cyber security in japan (v.2) - 国際公共政策 ... · pdf filekeep analysis and law...

Copyright © 2012 Center for International Public Policy Studies. All Rights Reserved.

Cyber Security in Japan (v.2)

Ryusuke Masuoka ([email protected]) and Tsutomu Ishino ([email protected])

Cyber Security Policy Research TeamCenter for International Public Policy Studies (CIPPS)

December 2012


Outline

• Japanese Government’s Approach• Situation in Japan• NISC and Four Key Agencies• Cyber Incidents• Cybercrime Trends in Japan• References

1


JAPANESE GOVERNMENT’S APPROACH

2

Cross-sectional Framework Lead by Cabinet Secretariat

Chairman: Chief Cabinet SecretaryDeputy Chairman:

Minister of State for Science and Technology Policy

Members: National Public Safety Commission ChairmanMinister of Internal AffairsMinister of Economy, Trade and IndustryMinister of Defense

Members from the private-sector (6)

Governmental Agencies

Director: Assistant Chief Cabinet Secretary (Risk & Security)

Deputy Director: Councillor, Cabinet Secretariat (2)

Cabinet Counsellors (6)Advisors on Information Security (3)

Director-General: Prime MinisterVice Director-Generals:

Minister of State for Science and Technology Policy Chief Cabinet SecretaryMinister of Internal AffairsMinister of Economy, Trade and Industry

Members:All other Ministers of State and Experts (10)

Information Security Policy Council

Chief : Assistant Chief CabinetSecretary （Domestic affairs）

Secretariat

Ministers from four key agencies

Secretariat

IT Strategic Headquarters

Critical Infrastructures

Agencies in charge of critical infrastructures• Financial Services Agency: Financial Institutes• Minister of Internal Affairs: Municipals, Communication• Ministry of Health, Labour and Welfare: Hospitals, Water• Minister of Economy, Trade and Industry:

Electric Power, Gas• Ministry of Land, Infrastructure, Transport and Tourism:

Railways, Airlines, Distribution

Other agencies• Ministry of Education, Culture, Sports, Science and

Technology: Cyber Security Education

Special Committee on

Critical Infrastructures

Special Committee on Technological

Strategy

CISO Conference

Special Committee on Edification and

Education

Approach by Japanese Government

National Information Security Center (NISC)

Cabinet Secretariat IT Dep’t

Four Key Agencies

Ministry of Economy, Trade and Industry

Ministry of Internal Affairs and Communications

Ministry of Defense

National Police Agency

IndividualsBusinesses

3


NISC and Four Key Agencies

• National Information Security Center (NISC)– Coordinating government efforts

• National Police Agency (NPA) – Fighting Cybercrimes

• Ministry of Internal Affairs and Communications (MIC)– Communication and Network Policies

• Ministry of Economy, Trade and Industry (METI)– IT Policies

• Ministry of Defense (MOD)– National Security

4


SITUATION IN JAPAN

5


Situation in Japan

• Wake up call – Mitsubishi Heavy Industries (MHI), Sep. 2011– Cyber security particularly hot after a cyber attack on MHI revealed– Anonymous hits Japan – July 2012 (Sony in 2011)– Stuxnet raised awareness for cyber attacks on critical infrastructures– Many relevant books published

• “Information Security 2012” – July 2012http://www.nisc.go.jp/eng/pdf/is2012 eng.pdf

1. Strengthening Measures for Sophisticated Threats to Companies and Organizations Handling Important National Information on Security

2. Maintaining a Safe and Secure User Environment for Addressing the Emerging Risks Associated with the Proliferation of New Information and Communications Technology Including the Full-Fledged Widespread Use of Smart Phones

3. Reinforcement of International Alliances

- Started bearing fruit, but still a long way to go

6


Situation in Japan

• Progresses– Laws are being updated– Cybercrime Convention into force – 1 Nov. 2012– MOD stands up to meet the challenges beyond its IT

infrastructure – Control System Security Center (CSSC) – Mar. 2012

• Setbacks– PC Hijack Case– Concern of too many pilots

- Progresses and Setbacks

7


NISC AND FOUR KEY AGENCIES

8


National Information Security Center (NISC)

