Microsoft ends support for Internet Explorer on June 16, 2022.
We recommend using one of the browsers listed below.

  • Microsoft Edge(Latest version) 
  • Mozilla Firefox(Latest version) 
  • Google Chrome(Latest version) 
  • Apple Safari(Latest version) 

Please contact your browser provider for download and installation instructions.

Open search panel Close search panel Open menu Close menu

NTT Sustainability

SDGs8

SDGs9

SDGs11

SDGs17

Social Challenge 6
Moving towards a safe, secure, and resilient society

image

Why it matters

As a company that supports the vital infrastructure of a digitalized society, the NTT Group believes one of its responsibilities is to make use of technology to keep people safe and secure from the major threats of this century: epidemics, natural disasters, and digital disasters like cyber-attacks.

What can be accomplished

As a company that supports the vital infrastructure of a digitalized society, we will make full use of technology to keep people safe and secure from epidemics, natural disasters, digital disasters like cyber-attacks, and achieve a more resilient society.

Future vision

The NTT Group is committed to contributing to the development of society by acknowledging diverse cultures, and thus we will contribute to solving social issues by connecting people, goods, and cultures, including communities, nations, and society, while promoting high ethical standards, diversity, and inclusion in fair and equitable ways, and work towards creating a better workplace through powerful and new digital technologies.

Business Activity 19
Ensuring the stability and reliability of services

Our commitment

As a company underpinning the vital infrastructure of a digitalized society, we will make full use of technology to keep people safe and secure from natural disasters while simultaneously endeavoring to bolster networks to safeguard against large-scale network failures, and will proceed to achieve a more resilient society.

Our objectives

0

Number of major accidents

Policies and Concepts

As a corporate group with the mission of serving society by sustaining telecommunications infrastructure in normal times, the NTT Group is committed to building highly reliable telecommunications networks that connect people anytime, anywhere. Since telecommunications takes on a greater importance in the event of a disaster, we endeavor to secure the means of communication necessary for maintaining public order and for rescue and restoration operations at times of disasters, and for emergency communications, such as 110, 118, and 119. Japan is a country particularly prone to natural disasters such as earthquakes and typhoons. The importance of telecommunications networks was reaffirmed by the devastating Great East Japan Earthquake. Facing the possibility of an earthquake directly underneath Tokyo or the Nankai Trough off Japan's southern coastline, there is a pressing need for society to prepare for such potential disasters while ensuring the stability and reliability of its telecommunications infrastructure.

The NTT Group has defined three key themes for disaster countermeasures: securing critical communications, prompt restoration of telecommunications services, and improving network reliability. We have been strengthening efforts based on these themes since the Great East Japan Earthquake. We have also included Disaster Countermeasure Initiatives in our medium- term management strategy and are making a focused effort to further reinforce the communications infrastructure, seek proactive disaster response, and adequately provide information to the affected people.

Organization for Implementation

Five Group companies--NTT, NTT East, NTT West, NTT Communications, and NTT DOCOMO--are designated public institutions under the Basic Act on Disaster Control Measures. Accordingly, based on this Act, in preparation for a disaster, the NTT Group has formulated the Disaster Management Operation Plan for the purpose of smooth, appropriate implementation of measures to prevent damage. Each company has prepared their respective Disaster Management Operation Plan by organizing response efforts that are mobilized at the time of a disaster in a manner proportionate to the scope and circumstances of the situation. At the same time, we will maintain close contact with the relevant government institutions to ensure a smooth and appropriate recovery from the disaster and secure critical communications.

image

We are also taking measures in normal times to improve the reliability of our telecommunications infrastructure. To ensure that our telecommunications services operate without interruption at all times, we employ transmission trunk line multi-routing, have enacted blackout countermeasures for telecommunications buildings and base stations, and are making telecommunications buildings more quakeproof. In addition, we are expanding the assortment of power supply vehicles and other disaster response equipment that we have positioned throughout Japan and are repeatedly conducting training to prepare for major natural disasters. We are making a daily effort to secure the necessary emergency and critical communications.

NTT Group Disaster Management Operation Plan

https://group.ntt/jp/disaster/plan/

Main Initiatives

Securing Critical Communications

To secure necessary communications in the event of a disaster, the NTT Group is implementing various response measures, including the installation of emergency-use public phones, a mobile phone lending service in affected areas, and providing means to confirm the safety of people in affected areas. We simultaneously install multiple lines to secure connections to the headquarters of the police department, fire department, and coast guard to prepare against the possibility that the 110, 119, and 118 emergency call services may be damaged.

image

A major disaster could also lead to social disorder, such as the disruption of transport systems. In such an event, we would consider the overall situation, including whether other telecommunications carriers have put restrictions on mobile and fixed line phones and, if necessary, offer the use of public phones for free.* We will not charge carriers for which we have set call fees and will not settle payments between carriers for which we have set connection fees. For the specific names of carriers, please refer to the following websites.

(Japanese only)

Free charge public phone policy for areas covered by NTT East

https://www.ntt-east.co.jp/info-st/saigai/

Free charge public phone policy for areas covered by NTT West

https://www.ntt-west.co.jp/ptd/basis/disaster.html

image

Providing Services for Easy Safety Status Checking and Information Gathering When Disaster Strikes

The NTT Group launches and provides the following services to enable people to confirm the safety of relatives and friends in areas hit by a major disaster that has disrupted phone connections.

When we launch these emergency services in the event of a disaster or other contingency, we promptly inform our customers through the mass media, website, and other means.

