Providing Stable Telecommunications Services in Normal Times
To consistently provide secure telecommunications services to our users, the NTT Group operates a system for monitoring its telecommunications networks, implements measures for preventing accidents and failures, and works to enhance the skills of personnel responsible for network maintenance and operations.
- Operational system for monitoring and controlling the status of network operations on a real-time basis, 24-hours a day, 365 days a year
- Collection and analysis of performance data for telecommunications equipment under ordinary circumstances to identify and deal with signs of failure
- Establishment of a system and a review of procedures to enable prompt and appropriate restoration measures in the event of unexpected problems
- Application of lessons learned from past accidents to similar cases and thorough reinforcement of standard procedures based on an analysis of cases that may result in serious accidents
- Implementation of training and drills and development of related mechanisms for fostering personnel handling network maintenance and operations
Providing Stable Telecommunications Services to Address a Large Spike in Demand Due to the COVID-19 Pandemic
NTT and its major subsidiaries in the telecommunications business have formulated operation plans to execute their responsibilities as designated public institutions and contribute to preventing infections from the standpoint of respecting human life. The spread of infections has been accompanied by an increased demand for Internet use and telework, significantly increasing data traffic, particularly between stationary communication terminals during daytime weekdays. The NTT Group companies have designed their existing networks to meet peak nighttime traffic and are currently capable of providing network capacity for daytime traffic. We will continue to bolster our equipment to deliver stable telecommunications services.
Operation of mobile phone base stations and terminals (NTT DOCOMO)
For more than 60 years, research has been conducted worldwide on the impact of radio waves on the human body. As a result, standards and systems have been put in place for the safe use of radio waves not only in Japan, but around the world, too.
In 1990, Japan's Ministry of Posts and Telecommunications (presently the Ministry of Internal Affairs and Communications) established its own Radio Radiation Protection Guidelines for Human Exposure to Electromagnetic Fields (RRPG) as a set of reference values for the safety of radio waves on the human body based on the results of research conducted over the preceding 40 years both inside and outside Japan. The reference values of these guidelines are the same as those recommended by the World Health Organization (WHO). Radio waves below these reference values are recognized internationally as having no adverse effects on health.
Mobile base stat ions and terminals of NTT DOCOMO are operated at levels lower than the reference values of the RRPG. Services are provided in compliance with related laws and ordinances incorporating the RRPG, which ensures DOCOMO mobile phones can be safely used.
NTT DOCOMO Radio Wave Safety (Japanese only)
Business Activity
Drones, as a public tool, bring a revolution to "infrastructure inspections" for social infrastructure
"Infrastructure" is something that people do not pay much attention to on a day-today basis. The importance of infrastructure underpinning our lifestyles--such as water, electricity, communications, and transportation--first comes to light when any of these services are disrupted. Any disruptions with infrastructure can have a significant impact on so many people, and thus pausing infrastructure inspections is not feasible. Infrastructure across Japan was built rapidly during the period of high economic growth, and after half a century, their dilapidation is becoming a serious issue. Consequently, the importance of regular infrastructure inspections is greater than ever.
A closer look at the cost of inspections of bridges, steel towers and other structures around Japan reveals that they amount to some 30 billion yen annually. When repairs are factored in, this cost increases to around 1 trillion yen. Japan will soon be facing a declining population. This will result in a decrease in tax revenue, which means less costs set aside for inspections. The engineers capable of conducting inspections are also getting older. It is because of this background that efforts are currently being made to use drones to increase the efficiency of inspection work. Japan Infra Waymark was established with the aim of resolving the issue of deteriorating infrastructure, and uses drones to cover staff shortages for infrastructure inspections. An example that illustrates this is the inspection of elevated bridge supports--inspectors usually assemble scaffolding, use lifts, or sling ropes up to conduct visual inspections of supports. Yet these methods all take time, and are also dangerous to perform.