• “Information Security 2012” – July 2012http://www.nisc.go.jp/eng/pdf/is2012 eng.pdf

1. Strengthening Measures for Sophisticated Threats to Companies and Organizations Handling Important National Information on Security

2. Maintaining a Safe and Secure User Environment for Addressing the Emerging Risks Associated with the Proliferation of New Information and Communications Technology Including the Full-Fledged Widespread Use of Smart Phones

3. Reinforcement of International Alliances

• FY2013 – 31.5B JPY Planned (Japanese Government Total)

- Coordinating government efforts

9


National Police Agency (NPA) – Fighting Cybercrimes

• Cyber-Security Activities1. “Cyber Force Center” (Reorganized 140 IT Staffs of NPA)2. Information sharing with CCI-Designated Companies 3. “Council to Prevent Unauthorized Communications to Counter

Cyber-Intelligence” (with 4,800 companies all over Japan)

• FY 2013 – 2.4B JPY Planned 1. Improve response capability against cybercrimes2. Improve response capability against cyber attacks to state

secrets and critical infrastructures3. Extend international collaboration4. Keep analysis and law enforcement capabilities up to date with

changing IT technologies and lawsCCI: Counter Cyber Intelligence

10


Ministry of Internal Affairs and Communications (MIC)

• Cyber Security Activities– Cyber Attack Analysis Council, jointly with METI

• IPA, JPCERT/CC, NICT, Telecom-ISAC Japan– Smart Phone Information Security

• FY2013 – 3.66B JPY Planned – Comprehensive security environment ready for

new types of cyber attacks – 2.62B JPY

- Communication and Network Policies

IPA: Information-technology Promotion Agency, JapanJPCERT/CC: Japan Computer Emergency Response Team Coordination CenterMETI: Ministry of Economy, Trade and IndustryNICT: National institution of information and communications technologyTelecom-ISAC Japan: Telecom Information Sharing and Analysis Center Japan

11


Ministry of Economy, Trade and Industry (METI)

• Cyber Security Activities– Initiative for Cyber Security Information sharing Partnership Japan (J-CSIP)

• Information sharing of cyber attacks– Cyber Attack Analysis Council, jointly with MIC

• IPA, JPCERT/CC, NICT, Telecom-ISAC Japan– Building a pool of advanced information security experts

• National security competitions, etc.– Securing control systems

• Cyber security exercises, etc.– Control System Security Center (CSSC) – Mar. 2012

– Established in Tokyo and Tsunami-affected area (Miyagi Reconstruction Park)

• FY 2013 - 2.15B JPY Planned – Information security promotion projects – 1.6B JPY– Hubs for security verification and education

• Control systems test beds at CSSC - 0.55B JPY

- IT Policies

IPA: Information-technology Promotion Agency, JapanJPCERT/CC: Japan Computer Emergency Response Team

Coordination CenterMIC: Ministry of Internal Affairs and CommunicationsNICT: National institution of information and communications

technologyTelecom-ISAC Japan: Telecom Information Sharing and

Analysis Center Japan

12


Ministry of Defense (MOD) – National Security

• Cyber Security Activities – 6 core approaches1. Improve information and telecommunication systems security2. Reinforce protection systems3. Prepare rules and regulations4. Develop Human resources5. Promote information sharing6. R&D of latest technologies

• FY 2013 – 21.2B JPY Planned – “Cyberspace Guard” (tentative name)

• ~100 members, 10B JPY– MOD Cyber Range – 1.59B JPY– Add network monitoring equipment – Training through Japan-U.S. joint exercises

13


CYBER INCIDENTS

14


Case: Advanced Persistent Threat (APT)

Attacker

Spear Phishing

Email

Confidential Info Obtained

(1) Initial Penetration

(3) System Survey

(4) Final Attack Execution

(0) Preliminary Investigation

Based on a Fujitsu slide, Modified by CIPPS

(2) Building AttackInfrastructure

15


Case: PC Hijack 2012

Culprit

(1)

Uploads software with virus to Dropbox

BB: Bulletin BoardC&C: Command and ControlTOR: The Onion Router

This figure based on http://d.hatena.ne.jp/

Kango/20121008/1349660951

Livedoor Shitaraba BB(Used as C&C)

Timer.zip(BKDR_SYSIE.A)

2 Channel

Dropbox

(2) • Siberia PO – 405th [Repost Request]Siberia Super Fast BB

• “Is there software like …?” – Part. 149• How about this? http://...