By integrating the Web 171 Disaster Message Board with the Disaster Message Board Service for mobile and PHS phones (i-mode/sp-mode), we have also made it possible to conduct one-stop searches spanning both services from the companies providing those services. There are additional functions for notifying designated contacts by e-mail or voice when safety status information is posted.

We are continuing to make improvements, such as by offering support in English, Chinese, and Korean for the Web 171 Disaster Message Board, and in English for the Disaster Message Board Service (i-mode/spmode), increasing the number of messages that can be posted and extending message storage time.

With regard to the Web 171 Disaster Message Board, NTT East, and NTT West agreed to collaborate with the disaster message boards operated by NTT DOCOMO, KDDI, and SoftBank to allow users to check each other's messages left with these carriers since August 2019.

Main Services

  • 171 Disaster Emergency Message Dial
    We store recorded voice messages left by users to confirm the safety of those in affected areas
  • Web 171 Disaster Message Board
    We store text messages left by users via the Internet
  • Disaster Message Board Service (i-mode/sp-mode)
    We store text messages left by users via mobile phone

Securing the Stability and Reliability of Telecommunications Services

Damage from natural disasters is becoming increasingly common in recent years as climate change causes more frequent instances of heavy rains, frequent typhoons, and other natural disasters. As a result, there is a growing risk of water and lightning damage and power outages, which now threaten to cause extensive damage should they occur.

The NTT Group is devoted to early restoration of telecommunications services by deploying and enhancing the functions of mobile power supply vehicles, portable satellite equipment, and other mobile equipment as well as participating in disaster drills held in the respective regions.
The NTT Group endeavors to build disaster-resistant communications infrastructure and maintain and operate it in a way that ensures its proper functioning at all times by conducting regular safety patrols, replacing devices as a preventive maintenance measure, and other such means, in an effort to develop disaster-resilient communication networks and equipment.

Ensuring the Disaster Resistance of Telecommunications Equipment

We also strive to enable telecommunications equipment housings, pylons, and other facilities to withstand contingencies such as earthquakes, storms, flooding, fire, and power outages in accordance with predetermined design standards.

Main Measures

  • NTT's telecommunications buildings and pylons are designed to withstand earthquakes of a seismic intensity of 7 on Japan's intensity scale and 60 m/sec winds experienced during the strongest typhoons
  • Our facilities are equipped with flood doors and other defenses according to location to prevent inundation of telecommunications equipment by tsunamis or floods
  • We equip our telecommunications equipment rooms with fire doors or shutters
  • Our telecommunications buildings and wireless base stations are fitted with backup power sources to keep them running for extended periods in the event of sudden power outages
  • As a further fallback, power supply vehicles can be hooked up to them to supply power
  • We use trunk line multi-routing to ensure that our telecommunications services operate without interruption at all times
  • We deploy large-zone base stations capable of covering wide areas during disasters and other emergency situations
  • We install emergency power supply fuel tanks
image
image

Increasing the Resilience of Equipment and Speeding Up Our Response

In recent years, disasters of greater magnitude have had significant impact. To address the increased impact on telecommunications equipment and services, as well as the longer time required to resume operations, we are also promoting additional initiatives toward such goals as increasing the resilience of our equipment and speeding up recovery.

Main Initiatives for Increasing the Resilience of Telecommunications Equipment

  • Expansion in medium-zone base stations equipped to deal with disasters, such as blackout countermeasures
  • Blackout countermeasures that use electric vehicles at base stations
  • Centralized management and mobilization of approximately 400 power supply vehicles owned by the NTT Group
  • Consideration of underground installation of power transmission cables and use of fixed line phones to deal with the impact of disasters
image

Main initiatives related to acceleration of restoration response

  • Advance launch of restoration system (including nationwide widespread support system) based on damage estimation made using AI

Reinforcement of support for disaster-afflicted customers

  • Communication of information to assist with evacuation, etc. in a realistic and easy-to-understand manner (disaster-affliction status of communications, restoration status, charging spots, establishment status for public phones, etc. in times of disaster, handling of visitors to Japan/resident foreigners, etc.)
  • Fielding of consultations on trouble pertaining to communications through establishment of onsite "113" hotlines in disaster-afflicted sites

Providing Stable Telecommunications Services in Normal Times

To consistently provide secure telecommunications services to our users, the NTT Group operates a system for monitoring its telecommunications networks, implements measures for preventing accidents and failures, and works to enhance the skills of personnel responsible for network maintenance and operations.

  • Operational system for monitoring and controlling the status of network operations on a real-time basis, 24-hours a day, 365 days a year
  • Collection and analysis of performance data for telecommunications equipment under ordinary circumstances to identify and deal with signs of failure
  • Establishment of a system and a review of procedures to enable prompt and appropriate restoration measures in the event of unexpected problems
  • Application of lessons learned from past accidents to similar cases and thorough reinforcement of standard procedures based on an analysis of cases that may result in serious accidents
  • Implementation of training and drills and development of related mechanisms for fostering personnel handling network maintenance and operations

Operation of mobile phone base stations and terminals (NTT DOCOMO)

For more than 60 years, research has been conducted worldwide on the impact of radio waves on the human body. As a result, standards and systems have been put in place for the safe use of radio waves not only in Japan, but around the world, too.

In 1990, Japan's Ministry of Posts and Telecommunications (presently the Ministry of Internal Affairs and Communications) established its own Radio Radiation Protection Guidelines for Human Exposure to Electromagnetic Fields (RRPG) as a set of reference values for the safety of radio waves on the human body based on the results of research conducted over the preceding 40 years both inside and outside Japan. The reference values of these guidelines are the same as those recommended by the World Health Organization (WHO). Radio waves below these reference values are recognized internationally as having no adverse effects on health.

