Microsoft ends support for Internet Explorer on June 16, 2022.
We recommend using one of the browsers listed below.
Please contact your browser provider for download and installation instructions.
(Note)1. The scope for counting significant incidents is limited to the four designated public telecommunications companies (NTT East, NTT West, NTT Communications, and NTTDOCOMO).
2. A "significant incident" is defined as an event meeting the following conditions that disrupt or degrade the quality of telecommunications services:
・Voice services that handle emergency calls (110, 119, etc.): Lasting more than 1 hour and impacting over 30,000 people
・Voice services that do not handle emergency calls: Lasting more than 2 hours and impacting over 30,000 people, or more than 1 hour and impacting over 100,000 people
・Internet-related services (free): Lasting more than 12 hours and impacting over 1 million people, or more than 24 hours and impacting over 100,000 people
・Other services: Lasting more than 2 hours and impacting over 30,000 people, or more than 1 hour and impacting over 1 million people
As a designated public organization, the NTT Group is making a daily effort to ensure emergency and critical communication channels. Furthermore, in recent years, there is an escalating risk of physical attacks, such as armed assaults and acts of terrorism, on top of the increasing frequency of large-scale, expansive, and long-lasting natural disasters. Recognizing the potential for natural disasters to have greater impacts on telecommunications facilities and services and for recovery efforts to be prolonged, NTT is increasing the resilience of its facilities and taking steps to expedite recovery efforts.
Learning from past experiences and lessons in telecommunications failures, we will create a robust network/system that takes into account the occurrence of major malfunctions and cyber-attacks, thereby strengthening social infrastructure. In addition, we will strengthen measures to cope with natural disasters, which are becoming increasingly severe. Looking toward this goal, we will invest around 160 billion yen*1 by fiscal 2025.
To build a resilient network system, we will proceed based on the assumption that unexpected events will inevitably occur, implementing preventive measures against human errors and malfunctions while minimizing the impact if a failure does occur.
Furthermore, we will enhance disaster preparedness and globally standardized cybersecurity measures, with a view toward safe and secure service delivery.
(Note)The scope of tallying the number of telecommunications service interruptions due to external cyberattacks includes four specified public institutions: NTT East, NTT West, NTTCommunications, and NTT DOCOMO.
● Organization for Implementation
● NTT Group's Security Governance Goals
NTT has joined the Joint Cyber Defense Collaborative (JCDC), a U.S. government cybersecurity and resilience initiative, as its first Asian member.
Established by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in 2021, the JCDC is spearheading the collaborative development of cyber defense plans, information sharing on cybersecurity, and the dissemination of cyber defense guidance to reduce risks to critical infrastructure and essential national functions. Private sector members include major telecommunication companies, technology giants, and major security companies, such as AT&T, Verizon, Lumen, Microsoft, Google, Cisco, Mandiant, and Palo Alto Networks. Moreover, U.S. government intelligence agencies and cybersecurity-related departments from countries allied with the U.S. are also participating. By leveraging the global intelligence gained from the JCDC, NTT can offer more effective protection of vital information networks and improved responses to cyber incidents. Additionally, sharing information with other JCDC members enables NTT to further advance its own cybersecurity initiatives.
Building on our existing foundation of trust and collaboration with CISA and the U.S. government, we will contribute a unique Asian perspective to the JCDC while sharing NTT's leadership along with its expansive global experience and specialized expertise in security. In an era of continued global uncertainty surrounding cybersecurity, we firmly believe that a collaborative approach between the public and private sectors in cybersecurity is essential, not just in the United States but also globally, to defend against cyberattacks that threaten the critical social infrastructure upon which our daily lives depend.
NTT formed a Red Team in 2019. A Red Team conducts simulated cyberattacks from the perspective of external attackers. In the realm of cybersecurity, it is a never-ending game of cat and mouse, with new types of attacks emerging no matter how much one defends. Moreover, while attackers only need to succeed once with any variety of assaults, defenders must block every single one, creating an imbalance that favors the attackers. To address this challenge, NTT's Red Team was established to formulate countermeasures from the attacker's viewpoint. The ultimate goal is to improve defensive capabilities; the activities are not limited to just conducting simulated attacks. The Red Team's activities also include analyzing and reporting vulnerabilities and organizational challenges in the targeted systems after the simulated attack and even providing actionable advice for improvement. In some cases, the team may assist with implementing these improvements.
NTT began a Bug Bounty Program on a trial basis in 2022 and fully launched it in 2023. A bug bounty is a reward given to individuals who discover security loopholes in an information system. NTT has implemented this program with two specific aims.
1) To identify and rectify vulnerabilities before they can be exploited by malicious third parties, thereby enhancing the overall security posture of the NTT Group.
2) To offer employees who participate an avenue to refine their security skills from an attacker's viewpoint, thereby nurturing the development of security talent.
The trial phase demonstrated that the program not only contributed to enhancing corporate security, but also helped in discovering undiscovered security talent and further honing their skills. Although fully operational only since 2023, the program will be continually refined, and we aim to broaden the understanding that improving security is a collaborative effort involving all employees.
NTT Sustainability