The advancement of digital transformation (DX) in local governments has expanded the attack surface, leading to increased system complexity and new threats. In particular, In particular, nation-state-sponsored cyber attack actors conducting Advanced Persistent Threats (APT attacks) have been increasing in recent years, making it difficult to maintain efficient and secure networks in increasingly complex network environments such as α' and β' models, in addition to the current three-layer countermeasures. Cases that impact citizen services have been reported, including unauthorized access to municipal websites and email relay servers, and malware infections resulting from access to phishing sites through social engineering. When adding flexibility to the traditional three-layer model through cloud service utilization and telework promotion, achieving this without breaking the premise of a "trusted internal network" has become an extremely challenging issue. The reconciliation of DX promotion and information security has become an urgent challenge for local governments.

As an interim response, the Ministry of Internal Affairs and Communications is promoting the transition from the α model, currently adopted by many local governments, to α' and β' models. These serve as important steps toward future zero trust migration. Zero trust implementation requires four phased implementations: ①Identity governance (centralization of authentication infrastructure), ②Device governance and protection (integrated terminal management and threat detection through EDR), ③Web/Email/Network boundary security measures (file sanitization, zero-day countermeasures, application control), and ④Security operations (integrated log analysis and automation). When considering migration to α' and β' models, it is important to plan with future zero trust migration in mind. By progressively strengthening security measures in alignment with existing system update timing, smooth zero trust migration and the realization of municipal DX become possible.