Working Towards the 2020 Tokyo Olympics

Similar documents
Cyber Security in Japan (v.2)

The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency

Preventing & Mitigating Potential Threats at Large-Scale Events: A look at past & future plans involving the Olympics & Super Bowl

LONDON 2012: CYBER SECURITY

MAJOR EVENTS COORDINATION UNIT

The UK cyber security strategy: Landscape review. Cross-government

Cybersecurity Strategy in Japan

Cyber Security Strategy

What legal aspects are needed to address specific ICT related issues?

Viewpoint: Implementing Japan s New Cyber Security Strategy*

Promoting a cyber security culture and demand compliance with minimum security standards;

An Overview of Cybersecurity and Cybercrime in Taiwan

New York State Department of Financial Services. Report on Cyber Security in the Insurance Sector

2 Gabi Siboni, 1 Senior Research Fellow and Director,

Cyber security Country Experience: Establishment of Information Security Projects.

The trend of the Cyber Security and the efforts of NEC. December 9 th, 2015 NEC Corporation

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Computer Security Incident Handling Detec6on and Analysis

Cyber Diplomacy A New Component of Foreign Policy 6

Data Analytics & Information Security

Into the cybersecurity breach

Cyber Security Strategy of Georgia

Achieving Global Cyber Security Through Collaboration

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

National Cyber Crime Unit

The final version of the Cyber Security Strategy and Action Plan note the following priorities to be implemented in :

Cyber security trends & strategy for business (digital?)

CYBER SECURITY. Marcin Olender Head of Unit Information Society Department

CERT.AZ description as per RfC 2350

THE CHANGING FACE OF IDENTITY THEFT THE CURRENT AND FUTURE LANDSCAPE

El Camino College Homeland Security Spring 2016 Courses

THE STRATEGIC POLICING REQUIREMENT. July 2012

Protecting critical infrastructure from Cyber-attack

What Data? I m A Trucking Company!

ESTABLISHING A NATIONAL CYBERSECURITY SYSTEM IN THE CONTEXT OF NATIONAL SECURITY AND DEFENCE SECTOR REFORM

Cybersecurity. Are you prepared?

Main Research Gaps in Cyber Security

Testing the Security of your Applications

Microsoft s cybersecurity commitment

Honourable members of the National Parliaments of the EU member states and candidate countries,

How To Write A National Cybersecurity Act

How To Protect Critical Infrastructure

Cybersecurity Protecting Yourself, Your Business, Your Clients

ASEAN s Cooperation on Cybersecurity and against Cybercrime

The Battlefield. critical infrastructure:

Cyber and Mobile Landscape, Challenges, & Best Practices

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

Middle Class Economics: Cybersecurity Updated August 7, 2015

Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response

Contact Points on Government Procurement as of January 1, 2005

Establishing a State Cyber Crimes Unit White Paper

Cybercrime Security Risks and Challenges Facing Business

Cyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

The OSCE Efforts in the Field of Cyber Security and Protecting Critical Energy Infrastructure from Terrorist Attacks

El costo oculto de las aplicaciones Vulnerables. Faustino Sanchez. WW Security Sales Enablement. IBM Canada

Experience the commitment WHITE PAPER. Information Security Continuous Monitoring. Charting the Right Course. cgi.com 2014 CGI GROUP INC.

Combating a new generation of cybercriminal with in-depth security monitoring

Lessons from Defending Cyberspace

A Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014

2. Cyber security research in the Netherlands

Home Security: Russia s Challenges

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response.

Egyptian Best Practices Securing E-Services

integrating cutting-edge security technologies the case for SIEM & PAM

We believe successful global organisations can confront fraud, corruption and abuse PwC Finland Forensic Services

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

RETHINKING CYBER SECURITY Changing the Business Conversation

ITU National Cybersecurity/CIIP Self-Assessment Toolkit. Background Information for National Pilot Tests

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Design Your Security

CONSULTING IMAGE PLACEHOLDER

London 2012 Olympic Safety and Security Strategic Risk. Mitigation Process summary Version 2 (January 2011) Updated to reflect recent developments

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

REPUBLIC OF TURKEY. Ministry of Transport, Maritime Affairs and Communications. National Cyber Security Strategy and Action Plan

Executive Director Centre for Cyber Victim Counselling /

TUSKEGEE CYBER SECURITY PATH FORWARD

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

provisions specified by the Preventive Law, the Cabinet of Ministers of Azerbaijan Republic has adopted the following decisions:

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

International Strategy on Cybersecurity Cooperation

Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary

Transcription:

Working Towards the 2020 Tokyo Olympics - The Current Situation in 2015 Mariko Miya Cyber Defense Institute, Inc. miya@cyberdefense.jp

Agenda 1. Introduction 2. The current situation in Japan 2015 Analytics and general framework New framework & new cybersecurity strategy Government initiatives for Tokyo 2020 TOCOG 3. Next steps in preparing for 2020 Comparing London 2012 and Tokyo 2020 Other aspects that may affect the Games in 2020 and evidence The changing threat landscape 4. Lessons learned Lessons learned from research A recent incident tells us we have to make change 5. Conclusion

1. Introduction

About Cyber Defense Institute Cyber Defense Institute, Inc. Based in Tokyo, Japan 30+ people What we do: incident response, penetration testing, digital forensics, malware analysis, training, cyber exercises, security research, cyber intelligence etc. Main clients: government and private sector (energy, nuclear, gas, financial institutions, telecom, web service providers (from e-commerce to games) etc.)

