Cyber Security in Japan (v.2)

Transcription

1 Cyber Security in Japan (v.2) Ryusuke Masuoka and Tsutomu Ishino Cyber Security Policy Research Team Center for International Public Policy Studies (CIPPS) December 2012

2 Outline Japanese Government s Approach Situation in Japan NISC and Four Key Agencies Cyber Incidents Cybercrime Trends in Japan References 1

3 JAPANESE GOVERNMENT S APPROACH 2

4 Approach by Japanese Government Cross-sectional Framework Lead by Cabinet Secretariat Director-General: Prime Minister Vice Director-Generals: Minister of State for Science and Technology Policy Chief Cabinet Secretary Minister of Internal Affairs Minister of Economy, Trade and Industry Members: All other Ministers of State and Experts (10) Secretariat IT Strategic Headquarters Cabinet Secretariat IT Dep t Chief : Assistant Chief Cabinet Secretary (Domestic affairs) Agencies in charge of critical infrastructures Financial Services Agency: Financial Institutes Minister of Internal Affairs: Municipals, Communication Ministry of Health, Labour and Welfare: Hospitals, Water Minister of Economy, Trade and Industry: Electric Power, Gas Ministry of Land, Infrastructure, Transport and Tourism: Railways, Airlines, Distribution Other agencies Ministry of Education, Culture, Sports, Science and Technology: Cyber Security Education Chairman: Chief Cabinet Secretary Deputy Chairman: Minister of State for Science and Technology Policy Members: CISO Conference Secretariat Director: Assistant Chief Cabinet Secretary (Risk & Security) Deputy Director: Councillor, Cabinet Secretariat (2) Cabinet Counsellors (6) Advisors on Information Security (3) Information Security Policy Council National Public Safety Commission Chairman Minister of Internal Affairs Minister of Economy, Trade and Industry Minister of Defense Members from the private-sector (6) Special Committee on Critical Infrastructures National Information Security Center (NISC) Special Committee on Technological Strategy National Police Agency Ministers from four key agencies Special Committee on Edification and Education Four Key Agencies Ministry of Internal Affairs and Communications Ministry of Economy, Trade and Industry Ministry of Defense 3 Critical Infrastructures Governmental Agencies Businesses Individuals

5 NISC and Four Key Agencies National Information Security Center (NISC) Coordinating government efforts National Police Agency (NPA) Fighting Cybercrimes Ministry of Internal Affairs and Communications (MIC) Communication and Network Policies Ministry of Economy, Trade and Industry (METI) IT Policies Ministry of Defense (MOD) National Security 4

6 SITUATION IN JAPAN 5

7 Situation in Japan - Started bearing fruit, but still a long way to go Wake up call Mitsubishi Heavy Industries (MHI), Sep Cyber security particularly hot after a cyber attack on MHI revealed Anonymous hits Japan July 2012 (Sony in 2011) Stuxnet raised awareness for cyber attacks on critical infrastructures Many relevant books published Information Security 2012 July eng.pdf 1. Strengthening Measures for Sophisticated Threats to Companies and Organizations Handling Important National Information on Security 2. Maintaining a Safe and Secure User Environment for Addressing the Emerging Risks Associated with the Proliferation of New Information and Communications Technology Including the Full-Fledged Widespread Use of Smart Phones 3. Reinforcement of International Alliances 6

8 Situation in Japan - Progresses and Setbacks Progresses Laws are being updated Cybercrime Convention into force 1 Nov MOD stands up to meet the challenges beyond its IT infrastructure Control System Security Center (CSSC) Mar Setbacks PC Hijack Case Concern of too many pilots 7

9 NISC AND FOUR KEY AGENCIES 8

10 National Information Security Center (NISC) - Coordinating government efforts Information Security 2012 July eng.pdf 1. Strengthening Measures for Sophisticated Threats to Companies and Organizations Handling Important National Information on Security 2. Maintaining a Safe and Secure User Environment for Addressing the Emerging Risks Associated with the Proliferation of New Information and Communications Technology Including the Full-Fledged Widespread Use of Smart Phones 3. Reinforcement of International Alliances FY B JPY Planned (Japanese Government Total) 9

11 National Police Agency (NPA) Fighting Cybercrimes Cyber-Security Activities 1. Cyber Force Center (Reorganized 140 IT Staffs of NPA) 2. Information sharing with CCI-Designated Companies 3. Council to Prevent Unauthorized Communications to Counter Cyber-Intelligence (with 4,800 companies all over Japan) FY B JPY Planned 1. Improve response capability against cybercrimes 2. Improve response capability against cyber attacks to state secrets and critical infrastructures 3. Extend international collaboration 4. Keep analysis and law enforcement capabilities up to date with changing IT technologies and laws CCI: Counter Cyber Intelligence 10

12 Ministry of Internal Affairs and Communications (MIC) - Communication and Network Policies Cyber Security Activities Cyber Attack Analysis Council, jointly with METI IPA, JPCERT/CC, NICT, Telecom-ISAC Japan Smart Phone Information Security FY B JPY Planned Comprehensive security environment ready for new types of cyber attacks 2.62B JPY IPA: Information-technology Promotion Agency, Japan JPCERT/CC: Japan Computer Emergency Response Team Coordination Center METI: Ministry of Economy, Trade and Industry NICT: National institution of information and communications technology Telecom-ISAC Japan: Telecom Information Sharing and Analysis Center Japan 11

