ARF Seminar on Operationalizing Cyber CBMs at Singapore 21 ‐ 22 October 2015 Cyber Incident Management -National and Regional Lessons Learned- Masanori Sasaki Deputy Counsellor, NISC, Cabinet Secretariat, Japan
Our organization… NISC : N ational center of I ncident readiness and S trategy for C ybersecurity • 6 groups Strategy and Policy Planning • Various project teams International Strategy Deputy Director-General Comprehensive Measures for Government Agencies Director-General of NISC Critical Information Infrastructure Protection Deputy Director-General Integration and Coordination of Cybersecurity Information Cybersecurity Advisers Incident Investigation and Analysis 1
Information what NISC needs… Strategic level Information on law, policy, and strategy • International • Domestic Situational Information: • Incident reports • Threat trends Collecting, processing, • Information on actors in cyberspace analyzing, and utilizing information for the • Best practices and measures on cybersecurity national cybersecurity Technical information: • Malware • Vulnerability Operational level 2
Information Channels Domestic: • GSOC [Government Security Operation Coordination team] • Each government agency’s CSIRT • JPCERT/CC and other partners • Law enforcement agencies • Private sector International: • Formal communication channels e.g. bilateral cyber-dialogues • Multilateral frameworks e.g. FIRST • Informal meetings and communications • poc@nisc.go.jp 3
Incident management framework and information sharing… Each Ministry’s CSIRT Situational awareness and analysis Incident response Used effectively? Report to decision makers GSOC [Government Security Operation Coordination team] Training and exercise Real-time network monitoring Warnings & notifications Information sharing and cooperation Malware analysis and information gathering GSOC Prompt warnings on threats Monitoring Sensor Reports Ministry A PoC CSIRT CYMAT [CYber incident Mobile Assistance Team] Timely & precisely? Members: government officials with advanced Cooperation among experiences and knowledge on cybersecurity CSIRTs Timely & effectively? Be mobilized for serious impact cyber incidents GSOC GSOC Sensor that require government-wide response Sensor Request for assistance Provides technical assistance to the Ministry C Ministry B government bodies for: PoC CSIRT PoC CSIRT • Accurate situational awareness & analysis Technical assistance Response • Incident response and damage control and advice • Recovery from incidents Technical • Recurrence prevention Assistance • Exercises and Trainings Collaboration, • Private sector information sharing • International partners, etc . Work practically? 4
Recommend
More recommend