About me (Mariko Miya) What do I do? Chief Security Analyst I travel, say hello to people, research, report How are we involved in the Tokyo 2020 Games? I ve been doing research on the past Olympics/ Paralympics and other major sports events since 2013 Clients: government agencies and organizations directly involved with Tokyo Games

2. The current situation in Japan 2015

Cyber attacks in Japan According to NICT (National Institute of Information and Communications Technology): In 2013, there were about 12.88 billion alerts In 2014, there were about 25.66 billion alerts related to cyber attacks targeting Japanese government agencies and private companies ü NICT analyzed data collected from 240,000 sensors IPA s report 10 Major Security Threats in 2014 ü http://www.ipa.go.jp/security/english/vuln/10threats2014_en.html Part of the real-,me live traffic collected from the NICTER (Network Incident analysis Center for Tac,cal Emergency Response) project can be seen on the website: hep://www.nicter.jp/

Cyber Security Basic Law and Government in terms of cyber New: Informa,on Security Policy Council Cybersecurity Strategy Headquarters Prime Minister Cabinet Office Cabinet Secretariat Cybersecurity Strategy Headquarters NISC Restructured: Na,onal Informa,on Security Center (NISC) Na,onal center of Incident readiness and Strategy for Cybersecurity (NISC) Cybercrime Na,onal Security Foreign Affairs, Policy Network and Communica,on IT Policy Special Inves,ga,on Task Force for Cyber AEacks Cyber Defense Unit

A new Cyber Strategy (draft)* Will be finalized at the end of June This strategy looks beyond the 2020 Tokyo Games and lays out the direction of basic cyber policy for the next 3 years 5 basic principles: Freedom of information Rules and norms Openness Autonomy Cooperation hep://www.kantei.go.jp/jp/97_abe/ac,ons/201505/25cyber_security.html

Government Initiatives for 2020 National Police Agency (NPA) 2020 Olympic and Paralympic Tokyo Games Preparation Office Tokyo Metropolitan Police Department TMPD s Visions to achieve the World s Safest City Tokyo and Action Plan Ministry of Internal Affairs and Communications 2020 Olympic and Paralympic Tokyo Games etc. Ministry of Internal Affairs and Communications Preparation Headquarters Proposal for Cyber Security Policy Promotion Ministry of Defense Ministry of Defense and Self Defense Force 2020 Tokyo Olympic and Paralympic Games Special Action Committee Ministry of Land, Infrastructure, Transport and Tourism Ministry of Land, Infrastructure, Transport and Tourism 2020 Olympic/Paralympic Tokyo Tokyo Games Preparation Committee

Japan s unique system Japan has a unique system of outsourcing Government(s) and private sector are distantly related http://eaces.liuc.it/18242979200401/182429792004010105.pdf

About TOCOG Tokyo Organizing Committee of the Olympic and Paralympic Games (TOCOG) Launched Jan 24, 2014 Mission: Act as the center bringing together the JOC (Japan Olympic Committee), JPC (Japan Paralympic Committee), the Tokyo Metropolitan Government, other government and business community to ensure the successful delivery of the Tokyo 2020 Games ü Technology Services Department System development and operations ü Security Department, Cyber Attack Response Section in charge of running TOCOG-CSIRT ü General Affairs Department overall risk management

Next steps for TOCOG Coordinating with the Olympic CERT (To be established by Japanese governments) TOCOG CSIRT protecting Games infrastructure Olympic CERT intelligence gathering, analysis, incident response, coordination Enhancing cyber intelligence capabilities Creating an intelligence database & system Cyber exercises and simulation Idea : creating a simulated Olympic network for a hacking contest

TOCOG s Goals Protect not only the Games systems but secure all systems (government, critical infrastructure, companies, etc.) = protecting Japan s reputation Training and securing cybersecurity experts Key is sustainability not only for Tokyo 2020 but to continue training and developing experts, and make needs more wide spread = nurturing cybersecurity experts for the future

3. Next step in preparing for 2020

Comparing and analyzing from past experiences Example: Major differences between London 2012 and Tokyo 2020 1. Communication (network) interception 2. Mobile devices and Wi-Fi traffic 3. Terrorist organizations and cyberspace 4. Impact of cyber attacks on businesses

Major differences between London 2012 and Tokyo 2020-1 1. Communication (network) interception Intelligence agencies and law enforcement implemented communica,on (network) intercep,on according to an,- terrorism laws (intelligence agencies and law enforcement have response capabili,es against poten,al threats) Law enforcement can only implement intercep,on methods according to court order (response capabili,es of law enforcement depend on detec,on, judgment and response capabili,es of targeted organiza,ons)

