Information Security Policies in Japan
Transcription
Information Security Policies in Japan
Information Security Policies in Japan Towards a safe and secure network infrastructure Fumiaki TAKAHASHI Director, ICT Security Office, I f Information ti and d Communications C i ti Policy P li Bureau, B Ministry of Internal Affairs and Communications (MIC) May 2007 Information security policy of the entire government and roles of MIC MOD NPA ○ Trustworthy information and communications services as “the infrastructure for other infrastructures.” ○ Know-how to develop the framework for sharing information in the information and communications field. ○ Know-how of network security technologies. METI MIC : Information and communications field Supporting establishment Supporting implementation of the strategy ○ Cyber-attacks Cyber attacks including DoS attacks. Threats of cyber-terrorism. ○ Unintentional factors including humancaused mistakes and hardware malfunctions . →The scale of IT-malfunctions has become larger. IT-malfunctions directly effect citizens’ lives and business activities activities. ・The air control system was down and 215 flights were canceled (Mar 2003). ・The Tokyo Stock Exchange system was down and the exchange stopped for half a day (Nov 2005). Etc. Information Security Policy Council National Information Security Centre (NISC) The First National Strategy on Information Security (2006.2) Secure Japan 2006 Policy of each ministry ○ Central and local go governments t ○ Critical Infrastructures (telecommunications, finance electricity, finance, electricity civil aviation, medical services, etc.) ○ Businesses (2006.6) ○ Individuals 1 Outline of The First National Strategy on Information Security and “Secure Secure Japan 2007” 2007 “The First National Strategy on Information Security” (2 February 2006 Information Security Policy Council) Three-year plan for FY 2006-2008. Aimed at establishing a “New public-private collaboration model” in which all bodies play appropriate roles Objectives Critical infrastructure By the beginning of FY 2009, all governmental agencies should take measures according to he “United Standards”. By y the beginning g g of FY2009, the number of ITmalfunctions should be reduced as close as possible to zero. ◆ Assessment based on the “Unified Standards of governmental agencies.” Key sectoral ◆ Increasing the ability to policies respond to emergencies including cyber attacks, Key crosssectoral policies Businesses Central and local governments ◆ Fixing the public bidding ◆ Developing CEPTOAR. process for government ◆ Establishing the CEPTOARpurchases. Council. ◆ Promoting usage of third-party ◆ Implementing cross-sectoral evaluation systems. ◆ Reinforcing the framework to exercises and respond to computer viruses, interdependency analysis. etc. Promoting international cooperation and collaboration FY 2006 “Secure Japan 2006” By y the beginning g g of FY 2009,, the number of individuals “feeling insecure about IT use” should be reduced as close as possible to zero. ◆Promoting information i education. d i security ◆ Enhancing publicity and awareness. ◆ Improving the environment to provide user-friendly services. Developing human resources Promoting information security technology strategy FY 2005 By the beginning of FY 2009, the state of implementation of information security measures should be enhanced to the world’s top level. Individuals Crime control and protection/remedial measures for rights and interests FY 2007 FY 2008 FY 2009 “Secure Japan 2007” ① The action plan in FY 2006 ~Establishment of a cooperation model for security measures in the public and private sectors. ① The action plan in FY 2007 ~Enhancement of security measures in the public and private sectors. ② The direction of key policy in FY 2007 ~Enhancement of security measures in the public and private sectors. ② The direction of key policy in FY 2008 ~Intensive efforts for strengthening security basis. Secure Japan 2008 2 MIC’s efforts to ensure reliability of information and communications networks We realize “secure and safe” safe” communications as a social infrastructure by promoting policies that reinforce information security from the three aspects of “Network Network””, “Terminal System and Equipment” Equipment” and “Person Person””. ●Measures against cyber cyber-attacks. ・Measures against concurrent attacks from a lot of commandeered PCs called “Botnets”. ・Establishing tracing-back technology to specify the source of the attack. ・Establishing technology to prevent hijacking communication routes. ●Promotion to share information between telecommunications carriers. ●Coping with rapid increase of traffic. ・Development of the next-generation backbone enabling the stable control of traffic that doubles every year by optimizing the data exchange points. ●Preparation against disasters. ・Supporting the introduction of such equipment as back-up machines against disasters and machines capable of investigating the cause of obstacles. ・Cooperation with Telecom-ISAC Japan. ・Promotion to develop T-CEPTOAR. Ⅰ Making robust and reliable networks Ⅱ Improvement of human ability Security and safety in telecommunications ●Implementing exercises against cyber cyberattacks. ・Telecommunications carriers implement exercises against cyber-attacks. ●Establishment of security management system system.. ・Establishing a guideline for telecommunications carriers; Promoting and Ⅲ Coping with diversification of goods connecting to networks ●Ensuring the security in the era when various equipments are connected to networks. networks ・Identification of measures to ensure the security necessary for various networked equipment to establish ubiquitous environment by IPv6. spreading the guideline, aiming for international rules. ●Enhancement of educational and enlightening activities for individuals. individuals. ・Implementing “e-net caravan” which is an activity for enlightening students’ parents and teachers. ・Development of a system to foster children’s ICT media literacy. ・Supporting opening information and communication security training centers. ●R&D for preventing information leaks. ・Development of technology to prevent information leaks through file sharing software. ●Simplifying and making more sophisticated the cryptography and authentication systems. 