13 Ministry of Economy, Trade and Industry (METI) - IT Policies Cyber Security Activities Initiative for Cyber Security Information sharing Partnership Japan (J-CSIP) Information sharing of cyber attacks Cyber Attack Analysis Council, jointly with MIC IPA, JPCERT/CC, NICT, Telecom-ISAC Japan Building a pool of advanced information security experts National security competitions, etc. Securing control systems Cyber security exercises, etc. Control System Security Center (CSSC) Mar Established in Tokyo and Tsunami-affected area (Miyagi Reconstruction Park) FY B JPY Planned Information security promotion projects 1.6B JPY Hubs for security verification and education Control systems test beds at CSSC B JPY IPA: Information-technology Promotion Agency, Japan JPCERT/CC: Japan Computer Emergency Response Team Coordination Center MIC: Ministry of Internal Affairs and Communications NICT: National institution of information and communications technology Telecom-ISAC Japan: Telecom Information Sharing and Analysis Center Japan 12

14 Ministry of Defense (MOD) National Security Cyber Security Activities 6 core approaches 1. Improve information and telecommunication systems security 2. Reinforce protection systems 3. Prepare rules and regulations 4. Develop Human resources 5. Promote information sharing 6. R&D of latest technologies FY B JPY Planned Cyberspace Guard (tentative name) ~100 members, 10B JPY MOD Cyber Range 1.59B JPY Add network monitoring equipment Training through Japan-U.S. joint exercises 13

15 CYBER INCIDENTS 14

16 Case: Advanced Persistent Threat (APT) (4) Final Attack Execution (3) System Survey Confidential Info Obtained Attacker Spear Phishing (0) Preliminary Investigation (1) Initial Penetration (2) Building Attack Infrastructure Based on a Fujitsu slide, Modified by CIPPS 15

17 Case: PC Hijack 2012 TOR (6) Culprit Writes commands TOR? TOR Livedoor Shitaraba BB (Used as C&C) Uploads software with virus to Dropbox (1) Post to 2 Channel with link to Dropbox file Reads commands regularly Dropbox Timer.zip (BKDR_SYSIE.A) 2 Channel Siberia Super Fast BB (2) Siberia PO 405th [Repost Request] Executes software and gets infected (7) (9) Writes Post is done when successful Software BB Is there software like? Part. 149 How about this? Reads the post and downloads software Announces crime plans (5) Suspect (11) Arrests him based on IP Address (4) (8) 8/1 (8) 7/29 BB: Bulletin Board C&C: Command and Control TOR: The Onion Router This figure based on Kango/ / JAL (Customer Service) Unsuspecting proxy to repost Osaka City (Suggestion Box) (10) (3) (3) Proxy Consults with police 16

18 CYBERCRIME TRENDS IN JAPAN 17

19 Cybercrime Offenses Cleared 8,000 7,000 6,000 5,000 4,000 1, ,740 2, , Unauthorized Access Violations 3,000 2,000 3,918 4,334 3,961 5,199 5,388 Crimes Targeting Computers / Electronic Records Networking Crimes 1, Source: NPA 18

20 Networking Crimes Cleared in Details Violations of Trademark Law 4% Copyright Infringements 7% Others 16% Unauthorized Access Violations 4% Crimes Targeting Computers / Electronic Records 2% Frauds 16% Violations of Youth Protection Laws 8% Networking Crimes Child Pornography Offenses 15% Child Prostitution Offenses 8% Violations of Dating Site Regulation Act 8% Distribution of Obscene Materials 12% Source: NPA 19

21 Cybercrime Counseling 90,000 80,000 70,000 60,000 50,000 40,000 73,193 7,644 3,497 3,005 12,707 8,871 4,645 81,994 9,095 4,039 4,522 8,990 11,516 6,038 83,739 9,502 3,785 4,183 7,859 11,557 6,538 75,810 10,009 3,847 3,668 6,905 10,212 9,836 80,273 11,259 3,382 4,619 5,905 10,549 11,667 Others Illegal / Harmful Information Unauthorized Accesses / Computer Viruses Auctioning Defamation / Libels Spams 30,000 Frauds / Fraudulent Businesses 20,000 32,824 37,794 40,315 31,333 32,892 10, Source: NPA 20

22 Calls to Internet Hotline Center (IHC) Calls Forwarded to Police 189, ,757 Harmful Information Illegal Information 44,683 9,667 41,400 4,827 33, , ,391 6,217 20,333 16,418 3,600 6,122 27,751 35,016 36,573 91,769 12,818 14, ,310 8,221 20,659 22,964 23,846 Calls about Illegal/Harmful Information Source: NPA 21

23 REFERENCES 22

24 References Documents Information Security 2012, eng.pdf Japanese Government's Efforts to Address Information Security Issues (November 2007), eng.pdf The White Paper on Police 2011 [Digest Edition] Cyber Security in Special Feature II WHITE PAPER on POLICE2011.htm Police of Japan 2012 Section 7 of Community Safety on Cybercrime Organizations CIPPS: Center for International Public Policy Studies IPA: Information-technology Promotion Agency, Japan JPCERT/CC: Japan Computer Emergency Response Team Coordination Center NICT: National institution of information and communications technology NISC: National Information Security Center Telecom-ISAC Japan: Telecom Information Sharing and Analysis Center Japan 23

25