Instead, drones are being used for this work. A drone jointly developed with an American company is equipped with three cameras on both the top and bottom, which identify target areas just like human eyes, and operates autonomously to avoid flying into obstacles. This is the only type of drone capable of automatically flying to avoid obstacles in areas like below bridges, where GPS signals cannot reach, making it possible to conduct inspections under bridges--something that was not possible in the past. When the drone approaches a target area and takes a photograph, cracks (fractures) as small as 0.05 mm can be identified. When the drone returns back to base, image data is automatically uploaded to the cloud, and an inspection record is created. This increases the efficiency of the entire inspection process, and in the three years since being established, the company has a proven track record of inspecting 6,400 structures (as of June 2022).
NTT Communications and GS Yuasa work together to help create a safe, secure, and stable infrastructure for a carbon-neutral society
Batteries are used in a wide range of applications, including for the shift to electric vehicles to achieve a carbon-neutral society, as well as for curbing output fluctuations from renewable energy sources such as wind power. Advancements in technologies (quicker, more uniform detection level) for detecting failures have become a key challenge for facilitating reliable battery operation.
NTT Communications has jointly developed technology successfully to detect early signs of battery failures by utilizing AI. This technology will be used for more efficient monitoring of large-scale storage battery systems while also achieving labor savings. Development of AI involved trial and error of systems for detecting different types of batteries, allowing for more advanced detection of failures (quicker, more uniform detection level) and automation.
This means only batteries with potential failures need to be replaced before a failure actually occurs--it also enables monitoring of large-scale systems under more efficient, labor-saving environments, ensuring that batteries are a safe, secure and stable type of infrastructure.
Social Contribution Coordination Agreement with KDDI
On September 11, 2020, NTT formed a social contribution coordination agreement with KDDI to begin mutual cooperation the for joint utilization of ships transporting necessary supplies in the event of largescale disasters, as well as joint disaster preparedness drills and awareness-raising activities. Building resilient social infrastructure through these initiatives has the goal of developing a sustainable society. In addition to disaster countermeasures and job assistance, NTT and KDDI will coordinate efforts to identify areas that can benefit from the mutual use of assets of both companies, such as the sound use of smartphones and addressing climate change.
Employment support for the Employment Ice Age Generation
The employment support initiative developed by NTT together with KDDI provides support for employment such as training related to remote work and ICT skills from March 2021, to applicable people whose employment has been significantly affected due to sudden changes in the social environment such as the employment ice age and the increasing number of infections of novel coronavirus infections in recent years.
The second stage of this initiative provided employment support for the employment ice age generation, leading to 248 successful employees from both companies.
Countermeasures for Earthquakes, Fires, and Floods
NTT's communications buildings and towers are designed to be sufficiently earthquake-resistant to avoid collapse even in the event of an earthquake with a seismic intensity of 7, and were built to our own strict standards to be able to withstand the worst disasters Japan has ever experienced.
For fires, communications buildings and other buildings were made noncombustible and fireproof, fireproof shutters and doors were installed in communication machinery rooms, and fireproof sealing was applied to through holes.
To prepare for tsunamis and floods, we have taken location-appropriate measures to prevent communications buildings from being flooded, such as replacing building doors with flood doors, closing windows and other openings, and reinforcing walls with concrete to withstand the water pressure from a tsunami.
Blackout Countermeasures at Communications Buildings and Base Stations
Communications buildings and wireless communications base stations are equipped with batteries, engines, and other auxiliary power supplies that can be used as a prolonged source of electricity in the event of a blackout.
Moreover, we are enacting the lessons learned from the Great East Japan Earthquake by implementing blackout countermeasures for engine generators and having batteries available for use around the clock at its roughly 1,900 base stations in important areas, such as those where municipal disaster response headquarters or city offices are located.
In addition, mobile power supply vehicles and portable power generators are deployed in each area as backup to provide support over a wide area to disaster-stricken regions as the situation requires.
Transmission Trunk Line Multi-Routing and Distributed Location of Important Communications Buildings
Our nationwide network of trunk lines has been designed to secure communications and prevent disruption of services over the network as a whole by automatically diverting transmission through other routes when a certain route is damaged. Meanwhile, if communications buildings (important communications buildings) fitted with transit switches suffer disaster damage, communications via such buildings may be severed. Distributing important communications buildings in different locations helps avoid the risk of multiple buildings suffering disaster damage at the same time.