Mobile base stat ions and terminals of NTT DOCOMO are operated at levels lower than the reference values of the RRPG. Services are provided in compliance with related laws and ordinances incorporating the RRPG, which ensures DOCOMO mobile phones can be safely used.

NTT DOCOMO Radio Wave Safety (Japanese only)

https://www.nttdocomo.co.jp/corporate/csr/network/radio/safe.html当該ページを別ウィンドウで開きます

image

Business Activity

Drones, as a public tool, bring a revolution to "infrastructure inspections" for social infrastructure

"Infrastructure" is something that people do not pay much attention to on a day-today basis. The importance of infrastructure underpinning our lifestyles--such as water, electricity, communications, and transportation--first comes to light when any of these services are disrupted. Any disruptions with infrastructure can have a significant impact on so many people, and thus pausing infrastructure inspections is not feasible. Infrastructure across Japan was built rapidly during the period of high economic growth, and after half a century, their dilapidation is becoming a serious issue. Consequently, the importance of regular infrastructure inspections is greater than ever.

A closer look at the cost of inspections of bridges, steel towers and other structures around Japan reveals that they amount to some 30 billion yen annually. When repairs are factored in, this cost increases to around 1 trillion yen. Japan will soon be facing a declining population. This will result in a decrease in tax revenue, which means less costs set aside for inspections. The engineers capable of conducting inspections are also getting older. It is because of this background that efforts are currently being made to use drones to increase the efficiency of inspection work. Japan Infra Waymark was established with the aim of resolving the issue of deteriorating infrastructure, and uses drones to cover staff shortages for infrastructure inspections. An example that illustrates this is the inspection of elevated bridge supports--inspectors usually assemble scaffolding, use lifts, or sling ropes up to conduct visual inspections of supports. Yet these methods all take time, and are also dangerous to perform.

image

Instead, drones are being used for this work. A drone jointly developed with an American company is equipped with three cameras on both the top and bottom, which identify target areas just like human eyes, and operates autonomously to avoid flying into obstacles. This is the only type of drone capable of automatically flying to avoid obstacles in areas like below bridges, where GPS signals cannot reach, making it possible to conduct inspections under bridges--something that was not possible in the past. When the drone approaches a target area and takes a photograph, cracks (fractures) as small as 0.05 mm can be identified. When the drone returns back to base, image data is automatically uploaded to the cloud, and an inspection record is created. This increases the efficiency of the entire inspection process, and in the three years since being established, the company has a proven track record of inspecting 6,400 structures (as of June 2022).

Social Contribution Coordination Agreement with KDDI

On September 11, 2020, NTT formed a social contribution coordination agreement with KDDI to begin mutual cooperation the for joint utilization of ships transporting necessary supplies in the event of largescale disasters, as well as joint disaster preparedness drills and awareness-raising activities. Building resilient social infrastructure through these initiatives has the goal of developing a sustainable society. In addition to disaster countermeasures and job assistance, NTT and KDDI will coordinate efforts to identify areas that can benefit from the mutual use of assets of both companies, such as the sound use of smartphones and addressing climate change.

image

image

Employment support for the Employment Ice Age Generation

The employment support initiative developed by NTT together with KDDI provides support for employment such as training related to remote work and ICT skills from March 2021, to applicable people whose employment has been significantly affected due to sudden changes in the social environment such as the employment ice age and the increasing number of infections of novel coronavirus infections in recent years.
The second stage of this initiative provided employment support for the employment ice age generation, leading to 248 successful employees from both companies.

image

Countermeasures for Earthquakes, Fires, and Floods

NTT's communications buildings and towers are designed to be sufficiently earthquake-resistant to avoid collapse even in the event of an earthquake with a seismic intensity of 7, and were built to our own strict standards to be able to withstand the worst disasters Japan has ever experienced.
For fires, communications buildings and other buildings were made noncombustible and fireproof, fireproof shutters and doors were installed in communication machinery rooms, and fireproof sealing was applied to through holes.
To prepare for tsunamis and floods, we have taken location-appropriate measures to prevent communications buildings from being flooded, such as replacing building doors with flood doors, closing windows and other openings, and reinforcing walls with concrete to withstand the water pressure from a tsunami.

Blackout Countermeasures at Communications Buildings and Base Stations

Communications buildings and wireless communications base stations are equipped with batteries, engines, and other auxiliary power supplies that can be used as a prolonged source of electricity in the event of a blackout.
Moreover, we are enacting the lessons learned from the Great East Japan Earthquake by implementing blackout countermeasures for engine generators and having batteries available for use around the clock at its roughly 1,900 base stations in important areas, such as those where municipal disaster response headquarters or city offices are located.
In addition, mobile power supply vehicles and portable power generators are deployed in each area as backup to provide support over a wide area to disaster-stricken regions as the situation requires.

Transmission Trunk Line Multi-Routing and Distributed Location of Important Communications Buildings

Our nationwide network of trunk lines has been designed to secure communications and prevent disruption of services over the network as a whole by automatically diverting transmission through other routes when a certain route is damaged. Meanwhile, if communications buildings (important communications buildings) fitted with transit switches suffer disaster damage, communications via such buildings may be severed. Distributing important communications buildings in different locations helps avoid the risk of multiple buildings suffering disaster damage at the same time.

image

Prompt restoration of telecommunications services

Should a disaster strike, swift action will be taken to restore service via the utilization of mobile disaster response equipment and the use of drones to confirm the situation.

