cyber security in japan (v.2) - 国際公共政策 ... · pdf filekeep analysis and law...
TRANSCRIPT
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
Cyber Security in Japan (v.2)
Ryusuke Masuoka ([email protected]) and Tsutomu Ishino ([email protected])
Cyber Security Policy Research TeamCenter for International Public Policy Studies (CIPPS)
December 2012
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
Outline
• Japanese Government’s Approach• Situation in Japan• NISC and Four Key Agencies• Cyber Incidents• Cybercrime Trends in Japan• References
1
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
JAPANESE GOVERNMENT’S APPROACH
2
Cross-sectional Framework Lead by Cabinet Secretariat
Chairman: Chief Cabinet SecretaryDeputy Chairman:
Minister of State for Science and Technology Policy
Members: National Public Safety Commission ChairmanMinister of Internal AffairsMinister of Economy, Trade and IndustryMinister of Defense
Members from the private-sector (6)
Governmental Agencies
Director: Assistant Chief Cabinet Secretary (Risk & Security)
Deputy Director: Councillor, Cabinet Secretariat (2)
Cabinet Counsellors (6)Advisors on Information Security (3)
Director-General: Prime MinisterVice Director-Generals:
Minister of State for Science and Technology Policy Chief Cabinet SecretaryMinister of Internal AffairsMinister of Economy, Trade and Industry
Members:All other Ministers of State and Experts (10)
Information Security Policy Council
Chief : Assistant Chief CabinetSecretary (Domestic affairs)
Secretariat
Ministers from four key agencies
Secretariat
IT Strategic Headquarters
Critical Infrastructures
Agencies in charge of critical infrastructures• Financial Services Agency: Financial Institutes• Minister of Internal Affairs: Municipals, Communication• Ministry of Health, Labour and Welfare: Hospitals, Water• Minister of Economy, Trade and Industry:
Electric Power, Gas• Ministry of Land, Infrastructure, Transport and Tourism:
Railways, Airlines, Distribution
Other agencies• Ministry of Education, Culture, Sports, Science and
Technology: Cyber Security Education
Special Committee on
Critical Infrastructures
Special Committee on Technological
Strategy
CISO Conference
Special Committee on Edification and
Education
Approach by Japanese Government
National Information Security Center (NISC)
Cabinet Secretariat IT Dep’t
Four Key Agencies
Ministry of Economy, Trade and Industry
Ministry of Internal Affairs and Communications
Ministry of Defense
National Police Agency
IndividualsBusinesses
3
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
NISC and Four Key Agencies
• National Information Security Center (NISC)– Coordinating government efforts
• National Police Agency (NPA) – Fighting Cybercrimes
• Ministry of Internal Affairs and Communications (MIC)– Communication and Network Policies
• Ministry of Economy, Trade and Industry (METI)– IT Policies
• Ministry of Defense (MOD)– National Security
4
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
SITUATION IN JAPAN
5
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
Situation in Japan
• Wake up call – Mitsubishi Heavy Industries (MHI), Sep. 2011– Cyber security particularly hot after a cyber attack on MHI revealed– Anonymous hits Japan – July 2012 (Sony in 2011)– Stuxnet raised awareness for cyber attacks on critical infrastructures– Many relevant books published
• “Information Security 2012” – July 2012http://www.nisc.go.jp/eng/pdf/is2012 eng.pdf
1. Strengthening Measures for Sophisticated Threats to Companies and Organizations Handling Important National Information on Security
2. Maintaining a Safe and Secure User Environment for Addressing the Emerging Risks Associated with the Proliferation of New Information and Communications Technology Including the Full-Fledged Widespread Use of Smart Phones
3. Reinforcement of International Alliances
- Started bearing fruit, but still a long way to go
6
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
Situation in Japan
• Progresses– Laws are being updated– Cybercrime Convention into force – 1 Nov. 2012– MOD stands up to meet the challenges beyond its IT
infrastructure – Control System Security Center (CSSC) – Mar. 2012
• Setbacks– PC Hijack Case– Concern of too many pilots
- Progresses and Setbacks
7
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
NISC AND FOUR KEY AGENCIES
8
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
National Information Security Center (NISC)
• “Information Security 2012” – July 2012http://www.nisc.go.jp/eng/pdf/is2012 eng.pdf