3 T-CEPTOAR (Telecommunications CEPTAOR) Objective ○CEPTOAR (Capability for Engineering of Protection, Technical Operation, Analysis and Response) was established in each of the 10 critical infrastructure fields based on The First National Strategy on Information Security. (The CEPTOAR in information and communications (telecommunications) field is called “T-CEPTOAR (Telecommunications CEPTOAR) “.) What is CEPTOAR? ・CEPTOAR is “the function for sharing and analysing information” to improve the ability to maintain and recover services of critical infrastructures. ・Critical infrastructure companies communicate and share information provided from governments for prevention of IT-malfunctions, prevention of expansion of suffering, rapid resumption from suffering and prevention of recurrence. Framework ○”T-CEPTOAR” is the CEPTOAR in the information and communications (telecommunications) field. ○T-CEPTOAR is based on existing organizations including Telecom-ISAC Japan, TCA and others, and has 4 Sub-groups categorized by type of services under the steering committee. T-CEPTOAR Steering Committee ○Leading telecommunications carriers (27 carriers) participate in this framework. ◆SG1 : Fixed-line carriers providing network infrastructure and closely related T-PoC(main・sub) T-PoC Sub-PoC(main) (Sub-PoC of companies. Sub-PoC(sub) each SG) ◆SG2 : Access line carriers and closely related companies. ◆SG3 : ISP carriers and closely related companies. SG1(L1) SG2(L2) SG3(L3) ◆SG4 : Mobile ◆SG ob e carriers ca e s and a d cclosely ose y related e a ed co companies. pa es SG4(Mobile) Sub-PoC Functions SG1(L1)members Sub-PoC SG2(L2)members Sub-PoC Sub-PoC SG3(L3)members SG4(mobile) members 1. Sharing information and cooperating for prevention of IT-malfunctions, prevention of expansion of suffering, rapid resumption from suffering and prevention of recurrence through analysis/verification of causes of IT-malfunctions. 2. Forwarding information from governments and other CEPTOARs to members. 3. Sharing additional information related with the information described 2 above among members. 4 Countermeasures for Botnet Detect 6) 5) infected PC 4) Information on attack sources or spam p distributers 1)To capture infecting and propagating computer viruses, set up Super Honey Pots containing a large number of IP addresses. Recommend to install the removal tool ISP 2) 1),3) ISP Super Honeyy Pot Seeking solutions Bot 3)To capture newly distributed computer viruses, maintain activity of the captured computer viruses based on the results of reverse engineering 2). 4)Report traffic 4)R ffi characteristics h i i off infected i f d PCs to ISPs, based on the results of reverse engineering 2). ISP Recommend R d to install the removal tool 2)Reverse ) engineering i i off the h capturedd computer viruses, and create a removal tool for the computer viruses. 5)Detect infected PCs, based on 4). Detect infected PCs 7) Distribute the removal tool Information on attack sources or spam distributers Portal site ccc.go.jp 6)Recommend to owners of infected PCs (subscribers of internet services) that they use the removal tool. 7)Distribute the removal tool on the portal site. 5 R&D of tracing-back g to IP p packets ○Most data transmitted by cyber attacks including unauthorized accesses and denial of service attacks falsify addresses of the transmitting equipment of the sender. It is thus too difficult to discover the true transmitting equipment at present. ○MIC is developing the technology to enable tracing-back to IP packets for detecting the true transmitting equipment even if the addresses are falsified. Before introduction Packets falsifying addresses [B B⇒C]… Host A Getting address numbers b Router X Router Z H Host C Tracing-back platform • Installing equipment to collect tracing-back (TB) data on the Internet and collecting TB data and compiling it on databases. • Detection of true transmitting equipment by analyzing compiled data. Router Y Equipment to Equipment to search TB data analyze TB data Transmitting equipment cannot be discovered discovered. Host B ②Requirement to After introduction search TB data Packets falsifying transmitting equipments [B B⇒C]… Host A Getting address numbers Collecting TB data Tracing back platform Router X Router Z Host C Router Y Host B Transmitting equipment can be discovered by tracing back. Internet ①Requirement of detection ③Result of search ④Result of detection Database of compiling TB data Equipment to collect TB data including : below •Equipment to collect packets •Equipment to convert data (anonymizing, etc.) 6 Incident Analysis System: nicter(Network Incident analysis Center for Tactical Emergency Response) Macro M analysis l i System S t (MacS) (M S) Virus Visualizing Engine Monitoring network attacks ! Analysis Engine 3D Display Bot World map Worm Government organizations Phenomenon Macro-micro Correlation MacroAnalysis system Incident Handling by Human Operator Mi Micro analysis l i System S (MicS) (Mi S) Collecting illegal code samples Static analysis of illegal code ! Incident Reports Correlation Analysis Engine Cause Report ---------------------------------- Internet Service Providers ! Dynamic analysis of illegal code End Users Honey pot 7