Prompt restoration of telecommunications services
Should a disaster strike, swift action will be taken to restore service via the utilization of mobile disaster response equipment and the use of drones to confirm the situation.
Disaster Response Equipment
NTT has positioned mobile base stations and power supply vehicles across Japan that can be quickly deployed to disaster sites should a wireless communications base station be damaged by a disaster. Moreover, we have adopted off-shore base stations comprised of mobile communications base stations mounted on ships. Should a tsunami or other disaster knock out service over a wide spread of coastal area, we can provide service by using entrance satellite lines to transmit signals to the coastal areas from anchored ships.
Disaster Site Confirmation with Drones
When damage to roads or other conditions prevent us from reaching base stations, drones will be deployed to confirm the status of the site and facilitate the quick restoration of service thereafter.
Initiatives for Maintaining Stable Telecommunications Services
Real-time Network Monitoring and Control
The nationwide communications network monitors and controls operational status in real time, 24 hours a day, 365 days a year, and responds immediately to breakdowns and disasters.
To respond immediately to emergencies and other contingencies, the monitoring system is reinforced as required in response to social conditions.
Improved Response to Disasters and Major Failures
To enable prompt and appropriate recovery measures in the event of a disaster or unexpected equipment failure, training and drills are conducted as required to train the personnel involved in network maintenance and operation.
Further, lessons gleaned from past disaster responses are deployed across the organization to implement measures to prevent recurrences, review action procedures, and ensure that basic operations are thoroughly implemented.
Business Activity 20
Strengthening information security
and personal information protection
Our commitment
The NTT Group works together with its partners to resolve social issues through its business operations toward a zero-trust & cloud connected age. Based on this approach, we are contributing to the healthy development of a digital economy and remote society by exercising our responsibility as a supplier of safe and secure ICT infrastructure to guarantee effective information security.
Our objective
0
Number of service suspensions due to cyber attacks (annual)
Reinforce information security
Policies and Concepts
With the progressing digitalization of society and the economy and changes in international circumstances, security threats are becoming more serious and sophisticated, particularly cyber-attacks. Within this environment, the NTT Group has a responsibility to protect ICT service infrastructure and customers' basic rights, freedoms, and information assets, as well as to provide a sound foundation for the growth of the digital economy. When formulating our medium-term management strategies in 2018, we made it our mission in terms of security to contribute to the building and development of a free, open, and safe ICT platform for supporting the infrastructure of the digital economy. We also made it our vision to realize the digital transformation of both customers and NTT itself, and for that reason, we will be chosen by customers.
In order to realize these, we will strive to engage in research and development that leverages the scale of the Group, realize superior abilities for early detection and rapid response, cultivate human resources who share the values of sincerity and advanced skill, and transcend profit-focused principles to transmit pioneering knowledge to society. Furthermore, to achieve the transformation to a New Management Style outlined in the medium-term management strategy refined in October 2021, NTT Group is implementing security measures capable of facilitating the shift to remote work styles.
As a member of the global community building the digital society, NTT Group will contribute to solving social issues through our security business.
The concept of cybersecurity is no longer just an aspect of crisis management that reduces negatives to zeroes, but is now entering an era in which it is a positive driving force that offers stabilizing support for the prosperity that technology provides. As we progress through the era of Zero Trust and Next Zero Trust, NTT Group will continue to investigate the value of security as we confront never-ending cyber risks.
NTT Group's Security Governance Goals
NTT Group enforces information security management under the charge of the Chief Information Security Officer (CISO), and is thorough in its information security management. We have also established a Group CISO Committee, and are working to formulate Group information security management strategies, plan and implement related measures, undertake human resources training, and otherwise engage in activities in collaboration with companies across the Group. We are also advancing efforts to maintain and improve security defenses within the Group based on the idea of a "three-line organization."
Security Initiatives Supporting the Medium- Term Management Strategy
Security is one of the three pillars defined in the refined medium-term management strategy that is a particularly important for supporting "Transformation to a New Management Style."
Transformation to a New Management Style
Introduction of zero-trust systems
Development of IT infrastructure with security measures prefaced on cloud and mobile usage for accommodating the shift to remote work styles.
