protecting our infrastructure: utilizing everything we have. suguru yamaguchi advisor on information...
TRANSCRIPT
![Page 1: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/1.jpg)
Protecting Our Infrastructure: utilizing Protecting Our Infrastructure: utilizing everything we have.everything we have.
Suguru YamaguchiAdvisor on Information Security,
Cabinet Secretariat, Government of Japan
![Page 2: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/2.jpg)
Large-scale Accident in Critical InfrastructureLarge-scale Accident in Critical Infrastructure Typical Examples
– Mizuho Bank ( 2002.4.1)– FDP at Tokyo ATC (2003.3.1)
Hard for Gov. to know what’s going on.→ first response is always in their hand.
Troubles/Accidents at Dependable infrastructure make huge impacts on our life.
Prevention Response: minimize impact and
involved areas Learn from accidents: analysis a
nd expertise
(読売新聞:2002年4月3日報道写真)
![Page 3: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/3.jpg)
Analysis on Inter-dependency among Critical Infrastructure
By JST RISTEX MissionProgram II
Area with Large impact
0 hr. 1 hr. 12 hr. 24 hr.
Simulation on spreading impact on social systems in the case of critical accidents on core system of large scale bank in Japan
(simulation)
![Page 4: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/4.jpg)
Internet = Critical InfrastructureInternet = Critical Infrastructure
Internet is critical infrastructure– Various kinds of our activities are now on the Internet.
• Online banking / reservations / shopping and commerce / money transfer / ….
– We can’t imagine our life without the Internet.
“Dependable” infrastructure– What and how we can make this?– Need research
![Page 5: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/5.jpg)
Internet: Global and Ubiquitous Infrastructure for Communication
Communication Technology
Wireless
Satellite
ATMOptical FiberCopper CableWDM/SDH
ISDN
Internet Technology
CATVCable Modem
Society
TCP/IP TCP/IP
![Page 6: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/6.jpg)
Internet for EverythingInternet for Everything
Always connected with global address New services with various kind of devices
![Page 7: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/7.jpg)
Targets and Schedule of CEIISTargets and Schedule of CEIIS
Critical Infrastructure Companies Individuals
◎Establish Ground-Design of Japanese Information Security Policy◎Implement Effective Measures and Policy
•To be reliable for private sectors as their counter-party•To be reliable in global arena•Implement balanced investment toward technologies•Keep transparency
•Maintain function as highly reliable infrastructure•Keep verifiable design of function and business continuity•Promote coordination and mutual assistance
•Support security-culture as major stakeholders•Reach consensus in management and circulation methods of privacy information
The First proposalThe First proposal(Oct/04)(Oct/04)
The Second Proposal(Mar/05)
The Third Proposal(July/05)
(1)Implementation Structure of Overall Information Security Policy
(2)Measures for Government itself
![Page 8: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/8.jpg)
Recommendations #1 (as of Nov. 2004)Recommendations #1 (as of Nov. 2004) “Information Security Policy Committee” (tentative name)
– Under IT Strategy Headquarter
– By FY2006
– Set mid / long term strategy
– Recommendations
– Evaluations
“National Information Security Center” (tentative name)– Operational guidelines for government systems
– Audit and inspections
– Response for IT incidents on government systems
– Repository of “expertise”
![Page 9: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/9.jpg)
E-government in 2005 (JP)E-government in 2005 (JP)
Comm.Comm. BizBizEdu.Edu. TransportTransport National
ResourceNationalResource
BroadcastBroadcast
The InternetThe Internet
Various kind of digital communication infrastructureVarious kind of digital communication infrastructure
![Page 10: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/10.jpg)
http://www.e-gov.go.jp/http://www.e-gov.go.jp/
E-gov portal site– One stop service– Single window servic
e– “online”
![Page 11: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/11.jpg)
Targets and Schedule of CEIISTargets and Schedule of CEIIS
Critical Infrastructure Companies Individuals
◎Establish Ground-Design of Japanese Information Security Policy◎Implement Effective Measures and Policy
•To be reliable for private sectors as their counter-party•To be reliable in global arena•Implement balanced investment toward technologies•Keep transparency
•Maintain function as highly reliable infrastructure•Keep verifiable design of function and business continuity•Promote coordination and mutual assistance
•Support security-culture as major stakeholders•Reach consensus in management and circulation methods of privacy information
The First proposalThe First proposal(Oct/04)(Oct/04)
The Second Proposal(Mar/05)
The Third Proposal(July/05)
![Page 12: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/12.jpg)
Catalyst: each ministries
Sectors and RolesSectors and Roles
GovernmentGovernment
Local GovernmentLocal Government
Critical infrastructureCritical infrastructure
CompaniesCompanies
IndividualsIndividuals
GovernmentGovernment
“Culture of Security”Top down approach from Gov.,Bottom up from private sectors
![Page 13: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/13.jpg)
Top down & bottom upTop down & bottom up Top down approach from Government
– Standards and guidelines for procurement / installation / operation and responses
– Critical Infrastructure Protection (CIP)– Minimum requirements on systems / networks– regulations
Bottom up approach from Private Sectors– Expertise from real operational systems– “Know How” on profitability / cost-down / actual operation / c
ustomizing systems / ….
![Page 14: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/14.jpg)
Cabinet Secretariat
FSA METI MLITMPHPT
Ele.Finance Gas TrainComm Air
Critical Infrastructure
Local Gov.
Information flowInformation flow
![Page 15: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/15.jpg)
More works requiredMore works required
Exercise on Large scale accident– Within an identical infrastructure– With other infrastructures– We don’t know the effect of “Inter-dependency”
• Research required.
Awareness program– Classic / Legacy approach on generic security management– Changes on its systems drastically
• More computers and networks in their systems
– Sharing Best Practices
![Page 16: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/16.jpg)
Services
MonitoringTraffic and access
Other ISP’s
X
ISPBlocking the trafficDefine their handlings in contract
IT sectionNot enough expertiseOut sourcing
Top ManagementDecisions on business operations
AttackerConducting intentional activitiesNeed to work globally
Attack TrafficForging source address
Mission difficult (not impossible)
(1) Improving Technology and Operation(2) Gov/Private Sector collaboration(3) Re-designing Security functions(4) HQ role(5) Learn more from accidents(6) Preparation / Prevention
![Page 17: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/17.jpg)
Sharing Best PracticesSharing Best Practices
Best Practice developed through competition: high quality expertise on technology, engineering, and operation
Distributing Best PracticeWork with Non-profit areaImproving business environment
Private Sectors
Government
![Page 18: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/18.jpg)
Improving Information SharingImproving Information Sharing
Government Critical InfrastructureCompanies
ISAC model?Inter-sector communicationAnonymity / Responsibility
Among MinistriesLEA
![Page 19: Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan](https://reader036.vdocuments.net/reader036/viewer/2022070404/56649f395503460f94c56669/html5/thumbnails/19.jpg)
SummarySummary
Collaboration and mutual understandings on what we are doing is quite important among Government / private sector relationship
Need to do more– Improving information sharing– Exercises & Awareness– Research, esp. on analysis on “inter-dependency” among CI
CEIIS (Committee of Essensial Issues on Information Security)– Recommendations #2 by the end of FY2004 (Mar. 2005)