Information Security Policies in Japan

Information Security Policies
in Japan
Towards a safe and secure network infrastructure
Fumiaki TAKAHASHI
Director,
ICT Security Office,
I f
Information
ti and
d Communications
C
i ti
Policy
P li Bureau,
B
Ministry of Internal Affairs and Communications (MIC)
May 2007
Information security policy of the entire
government and roles of MIC
ＭＯＤ
ＮＰＡ
○ Trustworthy information and communications services as “the infrastructure for other
infrastructures.”
○ Know-how to develop the framework for sharing information in the information and
communications field.
○ Know-how of network security technologies.
ＭＥＴＩ
MIC : Information and communications field
Supporting establishment Supporting implementation of the strategy
○ Cyber-attacks
Cyber attacks including
DoS attacks. Threats of
cyber-terrorism.
○ Unintentional factors
including humancaused mistakes and
hardware malfunctions .
→The scale of IT-malfunctions
has become larger.
IT-malfunctions directly effect
citizens’ lives and business
activities
activities.
・The air control system was
down and 215 flights were
canceled （Mar 2003）.
・The Tokyo Stock Exchange
system was down and the
exchange stopped for half a
day （Nov 2005）.
Etc.
Information Security Policy Council
National Information Security Centre
（NISC）
The First National Strategy on
Information Security
（2006．2）
Secure Japan 2006
Policy of each ministry
○ Central and local
go
governments
t
○ Critical Infrastructures
（telecommunications,
finance electricity,
finance,
electricity civil
aviation, medical
services, etc.）
○ Businesses
（2006．6）
○ Individuals
1
Outline of The First National Strategy on
Information Security and “Secure
Secure Japan 2007”
2007
“The First National Strategy on Information Security” （2 February 2006 Information Security Policy Council）
Three-year plan for FY 2006-2008. Aimed at establishing a “New public-private collaboration model” in which all bodies play
appropriate roles
Objectives
Critical infrastructure
By the beginning of FY 2009,
all governmental agencies
should take measures
according to he “United
Standards”.
By
y the beginning
g
g of FY2009,
the number of ITmalfunctions should be
reduced as close as
possible to zero.
◆ Assessment based on the
“Unified Standards of
governmental agencies.”
Key sectoral
◆
Increasing
the ability to
policies
respond to emergencies
including cyber attacks,
Key crosssectoral
policies
Businesses
Central and local governments
◆ Fixing the public bidding
◆ Developing CEPTOAR.
process for government
◆ Establishing the CEPTOARpurchases.
Council.
◆ Promoting usage of third-party
◆ Implementing cross-sectoral
evaluation systems.
◆ Reinforcing the framework to
exercises and
respond to computer viruses,
interdependency analysis.
etc.
Promoting international cooperation and collaboration
FY 2006
“Secure Japan 2006”
By
y the beginning
g
g of FY 2009,,
the number of individuals
“feeling insecure about IT
use” should be reduced as
close as possible to zero.
◆Promoting information
i education.
d
i
security
◆ Enhancing publicity and
awareness.
◆ Improving the environment to
provide user-friendly
services.
Developing human resources
Promoting information security technology strategy
FY 2005
By the beginning of FY 2009,
the state of implementation of
information security measures
should be enhanced to the
world’s top level.
Individuals
Crime control and protection/remedial measures for rights and interests
FY 2007
FY 2008
FY 2009
“Secure Japan 2007”
① The action plan in FY 2006
～Establishment of a cooperation model for security
measures in the public and private sectors.
① The action plan in FY 2007
～Enhancement of security measures in the
public and private sectors.
② The direction of key policy in FY 2007
～Enhancement of security measures in the public
and private sectors.
② The direction of key policy in FY 2008
～Intensive efforts for strengthening security
basis.
Secure Japan
2008
2
MIC’s efforts to ensure reliability of information
and communications networks
We realize “secure and safe”
safe” communications as a social infrastructure
by promoting policies that reinforce information security from the three aspects of
“Network
Network””, “Terminal System and Equipment”
Equipment” and “Person
Person””.
●Measures against cyber
cyber-attacks.
・Measures against concurrent attacks from a lot of commandeered PCs called
“Botnets”.
・Establishing tracing-back technology to specify the source of the attack.
・Establishing technology to prevent hijacking communication routes.
●Promotion to share information between telecommunications carriers.
●Coping with rapid increase of traffic.
・Development of the next-generation backbone enabling the stable
control of traffic that doubles every year by optimizing the data
exchange points.
●Preparation against disasters.
・Supporting the introduction of such equipment as back-up
machines against disasters and machines capable of investigating
the cause of obstacles.
・Cooperation with Telecom-ISAC Japan.
・Promotion to develop T-CEPTOAR.
Ⅰ Making robust and reliable
networks
Ⅱ Improvement of
human ability
Security and safety in
telecommunications
●Implementing exercises against cyber
cyberattacks.
・Telecommunications carriers implement exercises against cyber-attacks.
●Establishment of security management system
system..
・Establishing a guideline for telecommunications carriers; Promoting and
Ⅲ Coping with diversification of
goods connecting to networks
●Ensuring the security in the era when various equipments
are connected to networks.
networks
・Identification of measures to ensure the security necessary for various
networked equipment to establish ubiquitous environment by IPv6.
spreading the guideline, aiming for international rules.
●Enhancement of educational and enlightening activities for individuals.
individuals.
・Implementing “e-net caravan” which is an activity for enlightening students’
parents and teachers.
・Development of a system to foster children’s ICT media literacy.
