25 years ago, when the concept of “cybercrime investigation” was non-existent in Japan, Kimiya Kimura took it upon himself to undertake research into cybercrime while serving as a police officer. Today he is the Executive Director of NEC’s Cyber Security Strategy Division. Here Kimura, who joined NEC after retiring from 25 years of battling cybercrime in the police force, discusses his own experiences and outlines the nature of cyber security.

From the frontlines of the Cybercrime Division to NEC

8,324^* arrests for cybercrime were made in 2016; the highest ever recorded in Japan. However, this is thought to be just a small portion of the myriad of crimes taking place in cyberspace. Experts point to an ‘iceberg’ looming below the surface, growing ever year at a rate faster than the increase in arrests.

In 2012 NEC earmarked the cyber security field a growth area, and set a target to increase in-house security personnel to 1,200 by the March quarter 2018. Since then, work has progressed on setting up personnel development systems and actively recruiting outside the organization.

Many of those recruited externally are engineers and researchers, but there are also people with extremely unique career histories. Kimiya Kimura is one such recruit, serving on the frontlines of the Cybercrime Divisions of both the Kyoto Prefectural Police Department and the National Police Agency.

After retiring from the National Police Agency, Kimura was reemployed by NEC in April of 2017 in order to demonstrate the capabilities he developed managing frontline cybercrime investigations, and was deployed to the Cyber Security Strategy Division. Presently Kimura advises on the planning, development and sales of cyber security-related solutions, and is engaged in such duties as the development of personnel training and the delivery of a lecture. He is also in charge of human resource development for the Japan Cybercrime Control Center (JC3), for which NEC Senior Officer, Takaaki Shimizu, serves as Representative Director.

One policeman alone kick-starts research on cybercrime

Experienced cybercrime investigators re-employed after retirement from the police force didn’t exist before Kimura. This is because Kimura himself pioneered the field of cybercrime investigation in Japan.

Starting his career on the force on police box duty, Kimura commenced researching cybercrime on his own 25 years ago when there wasn’t even a specialist cybercrime division within the organization. Through his studies he almost singlehandedly sought out ways to best conduct cybercrime investigations in Japan.

“For the first 10 years I would study the Internet in my spare time while doing the job I was assign to in the division. While surfing the Net I would conduct cybercrime patrols. As the police force is basically an organization that acts on the orders of superior officers, I was chastised by my superiors for this and looked upon strangely by those around me at the time”, Kimura remembers with a smile.

His time would come and soon after Kimura was able to devote all his energies to investigating such crimes when a specialist division for cybercrime investigations was created.

──The difficulty of cybercrime investigations is the various barriers that exist. Kimura elaborates on this. First up is the barrier posed by international borders.

“Cyber attacks are in nearly all cases perpetrated overseas, and as such a cooperative framework with police forces in other countries is vital. However, international collaboration just isn’t that simple, especially as laws and systems differ from country to country. I myself have collaborated with foreign law enforcement on numerous investigations, but the fact is that these joint operations are not keeping pace with the increase in cybercrime.”

Meanwhile even the corporations and organizations that are victims of cybercrime face barriers in the form of in-house institutions and systems. Cybercrime investigations require high-level specialist knowledge of IT and networks. These technological “barriers” are also very difficult to overcome.

“It’s no longer just a matter of criminals operating only in cyberspace. Recently we have seen an increasing number of cases where real-world criminal organizations are using the Internet to raise funds illicitly while being “supported” by companies operating behind the scenes. I believe that it is becoming more and more important that measures to counteract cybercrime are conducted in cooperation with not only law enforcement agencies, but also with the private sector and society as a whole.

Think things through yourself and never give up

Kimura’s philosophy is “work creates a living that creates a person”.

“People spend more hours working than doing anything else in their lives. Work is responsible for much of our pain but also much of our happiness. This is the reason I believe in ‘taking work seriously’, or putting it another way, ‘making the most of our lives’. Seeing a job through gives our life meaning. This is what I have realized after many years of involvement in cybercrime investigations.”

There is no doubt that we will need measures to counteract cybercrime from here on──. This conviction embraced 25 years ago has never been shaken. Despite a lack of understanding from peers and virtually spending 10 years on the outer, Kimura’s serious attitude and his devotion to work, sometimes without sparing time to sleep, started to draw attention. Kimura’s convictions gradually found supporters, and he soon became known as the No.1 cybercrime investigator in reality as well as in name.

“Investigations can’t be conducted by one person alone. I can’t thank those colleagues enough who lent a hand to me during my darker days.”

Kimura talks of the difficulties faced during criminal investigations and how vitally important it is to find a “path” through these difficulties. However, there are no specific techniques to discovering this path.

Digging up past experiences, thinking through things for yourself, and never giving up──. Kimura says that such sure and steady efforts will eventually reveal the narrow path ahead.

“I believe that the quality of ideas is derived from a quantity of ideas. Behind Thomas Edison’s numerous outstanding inventions were many ideas that never saw the light of day. Keep generating a large number of ideas, even if they are likely to be rejected. Somewhere along the line this accumulation of ideas will transform into something of quality.”

Of course this also translates to his work within the company. Kimura talks enthusiastically about passing on the work attitude and “never-give-in” mindset he acquired through many years of police life to the younger generation.

Protecting the safety and security of our society through security measures

Cyber attacks don't only bring loss to one’s own company but are extremely serious threats that risk spreading harm to customers and clients linked to the supply chain. Information leaks, Web fraud, virus propagation──. Companies that open their doors to these types of attacks suffer on a financial level, but also end up suffering irreparable damage to their reputation within the community.

“The problem of cyber security is not something that each company faces alone. Of course it is important to protect your own company first, but it is also vital to share experiences and knowhow on countermeasures with as many companies and people as possible. Cyber security initiatives contribute to a safer and more secure society. I would encourage people to view cyber security from this perspective.”

Kimura explains that there are three important points to ‘protecting our company’: creating robust user-friendly systems, establishing easy-to-follow rules and creating simulations of emergency situations.

“When it comes to security, it’s not always a case of the stronger the better. Robust systems that interfere with daily tasks, reduce usability and end up not functioning properly defeat the purpose of having such systems. The same thinking applies to the operational rules of security. A balance between strength and ease of operation is more important than anything else.”

Kimura would like to see more sharing of information with other companies and organizations on the best cyber security practices based on these in-house initiatives to build a united front against cybercrime.

“With 25 years experience as a cybercrime investigator, I pride myself on knowing exactly what cyber security measures are required and what are needed for developing security human resource. Working together with my new colleagues at NEC, I will focus my efforts on developing solutions and training personnel to uphold the safety and security of our society, just as I did in my policing days. I intend to do my job with the same determination.”

(February 28, 2020)