current status of collaboration between india and japan
play

Current status of collaboration between India and Japan Koji Nakao - PowerPoint PPT Presentation

Current status of collaboration between India and Japan Koji Nakao KDDI, Information Security Fellow 1 CONFIDENTIAL & PROPRIETARY: All materials contained in this document cannot be reproduced in whole or in part, distributed, published or


  1. Current status of collaboration between India and Japan Koji Nakao KDDI, Information Security Fellow 1 CONFIDENTIAL & PROPRIETARY: All materials contained in this document cannot be reproduced in whole or in part, distributed, published or shared with any other third parties (except to the extent necessary solely for the 3/21/2015 purpose of receiving legal, accounting or other professional advice) without the prior written consent of KDDI, Inc.

  2. “Big Data” Society and Cybersecurity activities toward the next GSFI meeting Open data More severe risks Digitally stored knowledg Collected and e stored big data ( static / dynamic ) Dessemination of risks M2M (streamin g data) Increasing dependence Persona of socio- l data Globalization of risks economic systems on IT Cyber Space CONFIDENTIAL & PROPRIETARY: All materials contained in this document cannot be reproduced in whole or in part, distributed, published or shared with any other third parties (except to the extent necessary solely for the purpose of receiving legal, accounting or other professional advice) without the prior written consent of KDDI , Inc. 2

  3. Sophisticated Attacks to Sensitive Information activities toward the next GSFI meeting [Recent major cases] 2011.9 [Mitsubishi Heavy Industries, Ltd. (MHI), House of Representative (HR) etc.] Found virus infection by targeted attacks ~ 2012.5 [Japan Nuclear Energy Safety Organization (JNES)] Found possibility of information leakage over previous months 2013.1 [Ministry of Agriculture, Forestry and Fisheries of Japan (MAFF)] Announced attack case on TPP-related information leakage 2013.4 [Japan Aerospace Exploration Agency (JAXA)] Found unauthorized access to servers from outside [ Government agencies etc.] 2013 Found zero-day attack* causing particular entities to be infected by web autumn browsing 2014.1 [Japan Atomic Energy Agency (JAEA)] Found possibility of information leakage by virus infection * Zero-day attack: Attack misuses unpatched or undisclosed security holes in software. [ Threats to government’s organizations ] 24 hrs & 365 FY 2011 FY 2012 FY 2013 days Appr Appro No. of threats detected App ox. through monitoring by x. rox. (10 times in a sensors, etc.** 1,080,00 660,000 5,080,000 0 min.) No. of notices issued through monitoring by 139 139 175 sensors, etc. * * No. of no normal accesses or communications among events detected by sensors installed in the ministries by the GSOC ( abbreviation for No. of warnings issued Government Security Operation Coordination team) 381 209 415 on suspicious e-mails CONFIDENTIAL & PROPRIETARY: All materials contained in this document cannot be reproduced in whole or in part, distributed, etc. published or shared with any other third parties (except to the extent necessary solely for the purpose of receiving legal, accounting or other professional advice) without the prior written consent of KDDI , Inc. 2

  4. Attacks on Critical Infrastructures activities toward the next GSFI meeting [No. of attacks on critical infrastructures] Main Details FY 2012 FY 2013 No. of info. Messages or 110 153 Unauthorized access,Dos 121 reports* from critical Virus infection 7 (76)** (133) Other intentional factors 5 infrastructures areas * Reports from the critical infrastructure operators to the NISC ** Reports concerning Cyber Attacks FY 2012 FY 2013 No. of received info. 246 385 Messages*** about targeted attack e-mail, etc. * * * Reports from the five industries (45 organizations), or critical infrastructure equipment manufacture, power, gas, chemistry and petroleum to Information-Technology Promotion Agency (IPA), Japan [Area of the Critical infrastructure] (6) Gas (11) Chemistry (1)Information and Communications (7) Gov’t and (12) Credit Card (2) Finance Admin. Services (13) Petroleum (3) Aviation (8) Medical Services * * * * These three sectors were added to the third (4) Railways (9) Water action plan to security measures for critical infrastructures decided by the Information Security Policy Council (ISPC) on 19 th May 2014. (5) Electricity (10) Logistics CONFIDENTIAL & PROPRIETARY: All materials contained in this document cannot be reproduced in whole or in part, distributed, published or shared with any other third parties (except to the extent necessary solely for the purpose of receiving legal, accounting or other professional advice) without the prior written consent of KDDI , Inc. 3