Systematizing Information Security
Completely revised with zero-trust security measures. Regulations that are less ambiguous and more easily understood will be developed to ensure compliance, in order to increase the security awareness of all employees, not just information security staff.
Main Initiatives
Systematizing Information Security
The NTT Group will be completely revising information security regulations to implement zero-trust security measures based on flexible working styles that are not constrained by working location. The goal is to develop regulations that are less ambiguous and more easily understood, and ensure compliance in order to increase the security awareness of all employees, not just information security staff.
Strengthen Service Security
Information communication services are an important social infrastructure and a foundation for the digitalization of society and the economy, so to provide these services in a safe and secure manner, we are working to strengthen the security of telecommunications equipment, IT service environments, and all services provided by smart cities, smart buildings, and the like.
Global Cooperation within the NTT Group
We are advancing global partnerships in the security field in order to enhance competitiveness in global business under One NTT. This NTT Group cooperation includes many businesses and regions and in- corporates an approach to risk-based management, the introduction of a framework that acts as a shared language, and the setting of standards that should be met by all Group members in regard to identification, defenses, detection, response, and recovery.
Engaging with and Contributing to the Global Community
We are engaging with the cybersecurity initiatives of governments and industries around the world, particularly in North America and Europe, by sharing information and best practices in regard to security threats and building a community of companies and organizations based on mutual trust.
NTT Group Information Security Policy https://group.ntt/en/g_policy/
Business Activity
Advanced Security (1) Protection and Resiliency (Resiliency)
The international sporting event held in Tokyo in 2021 was subjected to the largest cyberattack ever seen. However, there were no cyber incidents during the events that disrupted operations. Behind the victory was the expertise and cutting-edge technologies of NTT, who has been thinking about communication and information security for the last 30 years and more, combined with the capabilities of human beings armed with wisdom and resolve. In particular, the "4 T's" on the right supported our efforts. These are ingrained far and wide in NTT Group's overall cybersecurity resiliency maintenance and improvement.
Advanced Security (2) Responding to Change (Agility) - Resiliency: A Blend of Knowledge, Cutting-edge Technology, and People Power
The time has come to consider security even in cyberspace. Given the circumstances, we especially want to strengthen our threat analytics, which are the cornerstone of cybersecurity. For this reason, we reorganized NTT Security in April 2022 to strengthen its service development, client support, security governance and managed services. We established NTT Security Holdings as a new wholly owned subsidiary. Practical development functions were transferred from NTT Laboratories, SE functions were transferred from NTT Communications, and operational functions from NTT were transferred to support the group's CISO functions. In addition, security services will be merged and integrated with NTT Ltd.'s managed services, and consulting functions of NTT Ltd. will be transferred to each region. These moves will strengthen NTT Ltd.'s managed services. Further, in July 2022, NTT East, Trend Micro Incorporated, and Tokio Marine & Nichido Fire Insurance Co., Ltd. jointly established the new company NTT Risk Manager Corporation, to develop a wide range of risk management businesses, with a focus on the cybersecurity domain.
Information Security Training
Each Group company seeks to raise information security literacy by organizing training for all employees as well as the employees of partner companies. Training is offered through e-learning, and all employees are obliged to participate in the course once a year. Looking ahead, we are considering unifying training content throughout the Group to provide employees with a standard level of knowledge on information security required in their business operations. By doing so, we will seek to enhance the security capabilities of the NTT Group and reinforce its human resources to deliver safe, secure services for our customers and society at large.
Overhaul of Security-related Regulations
From FY2021 to FY2022, we proceeded with a company- wide overhaul of security-related regulations. We are taking steps to prepare not just for the zero-trust era, but beyond.
Research and Development Initiatives
In addition to advancing the technological development of service security, we are focusing on developing elemental security technologies. In 2019, we established a global research center for research into cybersecurity and encryption technology centered around some of the world's leading researchers.
Business Activity
Basic Level Information Security Training
NTT Group launched a security expert certification system in 2015 with the aim of increasing the quality and number of its security personnel. This system defines three levels based on human resource type and skill level.