Disaster Response Equipment

NTT has positioned mobile base stations and power supply vehicles across Japan that can be quickly deployed to disaster sites should a wireless communications base station be damaged by a disaster. Moreover, we have adopted off-shore base stations comprised of mobile communications base stations mounted on ships. Should a tsunami or other disaster knock out service over a wide spread of coastal area, we can provide service by using entrance satellite lines to transmit signals to the coastal areas from anchored ships.

image

Disaster Site Confirmation with Drones

When damage to roads or other conditions prevent us from reaching base stations, drones will be deployed to confirm the status of the site and facilitate the quick restoration of service thereafter.

Initiatives for Maintaining Stable Telecommunications Services

Real-time Network Monitoring and Control

The nationwide communications network monitors and controls operational status in real time, 24 hours a day, 365 days a year, and responds immediately to breakdowns and disasters.
To respond immediately to emergencies and other contingencies, the monitoring system is reinforced as required in response to social conditions.

Improved Response to Disasters and Major Failures

To enable prompt and appropriate recovery measures in the event of a disaster or unexpected equipment failure, training and drills are conducted as required to train the personnel involved in network maintenance and operation.
Further, lessons gleaned from past disaster responses are deployed across the organization to implement measures to prevent recurrences, review action procedures, and ensure that basic operations are thoroughly implemented.

image

Initiatives aimed at boosting resilience of networks based on occurrence of large-scale failures, etc.

From the failures experienced by NTT West Japan in August 2022 and NTT DOCOMO in December 2022 to that experienced by NTT East Japan and NTT West Japan in April 2023, the NTT Group has been the victim of multiple large-scale network failures.

Up to this point, based on our purpose of speedily and precisely recovering service upon large-scale failures caused in the NTT Group as well as making absolutely sure both the originating company and other Group companies never cause them again, we have investigated the causes of failures at an early stage and endeavored to conduct total inspections of manifested risks and prevent their reoccurrence across the Group.

Starting up the "System Failure Reoccurrence Prevention Committee" to discuss reoccurrence prevention measures and the ideal nature of networks over the medium term

Seeing the large-scale network failure experienced by other communications providers in July 2022 as something that could have easily happened to itself, the NTT Group used that occurrence as a springboard to commence examinations of (1) the need for new measures in the NTT Group, (2) the ideal nature of roaming for emergency reporting upon a large-scale failure and (3) the ideal nature of more resilient network architecture and operation. Amid that situation, given the large-scale failure caused by NTT West Japan in August 2022, we decided to further elevate the level of our efforts with the establishment of the "System Failure Reoccurrence Prevention Committee" through which we would bring together CDO/CTO-level members from Group companies NTT East, NTT West, NTT DOCOMO and NTT Communications to engage in repeated discussions of reoccurrence prevention measures and the ideal nature of our networks over the medium term.

With the System Failure Reoccurrence Prevention Committee, based on the large-scale failures occurring in recent times and events taking place outside the NTT Group as well as the premise that the unforeseen is bound to occur, we arrived at the decision to take action from the three standpoints of (1) Preventing the occurrence of human error and providing operational support, (2) Preventing service failures before they occur and (3) Minimizing impact upon failure with the aim of realizing more resilient networks.

(1) Preventing the occurrence of human error and providing operational support

This first system is for preventing the occurrence of human error. We centrally consolidate various forms of information within networks, visualize the status of those networks and form a grasp of failures and the status of their impact on our service accurately and early on. Furthermore, we control the occurrence of human error by identifying suspected areas with AI and conducting simulations of safe switchover using digital twin technology. We also aim to realize the likes of automated restoration measures and autonomous resource expansion and switchover.

image

(2) Preventing service failures before they occur

The second system is for preventing service failures before they occur through means such as system redundancy and resource expansion. Through actions such as securing network detours and augmenting equipment for converged systems that affect service, we elevate traffic fluctuation resistance to keep service failure from occurring. Additionally, based on the fact that past large-scale failures also involved events in which congestion occurred due to a large influx of resending signals, we also intend to implement the likes of mechanisms for keeping traffic from spreading to other providers when such large influxes of traffic arrive from a specific provider.

image

(3) Minimizing impact upon failure

The third system is for minimizing impact when a failure occurs. No matter how many measures are taken in order to prevent service failure, unforeseen events are bound to keep happening in the future. It is impossible to completely reduce the number of failures to zero. Accordingly, we minimize impact upon failure by splitting areas and service. At the same time, splitting all converged equipment involves enormous cost. As we believe that the duty to keep providing service to customers at affordable rates also rests with the NTT Group, we intend to continue our splitting efforts with a particular focus on equipment and system that are difficult to restore while considering the balance between reliability and economy.

image

In closing

With full recognition of the responsibility it has in providing communications services, which constitute vital living infrastructure, the NTT Group will continue endeavoring to provide those services with certainty and stability as well as keep similar events from reoccurring in order to fulfill its social responsibility.

Business Activity 20
Strengthening information security and personal information protection

Our commitment

The NTT Group works together with its partners to resolve social issues through its business operations toward a zero-trust & cloud connected age. Based on this approach, we are contributing to the healthy development of a digital economy and remote society by exercising our responsibility as a supplier of safe and secure ICT infrastructure to guarantee effective information security.

