Download - Keep in touch for cyber peace_20150212

“KEEP IN TOUCH” for CYBER PEACE

OSIPP Guest Lecturer/ Special Appointed Reseacher !Kunihiro [email protected]

cybersecurity norms, confidence building measures, and capacity building

mailto:[email protected]

Outline:

Today’s keyword is “Confidence building”. Confidence Building Measures(CBM) is the word from Cold War Age. It is like a HOT LINE after Cuba Crisis between Soviet Union and U.S.A. It took a 6 hours to talk with Soviet’s chief secretary Khrushchev for President Kennedy through the diplomatic protocol then. It’s a risk of miscommunication. We have to keep in touch with enemy or not, because of keeping peace. It’s a simple solution.

1. Communication Channel is very important(Human connection, Telecommunication infrastructure, Mass Media with good journalism, e.t.c.) 2. Soft law and power is not so weak. Weak tie provide available approach against emergency. Make the trust and relationship one upon another. It will be great wall.(ex. UN GGE) 3. Technology is always dual-use. Good for fun, but for genocide. Capacity/Capability raise our standard of IT literacy. It’s a quiet method, but effective.

Profile Kunihiro Maeda

4

CEO of Unique ID Inc., and Quantum ID Inc. Specially Appointed Researcher of Osaka School of International Public Policy at Osaka University, Visiting Fellow of Tokyo University, Part-time lecturer of Tamagawa University. Part-time lecturer of Graduate School of Arts and Design at Onomichi University.

I made SNS with my friend in 1996. It was called "Human Web". Maybe it was First SNS in Japan. In 1998, They tried to make another version “Small World Connection” as work of art. We sent their works to multi-media competition “Ars Electronica” in Australia. And They entered it Digital Be-in in USA. We went to San Francisco for presentation. Our work won the praise of early adapter, just as art. In 2001, We tried to make commercial web site “Kanshin Kukan(Interest Community)”. Our work won the praise of early adapter in Japan. We got “Good Design award” in 2001 and he got Web Creation Award in 2006 as a pioneer of Japanese CGM(Consumer Generated Media=Social Media).

Now I’m is interested in ICT for peace, Humanitarian Technology(Critical Infrastructure, Drone, not only web technology), Cyber Warfare, Cyber Intelligence and Collective Intelligence for Human Security.

Do you know about “Seoul Framework”

5

The ‘Seoul Framework’ offers guidelines for governments and international organizations on coping with cybercrime and cyberwar. It highlights the importance of boosting internet access, particularly for developing countries, for education, development and to ensure freedom of information and expression.

The annual conference on cyberspace aims to establish international cyber-norms and guidelines. The Seoul conference followed previous gatherings in London and Budapest. It will likely become a bi-annual event, with the next conference set for the Netherlands in 2015.

http://www.undp.org/content/seoul_policy_center/en/home/presscenter/articles/2013/10/18/-seoul-framework-could-make-cyberspace-safer-more-accessible-.html


Seoul Conference on Cyberspace 2013 - Panel Discussion 5 International Security

6

Seoul Conference on Cyberspace 2013 - Panel Discussion 5 International Security October 18(Fri.) 10:50-12:20 Auditorium, Coex, Seoul!

http://www.undp.org/content/seoul_policy_center/en/home/presscenter/articles/2013/10/18/-seoul-framework-could-make-cyberspace-safer-more-accessible-.htmlhttp://www.undp.org/content/seoul_policy_center/en/home/presscenter/articles/2013/10/18/-seoul-framework-could-make-cyberspace-safer-more-accessible-.html

https://www.youtube.com/watch?v=8HWxPPwtuWg


https://www.youtube.com/watch?v=8HWxPPwtuWg

Five Principles for Shaping Cybersecurity Norms

Harmonization of Laws and Standards: Given the global and ubiquitous nature of the Internet, developing global cybersecurity laws and standards will promote understanding, predictability, and enables collaboration on problem solving among countries.!

・Risk Reduction Cybersecurity stakeholders should work to improve the security of the Internet through collective responses to threats by sharing information about threats and vulnerabilities, and by engaging in the active prevention of cybercrime. !

・Transparency Governments can help to build trust and increase predictability and stability in cyberspace by practicing greater transparency in their cybersecurity practices. Microsoft supports greater government transparency, and recently released another paper promoting the development of a national cybersecurity strategy to articulate priorities, principles, and approaches for managing national level risks in cyberspace.!