We must be constantly vigilant in our effort to remain abreast of the recent changes in security technologies and circumstances (zero trust, cloud native, DX, teleworking, etc.). As such, the effective and consistent training of security experts is a matter of utmost importance.
NTT used to offer basic level certification, but the rising number of certification holders coupled with the increase in awareness regarding the importance of security prompted us to develop security training programs targeting all employees worldwide.
People tend to shy away from security training due to its level of difficulty or by being turned off with the limited applicability of the subjects covered. To address this issue, we positioned raising employee interest in these subjects as our top priority, which we went about doing with animated videos and other endearing content, including a humorous introductory message by the CISO structured like a dramatic performance. Through these programs, we hope to make all employees recognize the necessity of security awareness and instill in them the basic practice of reporting any suspicious activities in their daily work. We thereby aim to motivate employees to participate in and contribute to our organization-wide drive to quickly detect and address security issues.
NTT Group CSIRT Activities
Management of CSIRT
The NTT Group established NTT-CERT in 2004 to function as a computer security incident response team (CSIRT). This team collects information regarding security incidents associated with the Group. It then offers support for addressing these incidents, formulates measures to prevent recurrence, develops training programs, and provides security-related information.
As a central element of the NTT Group's security initiatives, NTT-CERT provides a reliable venue for consultations regarding information security. The team also collaborates with organizations and specialists inside and outside the NTT Group to offer support for detecting and resolving security incidents, minimizing damages, and preventing occurrence. NTT-CERT is thereby contributing to better security for both the NTT Group and societies that are permeated by information networks.
Moreover, NTT-CERT coordinates with the United States Computer Emergency Readiness Team (USCERT*1) and the Japan Computer Emergency Response Team Coordination Center (JPCERT/ CC*2) and is also a member of the Forum of Incident Response and Security Teams ( FIRST) and the Nippon CSIRT Association*3, which enables it to coordinate with domestic and overseas CSIRT organizations. This coordination makes it possible for NTT-CERT to share information on relevant trends and response measures. In addition, NTT-CERT participates in the cross-industry drills held by the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) to share expertise and gather information. NTT-CERT also plays a role in promoting the establishment of CSIRTs at Group companies and helping improve their response capabilities.
NTT-CERT will expand its collection of information on vulnerabilities and attacks to cover areas including the dark web and will strengthen its information analysis platform and further automate and enhance its response to cyber threats in order to continually respond to threats as they change.
※1US-CERT: An information security preparedness organization under the Department of Homeland Security (DHS)
※2 JPCERT Coordination Center: An organization that collects reports inside Japan, supports responses, monitors situations, analyzes entry points, and reviews and provides advice on measures for preventing reoccurrences from a technical standpoint with regard to computer security incidents such as intrusions through the Internet or service interruptions
※3 NTT-CERT founded the Nippon CSIRT Association
NTT-CERT
Nippon CSIRT Association
FIRST Forum of Incident Response and Security Teams
Personal Information Protection
Policies and Concepts
Every year, the importance of ensuring the protection of personal information and the comprehensive management of information around the world continues to grow. The NTT Group has been entrusted with a considerable quantity of personal information, ranging from data on individual customers to that of corporate customers, and as such ensure that personal information is handled appropriately in accordance with the laws and regulations of each country, such as Japan's Act on the Protection of Personal Information and the EU's General Data Protection Regulation (GDPR).
Under these circumstances, personal information leakage could have various repercussions for the NTT Group in the operations of its businesses, including damage to its corporate value and loss of customers, which makes it essential to rigorously manage personal information as the NTT Group's top priority.
Organization for Implementation
Under the NTT Group Information Security Policy, we disclose on our website specific policies for protecting the personal information of customers and shareholders and policies for protecting personally identifiable information re- quired by Japan's Social Security and Tax Number System. In this policy, we also define how we respond to requests for disclosure, correction, and suspension of use related to the personal information retained by the NTT Group.
We have also put in place a security management system that ensures thorough and rigorous security practices, with the Chief Information Officer (CISO) placed in charge (see page 054).