Our objective

0

Number of service suspensions due to cyber attacks (annual)

Reinforce information security

Policies and Concepts

With the progressing digitalization of society and the economy and changes in international circumstances, security threats are becoming more serious and sophisticated, particularly cyber-attacks. It is the duty of the NTT Group to safeguard ICT service infrastructure and the basic rights, freedoms and information assets of its customers and provide a sound foundation aimed at the growth of the digital economy amid these circumstances. For security as well, we have defined our mission as the building and development of a free, open, and safe ICT platform for supporting the infrastructure of the digital economy. Additionally, we have made it our vision to realize the digital transformation of both customers and NTT itself, and for that reason, we will be chosen by customers.

With a view to the realization of this mission and vision, we continue to tackle our pillars of tackling R&D and service development that leverages our scale, realizing superior early detection and rapid response capability, endeavoring to develop human resources who share the values of sincerity and advanced skills, and transcending profit-focused principles to transmit pioneering knowledge to society. Based on the medium-term management strategies that we formulated in 2023, the role that security will play is envisioned to grow even larger. We will continue to tackle the realization of our vision.

As a member of the global community building the digital society, NTT Group will contribute to solving social issues through our security business.

The concept of cybersecurity is no longer just an aspect of crisis management that reduces negatives to zeroes, but is now entering an era in which it is a positive driving force that offers stabilizing support for the prosperity that technology provides. As we progress through the era of Zero Trust and Next Zero Trust, NTT Group will continue to investigate the value of security as we confront never-ending cyber risks.

NTT Group's Security Governance Goals

NTT Group enforces information security management under the charge of the Chief Information Security Officer (CISO), and is thorough in its information security management. We have also established a Group CISO Committee, and are working to formulate Group information security management strategies, plan and implement related measures, undertake human resources training, and otherwise engage in activities in collaboration with companies across the Group. We are also advancing efforts to maintain and improve security defenses within the Group based on the idea of a "three-line organization."

image

Security Initiatives Supporting the Medium- Term Management Strategy

The revision of our medium-term management strategies contains three pillars. Among them, security is a particularly crucial element that will underpin "NTT as a Creator of New Value and Accelerator of a Global Sustainable Society."

Furthering strengthening of business foundation


Global collaboration

As a participant in cybersecurity reinforcement by various national governments and industry circles, particularly those in Europe and the U.S.A., the NTT Group is working towards sharing security threat information and best practices and building communities made up of corporations and organizations that can mutually trust each other.

Defense from the attacker's angle

The NTT Group has a cross-Group Red Team (nicknamed "Team V") that verifies and evaluates the effectiveness of security measures by setting off simulated cyberattacks from the angle of the attacker on key services and systems within the Group.

Main Initiatives

Systemization of information security

We conducted a total revision of our information security regulations to accommodate Zero Trust security measures based on the premise of free work styles with no limits on work location. To have all NTT Group employees, not just those in information security functions, elevate their sensitivity to security, we eliminated ambiguity in our regulations, made them more readable, and remade them into regulations that can be conformed to without fail.

Strengthen Service Security

Information communication services are an important social infrastructure and a foundation for the digitalization of society and the economy, so to provide these services in a safe and secure manner, we are working to strengthen the security of telecommunications equipment, IT service environments, and all services provided by smart cities, smart buildings, and the like.

Global Cooperation within the NTT Group

We are advancing global partnerships in the security field in order to enhance competitiveness in global business under One NTT. This NTT Group cooperation includes many businesses and regions and in- corporates an approach to risk-based management, the introduction of a framework that acts as a shared language, and the setting of standards that should be met by all Group members in regard to identification, defenses, detection, response, and recovery.

Incident response drills

Once a year, we carry out drills to verify response when an incident occurs by preparing a disaster occurrence scenario incorporating the most recent threats and having all CSIRT in the Group participate. Because external communication is also a key factor when an actual incident takes place, our public relations-related departments have also been taking part in these drills in the last several years.

image

NTT Group Information Security Policy https://group.ntt/en/g_policy/

TOPICS

Enhancing Security 1) Global Collaboration

Collection and Utilization of Global Threat Information

NTT has joined the Joint Cyber Defense Collaborative(JCDC), a U.S. government cybersecurity and resilienceinitiative, as its first Asian member.

Established by the U.S. Cybersecurity andInfrastructure Security Agency (CISA) in 2021, theJCDC is spearheading the collaborative developmentof cyber defense plans, information sharing oncybersecurity, and the dissemination of cyber defenseguidance to reduce risks to critical infrastructure andessential national functions. Private sector membersinclude major telecommunication companies,technology giants, and major security companies, suchas AT&T, Verizon, Lumen, Microsoft, Google, Cisco,Mandiant, and Palo Alto Networks. Moreover, U.S.government intelligence agencies and cybersecurityrelateddepartments from countries allied with theU.S. are also participating. By leveraging the globalintelligence gained from the JCDC, NTT can offer moreeffective protection of vital information networks andimproved responses to cyber incidents. Additionally,sharing information with other JCDC members enablesNTT to further advance its own cybersecurity initiatives.

Building on our existing foundation of trust andcollaboration with CISA and the U.S. government, wewill contribute a unique Asian perspective to the JCDCwhile sharing NTT's leadership along with its expansiveglobal experience and specialized expertise in security.In an era of continued global uncertainty surroundingcybersecurity, we firmly believe that a collaborativeapproach between the public and private sectors incybersecurity is essential, not just in the United Statesbut also globally, to defend against cyberattacks thatthreaten the critical social infrastructure upon which ourdaily lives depend.