・Collaboration!As governments construct cybersecurity practices to address security concerns at the international level, they can seek input from a variety of stakeholders, including the private sector, civil society, and academia.!

・Proportionality!The issue of proportionality is challenging, because it not yet clear how proportionality in cyberspace will be interpreted. However, nations should begin to develop interpretations of proportionality in cyberspace under customary international law.

7http://download.microsoft.com/download/B/F/0/BF05DA49-7127-4C05-BFE8-0063DAB88F72/Five_Principles_Norms.pdf

http://download.microsoft.com/download/B/F/0/BF05DA49-7127-4C05-BFE8-0063DAB88F72/Five_Principles_Norms.pdf

Accusation? not only for Freedom of expression. U.S. Gov

let them know to keep their easy hacks in check

N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say

8

WASHINGTON — The trail that led American officials to blame North Korea for the destructive cyberattack on Sony Pictures Entertainment in November winds back to 2010, when the National Security Agency scrambled to break into the computer systems of a country considered one of the most impenetrable targets on earth. Spurred by growing concern about North Korea’s maturing capabilities, the American spy agency drilled into the Chinese networks that connect North Korea to the outside world, picked through connections in Malaysia favored by North Korean hackers and penetrated directly into the North with the help of South Korea and other American allies, according to former United States and foreign officials, computer experts later briefed on the operations and a newly disclosed N.S.A. document.

A classified security agency program expanded into an ambitious effort, officials said, to place malware that could track the internal workings of many of the computers and networks used by the North’s hackers, a force that South Korea’s military recently said numbers roughly 6,000 people. Most are commanded by the country’s main intelligence service, called the Reconnaissance General Bureau, and Bureau 121, its secretive hacking unit, with a large outpost in China. …http://www.nytimes.com/2015/01/19/world/asia/nsa-tapped-into-north-korean-networks-before-sony-attack-officials-say.html?_r=0

“We don’t have a better plan – you’re

going to have to stick it up your ass.”

http://www.nytimes.com/2015/01/19/world/asia/nsa-tapped-into-north-korean-networks-before-sony-attack-officials-say.html?_r=0

This a light caution? from U.S. to China

9

The risk of “confidentiality"

10

The risk of “confidentiality"

11http://www.forbes.com/sites/scottasnyder/2015/01/08/south-koreas-other-hacking-incident-and-the-need-for-greater-cooperation-in-northeast-asia/print/

http://www.forbes.com/sites/scottasnyder/2015/01/08/south-koreas-other-hacking-incident-and-the-need-for-greater-cooperation-in-northeast-asia/print/

U.S. cyber strategy for national interest

12http://www.wsj.com/articles/white-house-to-create-new-division-to-streamline-cyberthreat-intelligence-1423572846

http://www.wsj.com/articles/white-house-to-create-new-division-to-streamline-cyberthreat-intelligence-1423572846

Xinhua Insight: Conference urges int'l action against

cyber-terrorism@World Internet Conference 2014

13

WUZHEN, Zhejiang, Nov. 21 (Xinhua) -- That the international community must cooperate to fight online terrorism and maintain peace and stability, is consensus of the World Internet Conference that closed on Friday.

China has been a major victim of terrorism in recent years, said Gu Jianguo, head of the cyber security and protection bureau under the Ministry of Public Security. The Internet is an important tool for groups to plan and organize acts of terror and incite followers.

The East Turkestan Islamic Movement (ETIM) has claimed responsibility for a series of incidents featuring knife attacks in Kunming, a bombing in Urumqi and a car plowing through a crowd in Beijing and threatened to continue their campaign in an online video clip.Since 2010, ETIM has released almost 300 videos inciting people to participate in their terror campaign. The videos show bomb-making techniques and spread religious extremism.

"Terrorists have their own websites and propaganda platforms on other major portals. They take advantage of social network sites to promote terrorism,"said Gu, claiming it is easy access to terrorist videos and learn how to make bombs on video sharing websites.

