Information Security Policies in Japan

Transcription

1 Information Security Policies in Japan Towards a safe and secure network infrastructure Fumiaki TAKAHASHI Director, ICT Security Office, Information and Communications Policy Bureau, Ministry of Internal Affairs and Communications (MIC) May 2007

2 Ninfrastructures. PAETIODInformation security policy of the entire government and roles of MIC MIC : Information and communications field Trustworthy information and communications services as the infrastructure for other Know-how to develop the framework for sharing information in the information and communications field. Know-how of network security technologies. MMSupporting establishment Supporting implementation of the strategy Cyber-attacks including DoS attacks. Threats of cyber-terrorism. Unintentional factors including humancaused mistakes and hardware malfunctions. The scale of IT-malfunctions has become larger. IT-malfunctions directly effect citizens lives and business activities. The air control system was down and 215 flights were canceled (Mar 2003). The Tokyo Stock Exchange system was down and the exchange stopped for half a day (Nov 2005). Etc. Information Security Policy Council National Information Security Centre (NISC) The First National Strategy on Information Security (2006.2) Secure Japan 2006 (2006.6) Policy of each ministry Central and local governments Critical Infrastructures (telecommunications, finance, electricity, civil aviation, medical services, etc.) Businesses Individuals 1

3 Outline of The First National Strategy on Information Security and Secure Japan 2007 The First National Strategy on Information Security (2 February 2006 Information Security Policy Council) Three-year plan for FY Aimed at establishing a New public-private collaboration model in which all bodies play appropriate roles Objectives Central and local governments By the beginning of FY 2009, all governmental agencies should take measures according to he United Standards. Critical infrastructure By the beginning g of FY2009, the number of ITmalfunctions should be reduced as close as possible to zero. Businesses Individuals By the beginning of FY 2009, the state of implementation of By the beginning g of FY 2009, information security measures the number of individuals should be enhanced to the feeling insecure about IT world s top level. use should be reduced as close as possible to zero. Key sectoral policies Key crosssectoral policies Assessment based on the Unified Standards of governmental agencies. Increasing the ability to respond to emergencies including cyber attacks, Promoting information security technology strategy Developing CEPTOAR. Establishing the CEPTOAR- Council. Implementing cross-sectoral exercises and interdependency analysis. Promoting international cooperation and collaboration Fixing the public bidding process for government purchases. Promoting usage of third-party evaluation systems. Reinforcing the framework to respond to computer viruses, etc. Developing human resources Promoting information security education. Enhancing publicity and awareness. Improving the environment to provide user-friendly services. Crime control and protection/remedial measures for rights and interests FY 2005 FY 2006 FY 2007 FY 2008 FY 2009 Secure Japan The action plan in FY 2006 ~Establishment of a cooperation model for security measures in the public and private sectors. 2 The direction of key policy in FY 2007 ~Enhancement of security measures in the public and private sectors. Secure Japan The action plan in FY 2007 ~Enhancement of security measures in the public and private sectors. 2 The direction of key policy in FY 2008 ~Intensive efforts for strengthening security basis. Secure Japan

4 MIC s efforts to ensure reliability of information and communications networks We realize secure and safe communications as a social infrastructure by promoting policies that reinforce information security from the three aspects of Network, Terminal System and Equipment and Person. Measures against cyber-attacks. Measures against concurrent attacks from a lot of commandeered PCs called Botnets. Establishing tracing-back technology to specify the source of the attack. Establishing technology to prevent hijacking communication routes. Promotion to share information between telecommunications carriers. Cooperation with Telecom-ISAC Japan. Promotion to develop T-CEPTOAR. Ⅱ Improvement of human ability Ⅰ Making robust and reliable networks Security and safety in telecommunications Coping with rapid increase of traffic. Development of the next-generation backbone enabling the stable control of traffic that doubles every year by optimizing the data exchange points. Preparation against disasters. Supporting the introduction of such equipment as back-up machines against disasters and machines capable of investigating the cause of obstacles. Ⅲ Coping with diversification of goods connecting to networks Implementing exercises against cyber- attacks. Telecommunications carriers implement exercises against cyber-attacks. Ensuring the security in the era when various equipments are connected to networks. Establishment of security management system. Identification of measures to ensure the security necessary for various Establishing a guideline for telecommunications carriers; Promoting and networked equipment to establish ubiquitous environment by IPv6. spreading the guideline, aiming for international rules. Enhancement of educational and enlightening activities for individuals. Implementing e-net caravan which is an activity for enlightening students parents and teachers. Development of a system to foster children s ICT media literacy. Supporting opening information and communication security training centers. R&D for preventing information leaks. Development of technology to prevent information leaks through file sharing software. Simplifying and making more sophisticated the cryptography and authentication systems. 3