Enhancing Security 2) Defense from an Attacker's Perspective

Red Team

NTT formed a Red Team in 2019. A Red Teamconducts simulated cyberattacks from the perspectiveof external attackers. In the realm of cybersecurity, it isa never-ending game of cat and mouse, with new typesof attacks emerging no matter how much one defends.Moreover, while attackers only need to succeed oncewith any variety of assaults, defenders must blockevery single one, creating an imbalance that favorsthe attackers. To address this challenge, NTT's RedTeam was established to formulate countermeasuresfrom the attacker's viewpoint. The ultimate goal is toimprove defensive capabilities; the activities are notlimited to just conducting simulated attacks. The RedTeam's activities also include analyzing and reportingvulnerabilities and organizational challenges in thetargeted systems after the simulated attack and evenproviding actionable advice for improvement. In somecases, the team may assist with implementing theseimprovements.

Bug Bounty Program

NTT began a Bug Bounty Program on a trialbasis in 2022 and fully launched it in 2023. A bugbounty is a reward given to individuals who discoversecurity loopholes in an information system. NTT hasimplemented this program with two specific aims.

1) To identify and rectify vulnerabilities before theycan be exploited by malicious third parties, therebyenhancing the overall security posture of the NTTGroup.

2) To offer employees who participate an avenueto refine their security skills from an attacker'sviewpoint, thereby nurturing the development ofsecurity talent.

The trial phase demonstrated that the program notonly contributed to enhancing corporate security, butalso helped in discovering undiscovered security talentand further honing their skills. Although fully operationalonly since 2023, the program will be continuallyrefined, and we aim to broaden the understanding thatimproving security is a collaborative effort involving allemployees.

Information Security Training

Each Group company seeks to raise information security literacy by organizing training for all employees as well as the employees of partner companies. Training is offered through e-learning, and all employees are obliged to participate in the course once a year. Looking ahead, we are considering unifying training content throughout the Group to provide employees with a standard level of knowledge on information security required in their business operations. By doing so, we will seek to enhance the security capabilities of the NTT Group and reinforce its human resources to deliver safe, secure services for our customers and society at large.

Overhaul of Security-related Regulations

From FY2021 to FY2022, we proceeded with a company- wide overhaul of security-related regulations. We are taking steps to prepare not just for the zero-trust era, but beyond.

Resilience Strategies〈Security〉

Should we experience security incidents such as cyber-terrorism that lead to service outages, degradation in service quality, or the leakage, alteration, or loss of information, there is a risk that the NTT Group's reputation and corporate image could suffer.This, in turn, could potentially impact our business performance and financial stability. Risks

To mitigate such risks, the NTT Group is actively engaged in risk-based information security initiatives. These are grounded in the belief that cyber incidents are inevitable and that minimizing damage is crucial. Measures include the implementation of a

As for capitalizing on opportunities, we are committed to nurturing security specialists endowed with state-of-the-art technology and deep expertise. Furthermore, we are actively offering risk management support services to businesses and communities outside the Group by leveraging the knowledge and insights accumulated through our risk-mitigation efforts. Opportunities

Indicators and Targets Related to Security

(Note) The scope of tallying the number of telecommunications service interruptions due to external cyberattacks includes four specified public institutions: NTT East, NTT West, NTTCommunications, and NTT DOCOMO.

Research and Development Initiatives

In addition to the development of technology for cybersecurity, the NTT Group is also focusing on the development of elemental technologies for security. Using basic research on encryption as our foundation, we are conducting research on security in applied fields such as cybersecurity and data security. Moreover, we are also tackling multidisciplinary security research that goes beyond an approach from a technological aspect to cover the likes of privacy, ethics and legal systems.

image

Business Activity

Basic Level Information Security Training

image

NTT Group launched a security expert certification system in 2015 with the aim of increasing the quality and number of its security personnel. This system defines three levels based on human resource type and skill level.

We must be constantly vigilant in our effort to remain abreast of the recent changes in security technologies and circumstances (zero trust, cloud native, DX, teleworking, etc.). As such, the effective and consistent training of security experts is a matter of utmost importance.

NTT used to offer basic level certification, but the rising number of certification holders coupled with the increase in awareness regarding the importance of security prompted us to develop security training programs targeting all employees worldwide.

People tend to shy away from security training due to its level of difficulty or by being turned off with the limited applicability of the subjects covered. To address this issue, we positioned raising employee interest in these subjects as our top priority, which we went about doing with animated videos and other endearing content, including a humorous introductory message by the CISO structured like a dramatic performance. Through these programs, we hope to make all employees recognize the necessity of security awareness and instill in them the basic practice of reporting any suspicious activities in their daily work. We thereby aim to motivate employees to participate in and contribute to our organization-wide drive to quickly detect and address security issues.

NTT Group CSIRT Activities

image

Management of CSIRT

The NTT Group established NTT-CERT in 2004 to function as a computer security incident response team (CSIRT). This team collects information regarding security incidents associated with the Group. It then offers support for addressing these incidents, formulates measures to prevent recurrence, develops training programs, and provides security-related information.

As a central element of the NTT Group's security initiatives, NTT-CERT provides a reliable venue for consultations regarding information security. The team also collaborates with organizations and specialists inside and outside the NTT Group to offer support for detecting and resolving security incidents, minimizing damages, and preventing occurrence. NTT-CERT is thereby contributing to better security for both the NTT Group and societies that are permeated by information networks.

Moreover, NTT-CERT coordinates with the United States Computer Emergency Readiness Team (USCERT*1) and the Japan Computer Emergency Response Team Coordination Center (JPCERT/ CC*2) and is also a member of the Forum of Incident Response and Security Teams ( FIRST) and the Nippon CSIRT Association*3, which enables it to coordinate with domestic and overseas CSIRT organizations. This coordination makes it possible for NTT-CERT to share information on relevant trends and response measures. In addition, NTT-CERT participates in the cross-industry drills held by the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) to share expertise and gather information. NTT-CERT also plays a role in promoting the establishment of CSIRTs at Group companies and helping improve their response capabilities.