Such freewheeling activities have severely undermined world peace and stability and damaged lives and property, said Gu. "The Internet gives them a global presence that they did not have before," said James Andrew Lewis, a senior fellow at the Center for Strategic and International Studies based in the United States. "First of all they use it for propaganda to disseminate Jihad ideology. Besides that they share information and technology that allow them to make bombs, to recruit people in the west and in Xinjiang," said Michael Barak of Israel's international institute for counter-terrorism. "They are very active on social media and every terror organization has their own media outlet and twitter accounts. Jihad magazines are in English," he said. Barak believes terrorist even use online payment systems similar to bitcoin to raise money. No country can manage the threat of cyber-terrorism alone, but at present, there is no international legal framework to deal with cyber-terrorism, said Cheng Lin, president of the People's Public Security University of China.

"Worse yet, there is neither an effective coordination mechanism nor a top-level design bringing together different countries,"said Cheng. "International cooperation is very important: monitoring all the websites, everything they run, and recruitment analysis," said Barak.

Gu suggested the international community reach a consensus on the definition of cyber-terrorism, which he said should include all kinds of online activities promoting and inciting terrorism.

"The answer is that maybe not to focus on the symptoms but on the disease, propaganda and fund-raising are the symptoms, the disease is terrorism, that's where we need to cooperate," said Lewis.

Gu revealed that there has been a sharp decline of criminal prosecutions for materials promoting terrorism since the beginning of the year when China tightened up scrutiny and penalties.

"Those who produce and disseminate terrorist materials are based outside China, so we need international cooperation to address the 'cancer' of the Internet," said Gu.

http://www.xinhuanet.com/english/special/wicwuzhen2014/






"Worse yet, there is neither an effective coordination mechanism nor a top-level design bringing together diffective coordination mechanism nor a top-level design bringing together diff fferent countries,"said Cheng. fferent countries,"said Cheng. ff"International cooperation is very important: monitoring all the websites, everything they run, and recruitment analysis," said Barak.






Xinhua Insight: Conference urges int'l action against

cyber-terrorism@World Internet Conference 2014

14






"Worse yet, there is neither an effective coordination mechanism nor a top-level design bringing together different countries,"said Cheng. "International cooperation is very important: monitoring all the websites, everything they run, and recruitment analysis," said Barak.







IoT(Internet of things) Hacking is serious issue

15

Not in front of the telly: Warning over 'listening' TV: (Business Intelligence in IoT age)

16

Samsung is warning customers about discussing personal information in front of their smart television set. The warning applies to TV viewers who control their Samsung Smart TV using its voice activation feature. When the feature is active, such TV sets "listen" to what is said and may share what they hear with Samsung or third parties, it said. Privacy campaigners said the technology smacked of the telescreens, in George Orwell's 1984, which spied on citizens.

Data sharing The warning came to light via a story in online news magazine the Daily Beast which published an excerpt of a section of Samsung's privacy policy for its net-connected Smart TV sets. These record what is said when a button on a remote control is pressed.

The policy explains that the TV set will be listening to people in the same room to try to spot when commands or queries are issued via the remote. It goes on to say: "If your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party."

Corynne McSherry, an intellectual property lawyer for the Electronic Frontier Foundation (EFF) which campaigns on digital rights issues, told the Daily Beast that the third party was probably the company providing speech-to-text conversion for Samsung. She added: "If I were the customer, I might like to know who that third party was, and I'd definitely like to know whether my words were being transmitted in a secure form."

Soon after, an activist for the EFF circulated the policy statement on Twitter comparing it to George Orwell's description of the telescreens in his novel 1984 that listen to what people say in their homes.

In response to the widespread sharing of its policy statement, Samsung has issued a statement to clarify how voice activation works. It emphasised that the voice recognition feature is activated using the TV's remote control.

It said the privacy policy was an attempt to be transparent with owners in order to help them make informed choices about whether to use some features on its Smart TV sets, adding that it took consumer privacy "very seriously". Samsung said: "If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search. At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV."

It added that it did not retain voice data or sell the audio being captured. Smart-TV owners would always know if voice activation was turned on because a microphone icon would be visible on the screen, it said.