Policy on Protecting Personal Information
About personal information protection
Policy on Protecting Personal Information of Customers
Policy on Protecting Personal Information of Shareholders
Policy on Protecting Specific Personal Information of Business Partners
Policy on Protecting Specific Personal Information of Shareholders
Main Initiatives
NTT has systematic security control measures, human security control measures, physical security control measures, and technical security control measures in place for handling our customers' personal information.
-
Systematic security control measures
We have created a statement outlining the building of management systems such as placing a person responsible for management of the committee and each organization, the establishment of internal regulations, management ledgers and process management charts, and other matters. Furthermore, we are also building management systems for handling ongoing improvements and the like.
-
Human security control measures
All employees who handle customers' personal information are informed and made aware of the importance of protecting this information, regardless of whether they are officers, regular employees, or temporary employees. We ensure employees conclude non-disclosure agreements and provide necessary auditing and supervision to ensure their effectiveness.
-
Physical security control measures
We enact various measures including controlling access to physical equipment which handles customers' personal information and the floors where these are kept, measures to prevent theft, measures to prevent damage to customers' personal information during incidents such as fires and lightning strikes, and the use of locks when taking out, moving, or storing systems and documents.
-
Technical security control measures
We have put in place various technical security control measures such as access management when accessing personal data including authentication, authority administration, control, and recording, countermeasures against viruses and malware in systems, measures for use when sending and receiving information including encryption and clarification of responsibility, and the monitoring of information systems.
Each domestic company in the Group has established a personal information protection system in line with its business and based on the Protection of Personal Information. We are consistently pursuing initiatives to protect information, including stringent measures on the physical and systems aspects of security and appropriate supervision of outsourcing contractors. Management of information is being further enhanced, as personal information acquired by group companies in Japan via individual or household services like cell phones and internet access will be retained and accessed from within Japan after May 2021.
Main Initiatives of Domestic Group Companies
- Establishment of internal rules and regulations
- Employee training to ensure appropriate implementation of the above rules and regulations
- Establishment of an organization to promote information security management
- Establishment of a security management system for preventing illegal access to information or the loss, alteration, or information leakage as well as managing antivirus measures and the physical transfer of information
Establishment of Contact Points on Personal Information
NTT has set up the Customer Contact Point on Personal Information, and similar contact points for services related to personal information have been set up at each NTT Group company. Since NTT is a holding company that does not directly provide telecommunications services, inquiries regarding personal information related to services are redirected to the contact points of the operating companies concerned.
Additionally, inquiries regarding the handling of personal information under laws and regulations are redirected to the person responsible for information security at the operating companies concerned.
Nippon Telegraph and Telephone Corporation Customer Contact
Point on Personal Information
Email:ntt_kojin@ntt.com
Business Activity 21
Promoting a decentralized society based on remote work
Our commitment
Shifting toward new work styles centered on remote work, by upgrading IT environments and reviewing systems, in addition to advancing DX projects and work reforms with an eye on the postpandemic world
Our objective
0
Major personal data leaks (annual)
Policies and Concepts
The NTT Group recognizes that remote work will play a key role in society even after COVID-19 subsides. Based on this recognition, we will make active efforts as an ICT company to improve DX and other environments that allow for more opportunities for remote work. We believe these initiatives ensure the Group's sustainable growth, enhance its corporate value, and eventually help find solutions to social issues.
In light of this background, the NTT Group is currently rolling out various specific initiatives such as (1) Making "general improvements" by rolling out cloud based systems/zero-trust systems, (2) "Promoting DX" to enable remote work for automating and making operations more efficient, and (3) Re-examination of systems for promoting work styles based on remote work. Remote work systems and remote work allowances will be established as part of promoting work styles required for remote work, and thereby offering a greater choice of "work time" and "work location" for employees.
Different to "work-life balance" that aims to separate and create a balance between work and private life, we are considering the promotion of "work-in-life (health management)" where employees can select and design their own work style by viewing work as part of the lifestyle of each and every employee. In addition to flexibility with "work time" and "work location," flexibility with regard to "residence" is also considered important, so remote work systems are being revised to develop work styles centered around remote work.
Decentralization of the Organization
(Including Head Offices and Back-Offices)
The NTT Group began initiatives for decentralizing the organization from metropolitan areas to regional areas, or core cities.