1. Strengthening Measures for Sophisticated Threats to Companies and Organizations Handling Important National Information on Security
2. Maintaining a Safe and Secure User Environment for Addressing the Emerging Risks Associated with the Proliferation of New Information and Communications Technology Including the Full-Fledged Widespread Use of Smart Phones
3. Reinforcement of International Alliances
• FY2013 – 31.5B JPY Planned (Japanese Government Total)
- Coordinating government efforts
9
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
National Police Agency (NPA) – Fighting Cybercrimes
• Cyber-Security Activities1. “Cyber Force Center” (Reorganized 140 IT Staffs of NPA)2. Information sharing with CCI-Designated Companies 3. “Council to Prevent Unauthorized Communications to Counter
Cyber-Intelligence” (with 4,800 companies all over Japan)
• FY 2013 – 2.4B JPY Planned 1. Improve response capability against cybercrimes2. Improve response capability against cyber attacks to state
secrets and critical infrastructures3. Extend international collaboration4. Keep analysis and law enforcement capabilities up to date with
changing IT technologies and lawsCCI: Counter Cyber Intelligence
10
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
Ministry of Internal Affairs and Communications (MIC)
• Cyber Security Activities– Cyber Attack Analysis Council, jointly with METI
• IPA, JPCERT/CC, NICT, Telecom-ISAC Japan– Smart Phone Information Security
• FY2013 – 3.66B JPY Planned – Comprehensive security environment ready for
new types of cyber attacks – 2.62B JPY
- Communication and Network Policies
IPA: Information-technology Promotion Agency, JapanJPCERT/CC: Japan Computer Emergency Response Team Coordination CenterMETI: Ministry of Economy, Trade and IndustryNICT: National institution of information and communications technologyTelecom-ISAC Japan: Telecom Information Sharing and Analysis Center Japan
11
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
Ministry of Economy, Trade and Industry (METI)
• Cyber Security Activities– Initiative for Cyber Security Information sharing Partnership Japan (J-CSIP)
• Information sharing of cyber attacks– Cyber Attack Analysis Council, jointly with MIC
• IPA, JPCERT/CC, NICT, Telecom-ISAC Japan– Building a pool of advanced information security experts
• National security competitions, etc.– Securing control systems
• Cyber security exercises, etc.– Control System Security Center (CSSC) – Mar. 2012
– Established in Tokyo and Tsunami-affected area (Miyagi Reconstruction Park)
• FY 2013 - 2.15B JPY Planned – Information security promotion projects – 1.6B JPY– Hubs for security verification and education
• Control systems test beds at CSSC - 0.55B JPY
- IT Policies
IPA: Information-technology Promotion Agency, JapanJPCERT/CC: Japan Computer Emergency Response Team
Coordination CenterMIC: Ministry of Internal Affairs and CommunicationsNICT: National institution of information and communications
technologyTelecom-ISAC Japan: Telecom Information Sharing and
Analysis Center Japan
12
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
Ministry of Defense (MOD) – National Security
• Cyber Security Activities – 6 core approaches1. Improve information and telecommunication systems security2. Reinforce protection systems3. Prepare rules and regulations4. Develop Human resources5. Promote information sharing6. R&D of latest technologies
• FY 2013 – 21.2B JPY Planned – “Cyberspace Guard” (tentative name)
• ~100 members, 10B JPY– MOD Cyber Range – 1.59B JPY– Add network monitoring equipment – Training through Japan-U.S. joint exercises
13
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
CYBER INCIDENTS
14
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
Case: Advanced Persistent Threat (APT)
Attacker
Spear Phishing
Confidential Info Obtained
(1) Initial Penetration
(3) System Survey
(4) Final Attack Execution
(0) Preliminary Investigation
Based on a Fujitsu slide, Modified by CIPPS
(2) Building AttackInfrastructure
15
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
Case: PC Hijack 2012
Culprit
(1)
Uploads software with virus to Dropbox
BB: Bulletin BoardC&C: Command and ControlTOR: The Onion Router
This figure based on http://d.hatena.ne.jp/
Kango/20121008/1349660951
Livedoor Shitaraba BB(Used as C&C)
Timer.zip(BKDR_SYSIE.A)
2 Channel
Dropbox
(2) • Siberia PO – 405th [Repost Request]Siberia Super Fast BB
• “Is there software like …?” – Part. 149• How about this? http://...