Major differences between London 2012 and Tokyo 2020-2 2. Mobile devices and Wi-Fi traffic It was the transi,on phase of drama,c increase smartphone and tablet use, so the amount in increase of Wi- Fi traffic was within expecta,ons In addi,on to smartphones and tablet devices, rapid increase in the usage of cloud applica,ons and wearable devices is expected, and it is extremely difficult to es,mate the amount of traffic in 2020

Major differences between London 2012 and Tokyo 2020-3 3. Terrorist organizations and cyberspace Illegal / criminal ac,vi,es using cyberspace was somewhat limited rapid increase in illegal / criminal ac,vi,es using cyberspace is expected (an easily accessible environment is being con,nually being built at an accelera,ng pace)

Major differences between London 2012 and Tokyo 2020-4 4. Impact of cyber attacks on businesses Legacy systems were intermixed, so business impact was limited Fewer legacy systems, and it is likely that there will be dependency on extremely efficient or highly produc,ve systems, so business impact will be extremely high

What do we need to watch out for in 2020? Terrorism Insider threats Cyber incidents that may be triggered by geopoli,cal / historical / poli,cal issues Olympic Sponsors as target Public Wi- Fi Natural disaster

Case examples - 1 Terrorism ISIL supporters defaced several Japanese websites in March 2015 Cyber incidents that may be triggered by geographical / historical / political issues

Case example 2 Olympic sponsors as target Example 1 London 2012 Atos was targeted as part of physical protest Example 2 Sochi 2014 Anonymous Caucasus targeted Sochi Games related websites sochi-airport.com, Sberbank also targeted, websites service failure occurred several times Example 3 FIFA World Cup Brazil Anonymous - list of attack targets in #OpHackingCup FIFA Partner (Adidas, CocaCola, Hyundai, KIA, Emirates Airlines) FIFA Sponsors (Budweiser, Castrol, Johnson&Johnson, McDonalds etc.) National supporters (FIFA.com, Apex-Brasil, Centauro, Garoto) etc.

Case examples 3 Natural Disaster Example: targeted email attack taking advantage of people s interests right after the 3.11 East Japan Earthquake and Fukushima No.1 Nuclear Power Plant accident Subject: March 30 th Condi,on of Radia,on Body: <blank> AEached file: March 30 th Condi,on of Radia,on.doc

Changing threat actors Nation States Patriot Hackers Individuals or Groups Hybrid Conflict Hybrid Conflict (Trans)national Terrorism Prolifera)on/ Money Laundry Slide by Mr.Wolfgang Roehrig, European Defense Agency

4. Lessons learned

Past Present Future Collaboration and Information Sharing 2008 Beijing (Summer) Games 2010 Vancouver (Winter) Games 2012 London (Summer) Games 2014 FIFA World Cup Brazil 2014 Sochi (Winter) Games 2015 Summer - the First European Games in Baku, Azerbaijan (June 12-28!) 2015 Summer - Pan Am & Parapan Am Games in Toronto, Canada (Pan Am: July 10-26, Parapan Am: August 7-15!) 2016 Rio (Summer) Games 2018 FIFA World Cup Russia 2018 Pyeongchang (Winter) Games

Lessons learned and some ideas we got from our research Clearance and stress test for Gmes staff (i.e. BT during London Olympics) New methods for Accreditation Collaboration for cyber preparedness and response (i.e. cyber exercises with other well experienced organizations like experts from Cyber-EXE Poland exercises) Enhance collaboration for information sharing and strengthen analysis capabilities for every day intelligence collection

An example of a learned lesson: Don t use barcodes for Accreditation! hep://mariskarichters.com/the- olympic- spirit- project/ hep://www.bradleyherald.org/2014/02/21/icheers- from- olympic- sochi/ hep://www.geeyimages.co.jp/detail/%e3%83%8b%e3%83%a5%e3%83%bc %E3%82%B9%E5%86%99%E7%9C%9F/mens- figure- skater- yuzuru- hanyu- of- japan- shows- his- %E3%83%8B%E3%83%A5%E3%83%BC%E3%82%B9%E5%86%99%E7%9C%9F/466739191 Be#er op(ons: Use smart chips instead Link with passport

A recent incident Japan Pension Service (JPS) data breach 1.25 million files containing personal information was leaked 1.17 million items included 10 digit ID numbers in National Pension Plan and Employee s Pension Plan, names, birthdate 52,000 items included 10 digit ID numbers, names, birthdate, address 31,000 included ID numbers, names Method : targeted email attack There s wonderful services, technology, products in the world, and no matter how much technology advances, there s no point if it s not operational for the users = user level cybersecurity = raising the level for EVERYONE hep://www.yomiuri.co.jp/science/feature/co016592/20150609- OYT8T50011.html

5. Conclusion

Conclusion More deep Cooperation and Collaboration Cyber security for EVERYONE (we re all connected!) We can work together to secure not only Tokyo 2020 but make a step towards Improving the Future

Mariko Miya miya@cyberdefense.jp Thank you!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information