  5. Widespread Scope of Targets activities toward the next GSFI meeting [Spread of smart phones etc.] Household ownership rate increased five times rapidly* (End of 2010: approx. 10% -> End of 2012: approx. 50% ) Illicit sites targeted at mobile devices increased twenty times rapidly (End of 2011: approx. 3 thousand -> End of 2013: approx. 57 thousand ) * 2013 White Paper – Information and Communications in Japan by the Ministry of Internal Affairs and Communications (MIC) Regarding the increase rate of illicit sites: Research by Trend Micro corp. * * Approaches for Vehicle Information Security (August 2013) by Information-technology Promotion Agency (IPA), Japan * * * Handout at 14 th Study group for Smart Meter system, by the Ministry of Economy, Trade and Industry(METI) [ Penetration throughout all of society in Japan ] CONFIDENTIAL & PROPRIETARY: All materials contained in this document cannot be reproduced in whole or in part, distributed, published or shared with any other third parties (except to the extent necessary solely for the purpose of receiving legal, accounting or other professional advice) without the prior written consent of KDDI , Inc. 5

  6. Attacks from a Variety of Entities in the World activities toward the next GSFI meeting [Attacks on Japan from Overseas] Geological location of IP addresses used by malware (2013)* Japan 97% of malware 3% tried to connect to oversea servers. Overse as 97% * Source: National Police Agency of Japan (Feb. 2014) [Recent major cases] [ Korea ] DDoS attacks to 40 web servers of government agencies etc. 2011.3 → At t ack ck co com m ands s issu ssued usi sing hom e PCs s in Japan as s bot s [ Korea ] Large-scale cyber attacks to critical infrastructures 2013.3 → Sam e m m alicious program c concurrent ly found in Japan (Reference) [ US ] The US government points out t h t he po possibil ilit it y of t t he involvem ent t of f foreign gn 2013.5 governm ent s or m m ilit ilit arie ies in targeted attacks made to steal national or corporate secrets* * * * Source: “The Administrative Strategy on Mitigating the Theft of U.S. Trade Secrets” (White CONFIDENTIAL & PROPRIETARY: All materials contained in this document cannot be reproduced in whole or in part, distributed, House, February 2013) & “the Annual Report to Congress” (Department of Defense, May 2013) published or shared with any other third parties (except to the extent necessary solely for the purpose of receiving legal, accounting or other professional advice) without the prior written consent of KDDI , Inc. 6

  7. Recent Efforts on Cybersecurity Strategy (Summary) activities toward the next GSFI meeting ● Revision of the Standards for Information ″Resilient″ Security Measures for the Central Cyberspace Government Computer Systems (May 2014) ″ Cybersecurity Strategy ″ - Strengthening ● Issuing the Third Edition of the Action Plan ( June 2013 ) protection - on Information Security Measures for Critical Infrastructures (May 2014) ● Revision of the Information Security Human ″Vigorous″ Resource Development Program (May 2014) Cyberspace - Building ● Revision of the Information Security fundamentals - Research and Development Strategy (July 2014) ● Issued ″International Strategy on ″World - leading″ Cybersecurity Cooperation – j-initiative for Cyberspace Cybersecurity (October 2013) - International Strategy - ● ASEAN-Japan Commemorative Summit Meeting (held in December 2013) ● Issuing Annual Report on Cybersecurity Organizational (July 2014) ● Strengthening the function of Reform CONFIDENTIAL & PROPRIETARY: All materials contained in this document cannot be reproduced in whole or in part, distributed, NISC (scheduled in FY2015) published or shared with any other third parties (except to the extent necessary solely for the purpose of receiving legal, accounting or other professional advice) without the prior written consent of KDDI , Inc.

Recommend


More recommend