"Industry Side Views of cyber security in Japan"

Transcription

1 "Industry Side Views of cyber security in Japan" Event 2: Cyber Security in East Asia and Policy Cooperation between Japan and the United States USJI-Week, September 7-10, 2010 US-Japan Research Institute R&D Planning Department, Tomohiko Yamakawa 1

2 Outline Cyber security as a cost Cyber security as a challenge CSIRT activity (NTT-CERT) How could you find "cyber attack"? Global collaboration in cyber security 2

3 Cyber security as a cost regulatory compliance As a provider of IT Service and Information Systems Government Critical Infrastructure (Telco, Finance, Electric Power supply, Gas, etc.) Business enterprises As a listed companies SOX and J-SOX As a telecom operator Secrecy of Communication Information Assurance Personal DATA protection 3

4 Cyber security as a challenge How to manage threat and vulnerabilities? Incident management, Incident response, vulnerability management Idea of Cyber Defense How to protect your customers from cyber attack? Company A Vulnerabilities Threats How to react to these problems? Issue of operation? Just a bug? At the same time we have to consider so many issues of information system Information system department develop Information system Servers Routers networks outsource OEM Self develop Outsourcer Vendors Other in formation Security manager operate Provide service s users 4

5 Cyber security as a challenge How to manage threat and vulnerabilities? Incident management, Incident response, vulnerability management Idea of Cyber Defense How to protect your customers from cyber attack? CISO Company A Security outsource Vulnerabilities Security manager Vulnerability management Information system Servers Routers networks Outsourcer Vendors Threats CSIRT Information system department develop outsource OEM Self develop Vendor management Other in formation Incident response operate Provide service s users 5

6 CSIRT activity (NTT-CERT) CSIRT = Computer Security Incident Response Team NTT-CERT, as a incident coordination center for NTT group companies education NTT-CERT Help desk Research and analyze detecting incident Forensics CSIRT communities support Information sharing detect social contribution education and awareness raising supporting 6 事 業 会 group 社 companies 貢 献 information sharing (portal web-site) incident handling Honey pot NTT EAST, NTT WEST NTT Communications, NTTDATA NTT DoCoMo 6

7 How could you find "cyber attack"? Cyber attack? Incident? Or Bug? What we call Cyber attack? Any clear definition? Anyone can understand what is happening now? Could you understand all individual accident and integrate them accurately? Jack: My PC is infected! Betty: Why I cannot access this website? Taro: Another website is not accessible now! Natasha: In Russia, unknown viruses are found Do you think whether it is a Cyber attack or not? Estonia in 2007 Georgia in 2008 Korea in 2009 Google case in 2010 Japan in 2010? 7

8 For example Could you describe all relative situation correctly? The best doctor would identify the disease of patient immediately. System vedor Vulnerability information Cyber attack? data of books Library B Website What he intended? Using computer program Arrested by police Cyber attack? Difficult to access 8

9 Global collaboration in cyber security Management Level Most executives, both in government and industry, recognize cyber security as most significant for management Even they should be ready paying some money for cyber security But what should be paid for cyber security is not clear yet Firewalls, virus identifier, certification for Operation Level Keep your best doctor for cyber security at your hand Identify the your disease, give best medicine, and give best support for yourself CSIRT would be an example Episode in 2007 Policy framework of cyber security may differ in each country. We should have a culture of cyber security in common globally Sharing knowhow and experience Why not implemented? 9

10 Thank you very much Mail to: 10