・Supporting opening information and communication security training centers.
●R&D for preventing information leaks.
・Development of technology to prevent information leaks through file
sharing software.
●Simplifying and making more sophisticated the
cryptography and authentication systems.
3
T-CEPTOAR (Telecommunications CEPTAOR)
Objective
○CEPTOAR (Capability for Engineering of Protection, Technical Operation, Analysis and Response) was established in each of the
10 critical infrastructure fields based on The First National Strategy on Information Security. (The CEPTOAR in information and
communications (telecommunications) field is called “T-CEPTOAR (Telecommunications CEPTOAR) “.)
What is CEPTOAR?
・CEPTOAR is “the function for sharing and analysing information” to improve the ability to maintain and recover services of critical
infrastructures.
・Critical infrastructure companies communicate and share information provided from governments for prevention of IT-malfunctions,
prevention of expansion of suffering, rapid resumption from suffering and prevention of recurrence.
Framework
○”T-CEPTOAR” is the CEPTOAR in the information and communications (telecommunications) field.
○T-CEPTOAR is based on existing organizations including Telecom-ISAC Japan, TCA and others, and has 4 Sub-groups
categorized by type of services under the steering committee.
T-CEPTOAR Steering Committee
○Leading telecommunications carriers (27 carriers) participate in this framework.
◆SG1 : Fixed-line carriers providing network infrastructure and closely related
T-PoC（main・sub）
T-PoC
Sub-PoC（main）
（Sub-PoC of
companies.
Sub-PoC（sub）
each SG）
◆SG2 : Access line carriers and closely related companies.
◆SG3 : ISP carriers and closely related companies.
SG1(L1)
SG2(L2)
SG3(L3)
◆SG4 : Mobile
◆SG
ob e carriers
ca e s and
a d cclosely
ose y related
e a ed co
companies.
pa es
SG4(Mobile)
Sub-PoC
Functions
SG1(L1)members
Sub-PoC
SG2(L2)members
Sub-PoC
Sub-PoC
SG3(L3)members
SG4(mobile)
members
1. Sharing information and cooperating for prevention of IT-malfunctions, prevention of expansion of suffering, rapid resumption from
suffering and prevention of recurrence through analysis/verification of causes of IT-malfunctions.
2. Forwarding information from governments and other CEPTOARs to members.
3. Sharing additional information related with the information described 2 above among members.
4
Countermeasures for Botnet
Detect
6)
5) infected PC
4) Information on attack sources
or spam
p
distributers
1)To capture infecting and propagating
computer viruses, set up Super Honey
Pots containing a large number of IP
addresses.
Recommend to install the
removal tool
ISP
2)
1),3)
ISP
Super
Honeyy
Pot
Seeking
solutions
Bot
3)To capture newly distributed computer
viruses, maintain activity of the captured
computer viruses based on the results of
reverse engineering 2).
4)Report traffic
4)R
ffi characteristics
h
i i off infected
i f
d
PCs to ISPs, based on the results of
reverse engineering 2).
ISP
Recommend
R
d
to install the
removal tool
2)Reverse
)
engineering
i
i off the
h capturedd
computer viruses, and create a removal
tool for the computer viruses.
5)Detect infected PCs, based on 4).
Detect
infected PCs
7) Distribute the
removal tool
Information on attack sources
or spam distributers
Portal site
ccc.go.jp
6)Recommend to owners of infected PCs
(subscribers of internet services) that
they use the removal tool.
7)Distribute the removal tool on the portal
site.
5
R&D of tracing-back
g
to IP p
packets
○Most data transmitted by cyber attacks including unauthorized accesses and denial of service attacks falsify addresses of
the transmitting equipment of the sender. It is thus too difficult to discover the true transmitting equipment at present.
○MIC is developing the technology to enable tracing-back to IP packets for detecting the true transmitting equipment
even if the addresses are falsified.
Before introduction
Packets falsifying addresses
［B
B⇒C］…
Host A
Getting address
numbers
b
Router X
Router Z
H
Host
C
Tracing-back platform
• Installing equipment to collect tracing-back (TB) data on the
Internet and collecting TB data and compiling it on databases.
• Detection of true transmitting equipment by analyzing compiled
data.
Router Y
Equipment to
Equipment to
search TB data analyze TB data
Transmitting
equipment cannot
be discovered
discovered.
Host B
②Requirement to
After introduction
search TB data
Packets falsifying transmitting equipments
［B
B⇒C］…
Host A
Getting address
numbers
Collecting TB data
Tracing back
platform
Router X
Router Z
Host C
Router Y
Host B
Transmitting equipment
can be discovered by
tracing back.
Internet
①Requirement of
detection
③Result of
search
④Result of
detection
Database of
compiling TB data
Equipment to collect TB data including : below
•Equipment to collect packets
•Equipment to convert data (anonymizing, etc.）
6
Incident Analysis System:
nicter（Network Incident analysis Center for Tactical Emergency Response）
Macro
M
analysis
l i System
S t
(MacS)
(M S)
Virus
Visualizing Engine
Monitoring
network attacks
!
Analysis Engine
3D Display
Bot
World map
Worm
Government organizations
Phenomenon
Macro-micro Correlation
MacroAnalysis system
Incident Handling by
Human Operator
Mi
Micro
analysis
l i System
S
(MicS)
(Mi S)
Collecting illegal
code samples
Static analysis of
illegal code
!
Incident
Reports
Correlation
Analysis Engine
Cause
Report
----------------------------------
Internet Service Providers
!
Dynamic analysis of
illegal code
End Users
Honey pot
7