The third party handling the translation from speech to text is a firm called Nuance, which specialises in voice recognition, Samsung has confirmed to the BBC. Samsung is not the first maker of a smart, net-connected TV to run into problems with the data the set collects. In late 2013, a UK IT consultant found his LG TV was gathering information about his viewing habits. Publicity about the issue led LG to create a software update which ensured data collection was turned off for those who did not want to share information.

http://www.bbc.com/news/technology-31296188

http://www.bbc.com/news/technology-31296188

World Economic Forum : The Global Risks Landscape 2015

（What is the impact and likelihood of global risks?）

17

Survey respondents were asked to assess the likelihood and impact of the individual risks on a scale of 1 to 7, 1 representing a risk that is not likely to happen or have impact, and 7 a risk very likely to occur and with massive and devastating impacts. !!http://reports.weforum.org/global-risks-2015/appendix-b-the-global-risks-perception-survey-2014-and-methodology/

http://reports.weforum.org/global-risks-2015/appendix-b-the-global-risks-perception-survey-2014-and-methodology/

Internet Mapping(Attack) by AKAMAI

18

19

Internet Mapping(Traffic) by AKAMAI

Seoul Conference on Cyberspace 2013 - Plenary Session 3

20https://www.youtube.com/watch?v=Wb7ON1njlwA

1. Development of international rules for cyberspace 2. Confidence building measures in cyberspace 3. Cybersecurity capacity building

https://www.youtube.com/watch?v=Wb7ON1njlwA

Conventional regulatory framework(at ITU)

21http://www.slideshare.net/izumia/internet-governance-and-development-140305

Conventional regulatory framework (at ITU)

!! Governments to regulate; business and technologist participate and form international organization (ITU)��

!! Civil Society/individual users have no role !! Inter-national, but not Global�

Governments Int’l Orgs

Technologist

Industry Civil Society

http://www.slideshare.net/izumia/internet-governance-and-development-140305

Internet governance old model：private sector self management


Internet governance old modelprivate sector self management IETF, ICANN, W3C, Unicode Consortium)

!! Self-management led by technologists !! Engineers, pioneers form “private club” to manage!! Looks global, but lacks legal and political legitimacy!! Not scalable, little civil society involvement

Int’l Orgs

Governments

Technologists New industry

Traditional industry

Civil Society

Self- management


New Model: Multi-stakeholder governance


New Model: Multi-stakeholder governance�

!! Net governance cannot exclude users�!! Not “consumers” or “mass”, but Netizens who have power�

!! All stakeholders to get involved with proper balance�!! Minimize government involvement, support participation from

civil society and developing countries�

Government

Civil Society (Netizens)

Technologists Industry

Multi-stakeholder Governance

Int’l Orgs


JAPANESE APPROACH: PRACTICE (Proactive Response Against Cyber-attacks Through International Collaborative Exchange)

24

JAPANESE APPROACH: PRACTICE (Proactive Response Against Cyber-attacks Through International Collaborative Exchange)

25

- The project has been implemented since the fiscal year 2011 with the aim of countering and reducing the risks of cyber attacks (distributed denial of service attacks, malware infection activities, etc.) which produce growing damages in recent years. - We will internationally build a network to gather information related to cyber attacks and malware, etc. through cooperation with Internet service providers and universities in Japan and other countries, and collaborate with other countries to conduct research, development, and field trial for technology that makes it possible to predict the occurrence of cyber attacks and quickly respond to them. - We will utilize international conferences (bilateral and multilateral) and call upon organizations (Internet service providers, universities, etc.) of various countries to collaborate in sharing information such as cyber attack monitoring data and analysis results and in conducting research and development.

http://www.nisc.go.jp/active/kihon/pdf/InternationalStrategyonCybersecurityCooperation_e.pdf


JAPANESE APPROACH: TSUBAME (International network traffic monitoring project) www.nisc.go.jp/eng/

26

http://www.nisc.go.jp/eng/

JAPANESE APPROACH: TSUBAME (International network traffic monitoring project) www.nisc.go.jp/eng/

27

- TSUBAME is a project for monitoring and visualizing Internet traffic, and has been implemented since 2007. The project was developed under the framework of the Asia Pacific Computer Emergency Response Team (APCERT), which is a community of Computer Security Incident Response Teams (CSIRT*) in the Asia Pacific region. The project was initiated and is led by JPCERT/CC.!

- This project installs monitoring sensors in the national CSIRTs of the Asia Pacific region(as of September 2013, sensors have been installed in 23 teams in 20 economic regions), and visualizes the monitoring results in the region. The project is aimed at strengthening collaboration among CSIRTs (cooperation in responding to cross-border security incidents, and sharing threat information and analysis capabilities) through the process of gathering and visualizing malicious Internet activities detected by each sensor, sharing this information among all members, and responding to them together.


http://www.nisc.go.jp/eng/


Thank you! Keep in touch for

our good relationship

[email protected]

mailto:[email protected]

Download - Keep in touch for cyber peace_20150212

Top Related