NTT-CERT will expand its collection of information on vulnerabilities and attacks to cover areas including the dark web and will strengthen its information analysis platform and further automate and enhance its response to cyber threats in order to continually respond to threats as they change.

※1US-CERT: An information security preparedness organization under the Department of Homeland Security (DHS)

※2 JPCERT Coordination Center: An organization that collects reports inside Japan, supports responses, monitors situations, analyzes entry points, and reviews and provides advice on measures for preventing reoccurrences from a technical standpoint with regard to computer security incidents such as intrusions through the Internet or service interruptions

※3 NTT-CERT founded the Nippon CSIRT Association

NTT-CERT

https://www.ntt-cert.org/index-en.html当該ページを別ウィンドウで開きます

Nippon CSIRT Association

https://www.nca.gr.jp/en/index.html当該ページを別ウィンドウで開きます

FIRST Forum of Incident Response and Security Teams

https://www.first.org/当該ページを別ウィンドウで開きます

Personal Information Protection

Policies and Concepts

Every year, the importance of ensuring the protection of personal information and the comprehensive management of information around the world continues to grow. The NTT Group has been entrusted with a considerable quantity of personal information, ranging from data on individual customers to that of corporate customers, and as such ensure that personal information is handled appropriately in accordance with the laws and regulations of each country, such as Japan's Act on the Protection of Personal Information and the EU's General Data Protection Regulation (GDPR).

Under these circumstances, personal information leakage could have various repercussions for the NTT Group in the operations of its businesses, including damage to its corporate value and loss of customers, which makes it essential to rigorously manage personal information as the NTT Group's top priority.

Organization for Implementation

Under the NTT Group Information Security Policy, we disclose on our website specific policies for protecting the personal information of customers and shareholders and policies for protecting personally identifiable information re- quired by Japan's Social Security and Tax Number System. In this policy, we also define how we respond to requests for disclosure, correction, and suspension of use related to the personal information retained by the NTT Group.

We have also put in place a security management system that ensures thorough and rigorous security practices, with the Chief Information Officer (CISO) placed in charge (see page 054).

Policy on Protecting Personal Information


About personal information protection

https://group.ntt/en/protection/

Policy on Protecting Personal Information of Customers

https://group.ntt/en/protection/customers.html

Policy on Protecting Personal Information of Shareholders

https://group.ntt/en/protection/shareholders.html

Policy on Protecting Specific Personal Information of Business Partners

https://group.ntt/en/protection/partners.html

Policy on Protecting Specific Personal Information of Shareholders

https://group.ntt/en/protection/specific_personal_information.html

Main Initiatives

NTT has systematic security control measures, human security control measures, physical security control measures, and technical security control measures in place for handling our customers' personal information.

  1. Systematic security control measures

    We have created a statement outlining the building of management systems such as placing a person responsible for management of the committee and each organization, the establishment of internal regulations, management ledgers and process management charts, and other matters. Furthermore, we are also building management systems for handling ongoing improvements and the like.

  2. Human security control measures

    All employees who handle customers' personal information are informed and made aware of the importance of protecting this information, regardless of whether they are officers, regular employees, or temporary employees. We ensure employees conclude non-disclosure agreements and provide necessary auditing and supervision to ensure their effectiveness.

  3. Physical security control measures

    We enact various measures including controlling access to physical equipment which handles customers' personal information and the floors where these are kept, measures to prevent theft, measures to prevent damage to customers' personal information during incidents such as fires and lightning strikes, and the use of locks when taking out, moving, or storing systems and documents.

  4. Technical security control measures

    We have put in place various technical security control measures such as access management when accessing personal data including authentication, authority administration, control, and recording, countermeasures against viruses and malware in systems, measures for use when sending and receiving information including encryption and clarification of responsibility, and the monitoring of information systems.

Each domestic company in the Group has established a personal information protection system in line with its business and based on the Protection of Personal Information. We are consistently pursuing initiatives to protect information, including stringent measures on the physical and systems aspects of security and appropriate supervision of outsourcing contractors. Management of information is being further enhanced, as personal information acquired by group companies in Japan via individual or household services like cell phones and internet access will be retained and accessed from within Japan after May 2021.

Main Initiatives of Domestic Group Companies

  • Establishment of internal rules and regulations
  • Employee training to ensure appropriate implementation of the above rules and regulations
  • Establishment of an organization to promote information security management
  • Establishment of a security management system for preventing illegal access to information or the loss, alteration, or information leakage as well as managing antivirus measures and the physical transfer of information
image

Establishment of Contact Points on Personal Information

NTT has set up the Customer Contact Point on Personal Information, and similar contact points for services related to personal information have been set up at each NTT Group company. Since NTT is a holding company that does not directly provide telecommunications services, inquiries regarding personal information related to services are redirected to the contact points of the operating companies concerned.

Additionally, inquiries regarding the handling of personal information under laws and regulations are redirected to the person responsible for information security at the operating companies concerned.