5 T-CEPTOAR (Telecommunications CEPTAOR) Objective CEPTOAR (Capability for Engineering of Protection, Technical Operation, Analysis and Response) was established in each of the 10 critical infrastructure fields based on The First National Strategy on Information Security. (The CEPTOAR in information and communications (telecommunications) field is called T-CEPTOAR (Telecommunications CEPTOAR).) What is CEPTOAR? CEPTOAR is the function for sharing and analysing information to improve the ability to maintain and recover services of critical infrastructures. Critical infrastructure companies communicate and share information provided from governments for prevention of IT-malfunctions, prevention of expansion of suffering, rapid resumption from suffering and prevention of recurrence. Framework T-CEPTOAR is the CEPTOAR in the information and communications (telecommunications) field. T-CEPTOAR is based on existing organizations including Telecom-ISAC Japan, TCA and others, and has 4 Sub-groups categorized by type of services under the steering committee. Leading telecommunications carriers (27 carriers) participate in this framework. SG1 : Fixed-line carriers providing network infrastructure and closely related companies. SG2 : Access line carriers and closely related companies. SG3 : ISP carriers and closely related companies. T-CEPTOAR Steering Committee (Sub-PoC of each SG) T-PoC(main sub) Sub-PoC(main) Sub-PoC(sub) SG4 : Mobile carriers and closely related ed companies. SG1(L1) SG2(L2) SG3(L3) SG4(Mobile) T-PoC Sub-PoC Sub-PoC Sub-PoC Sub-PoC Functions SG1(L1)members SG2(L2)members SG3(L3)members SG4(mobile) members 1. Sharing information and cooperating for prevention of IT-malfunctions, prevention of expansion of suffering, rapid resumption from suffering and prevention of recurrence through analysis/verification of causes of IT-malfunctions. 2. Forwarding information from governments and other CEPTOARs to members. 3. Sharing additional information related with the information described 2 above among members. 4

6 Bot Countermeasures for Botnet 6) ISP 5) Detect infected PC Recommend to install the removal tool ISP Recommend to install the removal tool 7) ISP 4) Detect infected PCs Distribute the removal tool Information on attack sources or spam distributers 1),3) Super Honey Pot 2) Seeking solutions Information on attack sources or spam distributers Portal site ccc.go.jp 1)To capture infecting and propagating computer viruses, set up Super Honey Pots containing a large number of IP addresses. 2)Reverse engineering i of the captured computer viruses, and create a removal tool for the computer viruses. 3)To capture newly distributed computer viruses, maintain activity of the captured computer viruses based on the results of reverse engineering 2). 4)Report traffic characteristics i of finfected PCs to ISPs, based on the results of reverse engineering 2). 5)Detect infected PCs, based on 4). 6)Recommend to owners of infected PCs (subscribers of internet services) that they use the removal tool. 7)Distribute the removal tool on the portal site. 5

7 R&D of tracing-back to IP packets Most data transmitted by cyber attacks including unauthorized accesses and denial of service attacks falsify addresses of the transmitting equipment of the sender. It is thus too difficult to discover the true transmitting equipment at present. MIC is developing the technology to enable tracing-back to IP packets for detecting the true transmitting equipment even if the addresses are falsified. Host A Getting address numbers Host B Host A Getting address numbers Host B Packets falsifying addresses [B C] Router X Router Y Before introduction Router Z Host C Transmitting equipment cannot be discovered. After introduction Packets falsifying transmitting equipments [B C] Router X Router Y Tracing back platform Router Z Host C Transmitting equipment can be discovered by tracing back. Tracing-back platform Installing equipment to collect tracing-back (TB) data on the Internet and collecting TB data and compiling it on databases. Detection of true transmitting equipment by analyzing compiled data. Equipment to search TB data Equipment to analyze TB data 2Requirement to search TB data 1Requirement of Collecting TB data detection 3Result of search 4Result of Internet detection Database of compiling TB data Equipment to collect TB data including : below Equipment to collect packets Equipment to convert data (anonymizing, etc.) 6

8 Incident Analysis System: nicter(network Incident analysis Center for Tactical Emergency Response) Bot Macro analysis System (MacS) Virus Visualizing Engine Analysis Engine! Monitoring network attacks 3D Display World map Worm Phenomenon Macro-micro Correlation Analysis system Government organizations Report ! Correlation Analysis Engine Incident Reports Cause Incident Handling by Human Operator Internet Service Providers Collecting illegal code samples Micro analysis System (MicS) Static analysis of illegal code Dynamic analysis of illegal code! Honey pot End Users 7