<Specific Initiatives>
- Trial run for dispersing the organization across regions to begin at the holding company (starting in October 2022)
- From the standpoint of resilience, we will aim for sustainable business operations by opening offices in Takasaki City and Kyoto City and promoting split shifts The first step will involve a trial of certain organizations (with approx. 200 employees) of the holding company
- The trial will be used to test for issues or measures related to business operations and communications with split shifts, with a view to applying it to actual operations
- Introduce a working style based on telework in which employees engage in head office operations while residing in a distant location
- Introduce a "hometown double work" program to contribute to the revitalization of local communities and areas associated with the Company while continuing current assignments
Promotion of a decentralized society and work-in-life (health management) through the workplace-residence proximity
The NTT Group is taking initiatives to shift to new work styles premised on remote work.
- Remote work ratio: 70.8% (conducted from October to December, 2021)
- Creating an environment that offers greater choice of work location
- Remote work that does not require approval on a case-by-case basis, elimination of restrictions on residential areas for employees who can work remotely, and sharing costs and other expenses associated with commuting to work from remote locations (FY2022 onward)
- No Need for Relocations and Unaccompanied Assignments Recruitment of Remote-Based Employess (From FY2022)
- Expand the number of organizations that support remote work through DX (establish security requirements at major contact centers, begin introducing tools to prevent peeping)
- Satellite offices: 249 sites (end of January, 2022, target of 260 sites or more during FY2022)
- Re-Examination of the Office Environment Increase the amount of space per person in the office by 1.5x, and enhance the space for idea creation and co-creation (From FY2022)
Business Activity
Rolling out zero-trust security and increasing the remote work ratio
In this day and age, IT has become an essential part of our lives and work, but this also increases the amount of threats from cyberattacks. As a company that handles sensitive customer information, implementing measures to protect against these threats is of the utmost importance. In many cases, the way employees work must be restricted to ensure security.
We came up with the "Work from Anywhere" slogan as a way of reforming working styles, and developed an IT environment that allows employees to work from anywhere in the same way as working in the office. This is a work style that has a greater degree of flexibility thanks to advancements in IT. This requires a high level of security to ensure work is performed in the same way from any location. To achieve this, the "zero-trust" concept has been adopted. "Until now, the approach to ensure security had been to complete all work within the company intranet, and to make sure the connection was closed securely. Yet with cyberattacks becoming more advanced in recent years, we need to factor in the possibility of unauthorized access to the intranet. A new approach was established, with the entire system designed not to trust any type of access, whether it is from within the intranet or from external sources. This is the basic approach to zero-trust security."
Whether employees are working from home, a satellite office or any other location, the concept of "Work from Anywhere" is a great way to boost their motivation.
Generating value as new regional communities created by "another workplace"
--Maintaining employee health, while developing environments equivalent to the office to ensure business continuity--
When the state of emergency was declared, we needed to quickly develop an environment that employees could work with. A long-term vision has emerged in recent years, covering the COVID-19 and post COVID-19 stages, and the role of these satellite offices are shifting to providing an environment where each and every employee can work in a lively manner. The value created by satellite office communities is being recognized once again.
Some 330,000 employees working at more than 900 companies support the NTT Group worldwide. And each employee has its own household and its own environment. This approach was neither a conventional office, nor is it quite, home. We needed to provide an area suitable for remote work as quickly as possible. To allow each employee to select their own workplace where they could work in the most lively manner, we embarked on a project to open satellite offices for employees of the NTT Group.
The NTT Group owns some 7,000 "office buildings" around the country that are equipped with communications facilities. They are located in many areas around Japan--not only in cities, but also residential areas and almost every other type of area. This project aimed to turn those buildings into suburban satellite offices for use by employees of the NTT Group. Every building that would become a satellite office needed to be planned carefully. The project team aimed to open its first such building in October 2020, around half a year after the state of emergency was declared--the team worked at an unprecedented pace at preparing the buildings, and ended up opening 10 satellite offices during fiscal 2020, and 50 during fiscal 2021. The number of these satellite offices continued to grow throughout the NTT Group, and today around 5,000 employees are registered to use them.
Improving prosperity for all people and cultures