Software BB

Post to “2 Channel” with link to Dropbox file

Unsuspectingproxy to repost

TOR?

TOR

Reads the post and downloads software

Executes software and gets infected

Reads commands regularly

Writes commands

TOR

Writes “Post is done” when successful

JAL (Customer Service)

Osaka City (Suggestion Box)

(7)

(9)

(8) 8/1

(8) 7/29

(10)(11)

Arrests him based on IP Address

(5)

(4)

(3)

(3)

Consults with police

Announces crime plans

(6)

Proxy

Suspect

16


CYBERCRIME TRENDS IN JAPAN

17


Cybercrime Offenses Cleared

3,918 4,334 3,961

5,199 5,388

113 247

195

133 105

1,442

1,740 2,534

1,601 248

0

1,000

2,000

3,000

4,000

5,000

6,000

7,000

8,000

2007 2008 2009 2010 2011

Unauthorized Access Violations

Crimes Targeting Computers /Electronic Records

Networking Crimes

Source: NPA

18


Networking Crimes Cleared in 2011 - DetailsUnauthorized Access

Violations4%

Crimes Targeting Computers /

Electronic Records2%

Frauds16%

Child Pornography Offenses

15%

Distribution of Obscene Materials

12%

Violations of Dating Site Regulation Act

8%

Child Prostitution Offenses

8%

Violations of Youth Protection Laws

8%

Copyright Infringements

7%

Violations of Trademark Law

4%

Others16%

Networking Crimes

Source: NPA

19


Cybercrime Counseling

32,824 37,794 40,315

31,333 32,892

4,645

6,038 6,538

9,836 11,667

8,871

11,516 11,557

10,212 10,549

12,707

8,990 7,859

6,905 5,905

3,005

4,522 4,183

3,668 4,619 3,497

4,039 3,785

3,847 3,382

7,644

9,095 9,502

10,009

11,259 73,193

81,994 83,739

75,810

80,273

0

10,000

20,000

30,000

40,000

50,000

60,000

70,000

80,000

90,000

2007 2008 2009 2010 2011

OthersIllegal / Harmful InformationUnauthorized Accesses / Computer VirusesAuctioningDefamation / LibelsSpamsFrauds / Fraudulent Businesses

Source: NPA

20


Calls to Internet Hotline Center (IHC)

91,769

143,280 140,391

189,388 182,757

8,310 8,221

20,659 22,964 23,846

2007 2008 2009 2010 2011

Calls

Forwarded to Police

12,818 14,211

27,751

35,016 36,573

3,600 6,122

6,217

9,667 4,827

16,418

20,333

33,968

44,683 41,400

2007 2008 2009 2010 2011

Harmful InformationIllegal Information

Calls about Illegal/Harmful Information

Source: NPA

21


REFERENCES

22


References

• Documents– Information Security 2012, http://www.nisc.go.jp/eng/pdf/is2012 eng.pdf– Japanese Government's Efforts to Address Information Security Issues (November 2007),

http://www.nisc.go.jp/eng/pdf/overview eng.pdf– The White Paper on Police 2011 [Digest Edition] – Cyber Security in Special Feature II

http://www.npa.go.jp/hakusyo/h23/english/Contents WHITE PAPER on POLICE2011.htm– Police of Japan 2012 – Section 7 of “Community Safety” on Cybercrime

http://www.npa.go.jp/english/kokusai/2012contents.htm

• Organizations– CIPPS: Center for International Public Policy Studies

http://cipps.org/english/– IPA: Information-technology Promotion Agency, Japan

http://www.ipa.go.jp/index-e.html– JPCERT/CC: Japan Computer Emergency Response Team Coordination Center

http://www.jpcert.or.jp/english/– NICT: National institution of information and communications technology

http://www.nict.go.jp/en/– NISC: National Information Security Center

http://www.nisc.go.jp/eng/– Telecom-ISAC Japan: Telecom Information Sharing and Analysis Center Japan

https://www.telecom-isac.jp/english/

23