Nippon Telegraph and Telephone Corporation Customer Contact
Point on Personal Information


Email:ntt_kojin@ntt.com

https://group.ntt/en/protection/customers.html

Business Activity 21
Promoting a decentralized society based on remote work

Our commitment

Shifting toward new work styles centered on remote work, by upgrading IT environments and reviewing systems, in addition to advancing DX projects and work reforms with an eye on the postpandemic world

Our objective

0

Major personal data leaks (annual)

Policies and Concepts

The NTT Group recognizes that remote work will play a key role in society even after COVID-19 subsides. Based on this recognition, we will make active efforts as an ICT company to improve DX and other environments that allow for more opportunities for remote work. We believe these initiatives ensure the Group's sustainable growth, enhance its corporate value, and eventually help find solutions to social issues.

In light of this background, the NTT Group is currently rolling out various specific initiatives such as (1) Making "general improvements" by rolling out cloud based systems/zero-trust systems, (2) "Promoting DX" to enable remote work for automating and making operations more efficient, and (3) Re-examination of systems for promoting work styles based on remote work. Remote work systems and remote work allowances will be established as part of promoting work styles required for remote work, and thereby offering a greater choice of "work time" and "work location" for employees.

Different to "work-life balance" that aims to separate and create a balance between work and private life, we are considering the promotion of "work-in-life (health management)" where employees can select and design their own work style by viewing work as part of the lifestyle of each and every employee. In addition to flexibility with "work time" and "work location," flexibility with regard to "residence" is also considered important, so remote work systems are being revised to develop work styles centered around remote work.

Decentralization of the Organization
(Including Head Offices and Back-Offices)

The NTT Group began initiatives for decentralizing the organization from metropolitan areas to regional areas, or core cities.
<Specific Initiatives>

  • Trial run for dispersing the organization across regions to begin at the holding company (starting in October 2022)
  • From the standpoint of resilience, we will aim for sustainable business operations by opening offices in Takasaki City and Kyoto City and promoting split shifts The first step will involve a trial of certain organizations (with approx. 200 employees) of the holding company
  • The trial will be used to test for issues or measures related to business operations and communications with split shifts, with a view to applying it to actual operations
  • Introduce a working style based on telework in which employees engage in head office operations while residing in a distant location
  • Introduce a "hometown double work" program to contribute to the revitalization of local communities and areas associated with the Company while continuing current assignments

Promotion of a decentralized society and work-in-life (health management) through the workplace-residence proximity

The NTT Group is taking initiatives to shift to new work styles premised on remote work.

  • Remote work ratio: 70.8% (conducted from October to December, 2021)
  • Creating an environment that offers greater choice of work location
  • Remote work that does not require approval on a case-by-case basis, elimination of restrictions on residential areas for employees who can work remotely, and sharing costs and other expenses associated with commuting to work from remote locations (FY2022 onward)
  • No Need for Relocations and Unaccompanied Assignments Recruitment of Remote-Based Employess (From FY2022)
  • Expand the number of organizations that support remote work through DX (establish security requirements at major contact centers, begin introducing tools to prevent peeping)
  • Satellite offices: 249 sites (end of January, 2022, target of 260 sites or more during FY2022)
  • Re-Examination of the Office Environment Increase the amount of space per person in the office by 1.5x, and enhance the space for idea creation and co-creation (From FY2022)

Business Activity

Rolling out zero-trust security and increasing the remote work ratio

In this day and age, IT has become an essential part of our lives and work, but this also increases the amount of threats from cyberattacks. As a company that handles sensitive customer information, implementing measures to protect against these threats is of the utmost importance. In many cases, the way employees work must be restricted to ensure security.

We came up with the "Work from Anywhere" slogan as a way of reforming working styles, and developed an IT environment that allows employees to work from anywhere in the same way as working in the office. This is a work style that has a greater degree of flexibility thanks to advancements in IT. This requires a high level of security to ensure work is performed in the same way from any location. To achieve this, the "zero-trust" concept has been adopted. "Until now, the approach to ensure security had been to complete all work within the company intranet, and to make sure the connection was closed securely. Yet with cyberattacks becoming more advanced in recent years, we need to factor in the possibility of unauthorized access to the intranet. A new approach was established, with the entire system designed not to trust any type of access, whether it is from within the intranet or from external sources. This is the basic approach to zero-trust security."

Whether employees are working from home, a satellite office or any other location, the concept of "Work from Anywhere" is a great way to boost their motivation.

image
image

Generating value as new regional communities created by "another workplace"
--Maintaining employee health, while developing environments equivalent to the office to ensure business continuity--

When the state of emergency was declared, we needed to quickly develop an environment that employees could work with. A long-term vision has emerged in recent years, covering the COVID-19 and post COVID-19 stages, and the role of these satellite offices are shifting to providing an environment where each and every employee can work in a lively manner. The value created by satellite office communities is being recognized once again.

Some 330,000 employees working at more than 900 companies support the NTT Group worldwide. And each employee has its own household and its own environment. This approach was neither a conventional office, nor is it quite, home. We needed to provide an area suitable for remote work as quickly as possible. To allow each employee to select their own workplace where they could work in the most lively manner, we embarked on a project to open satellite offices for employees of the NTT Group.

The NTT Group owns some 7,000 "office buildings" around the country that are equipped with communications facilities. They are located in many areas around Japan--not only in cities, but also residential areas and almost every other type of area. This project aimed to turn those buildings into suburban satellite offices for use by employees of the NTT Group. Every building that would become a satellite office needed to be planned carefully. The project team aimed to open its first such building in October 2020, around half a year after the state of emergency was declared--the team worked at an unprecedented pace at preparing the buildings, and ended up opening 10 satellite offices during fiscal 2020, and 50 during fiscal 2021. The number of these satellite offices continued to grow throughout the NTT Group, and today around 5,000 employees are registered to use them.

image
image

NTT Sustainability

Sustainability

NTT Group

Group Companies