Software BB
Post to “2 Channel” with link to Dropbox file
Unsuspectingproxy to repost
TOR?
TOR
Reads the post and downloads software
Executes software and gets infected
Reads commands regularly
Writes commands
TOR
Writes “Post is done” when successful
JAL (Customer Service)
Osaka City (Suggestion Box)
(7)
(9)
(8) 8/1
(8) 7/29
(10)(11)
Arrests him based on IP Address
(5)
(4)
(3)
(3)
Consults with police
Announces crime plans
(6)
Proxy
Suspect
16
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
CYBERCRIME TRENDS IN JAPAN
17
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
Cybercrime Offenses Cleared
3,918 4,334 3,961
5,199 5,388
113 247
195
133 105
1,442
1,740 2,534
1,601 248
0
1,000
2,000
3,000
4,000
5,000
6,000
7,000
8,000
2007 2008 2009 2010 2011
Unauthorized Access Violations
Crimes Targeting Computers /Electronic Records
Networking Crimes
Source: NPA
18
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
Networking Crimes Cleared in 2011 - DetailsUnauthorized Access
Violations4%
Crimes Targeting Computers /
Electronic Records2%
Frauds16%
Child Pornography Offenses
15%
Distribution of Obscene Materials
12%
Violations of Dating Site Regulation Act
8%
Child Prostitution Offenses
8%
Violations of Youth Protection Laws
8%
Copyright Infringements
7%
Violations of Trademark Law
4%
Others16%
Networking Crimes
Source: NPA
19
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
Cybercrime Counseling
32,824 37,794 40,315
31,333 32,892
4,645
6,038 6,538
9,836 11,667
8,871
11,516 11,557
10,212 10,549
12,707
8,990 7,859
6,905 5,905
3,005
4,522 4,183
3,668 4,619 3,497
4,039 3,785
3,847 3,382
7,644
9,095 9,502
10,009
11,259 73,193
81,994 83,739
75,810
80,273
0
10,000
20,000
30,000
40,000
50,000
60,000
70,000
80,000
90,000
2007 2008 2009 2010 2011
OthersIllegal / Harmful InformationUnauthorized Accesses / Computer VirusesAuctioningDefamation / LibelsSpamsFrauds / Fraudulent Businesses
Source: NPA
20
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
Calls to Internet Hotline Center (IHC)
91,769
143,280 140,391
189,388 182,757
8,310 8,221
20,659 22,964 23,846
2007 2008 2009 2010 2011
Calls
Forwarded to Police
12,818 14,211
27,751
35,016 36,573
3,600 6,122
6,217
9,667 4,827
16,418
20,333
33,968
44,683 41,400
2007 2008 2009 2010 2011
Harmful InformationIllegal Information
Calls about Illegal/Harmful Information
Source: NPA
21
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
REFERENCES
22
Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.
References
• Documents– Information Security 2012, http://www.nisc.go.jp/eng/pdf/is2012 eng.pdf– Japanese Government's Efforts to Address Information Security Issues (November 2007),
http://www.nisc.go.jp/eng/pdf/overview eng.pdf– The White Paper on Police 2011 [Digest Edition] – Cyber Security in Special Feature II
http://www.npa.go.jp/hakusyo/h23/english/Contents WHITE PAPER on POLICE2011.htm– Police of Japan 2012 – Section 7 of “Community Safety” on Cybercrime
http://www.npa.go.jp/english/kokusai/2012contents.htm
• Organizations– CIPPS: Center for International Public Policy Studies
http://cipps.org/english/– IPA: Information-technology Promotion Agency, Japan
http://www.ipa.go.jp/index-e.html– JPCERT/CC: Japan Computer Emergency Response Team Coordination Center
http://www.jpcert.or.jp/english/– NICT: National institution of information and communications technology
http://www.nict.go.jp/en/– NISC: National Information Security Center
http://www.nisc.go.jp/eng/– Telecom-ISAC Japan: Telecom Information Sharing and Analysis Center Japan
https://www.telecom-isac.jp/english/
23