Vulnerability Analysis of information systems (Modeling of interaction between information systems and social infrastructures)

Similar documents
Clarifying the Function of the Emergency Mapping Team in order to Allocate the Limited Resources in the Time of 2011 Great East Japan Earthquake

Information Security Policies in Japan

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

Agenda. 1. 5G Brasil Structure 2. Scenarios 3. Vertical Markets 4. Technological Trends 5. 5G at Inatel 6. Conclusions

FRAMEWORK FOR CYBER INCIDENT RESPONSE TRAINING

Business Continuity. Policies. Promotion Framework

Activities of ALOS Application to Disaster Management in Japan

Perspectives from the U.S. Federal Communications Commission: Lessons Learned on ICTs in Disaster Prevention and Relief

Inter-cloud computing: Use cases and requirements lessons learned 3.11

Resilient Networks in Japan

Mississippi Emergency Management Agency. Shawn Wise. Office Of Preparedness

Drinking Water Emergency Management Ministry of the Environment 2012 Drinking Water Leadership Summit October 25, 2012

Investment Opportunities in Japan. June 1, 2016 Kazuya Nakajo Director General Invest Japan Department Japan External Trade Organization (JETRO)

Through the Experience of Great East Japan Earthquake/Tsunami 3.11

ITS (Intelligent Transportation Systems) Solutions

Aggregation of WSRP Channels on Eclipse Rich Client Platform

Max Security Solutions

Progress in Disaster Risk Reduction through Multi-National Cooperation in Asia

JOINT RESEARCH PROJECT ON THE DISASTER MITIGATING INFORMATION SHARING PLATFORM AND ITS APPLICATION TO A TEST FIELD

Emergency Telecommunications as the ASP Regional Initiative

Resilience at JRC. Naouma Kourti. Dep. Head of Unit. Technology Innovation in security Security, Space and Migration Directorate

Strengthening Disaster Readiness. Moving from capacity to capability

Inter-Cloud Computing and Networking for Secure Social Infrastructure

Japan s Common Vocabulary Policy. Takashi Wada Ministry of Economy, Trade and Industry May 2015

Resilience of Infrastructure Networks

Development of the framework for disaster mitigating information sharing platform and its application to a local government

Homeland Security and Geographic Information Systems

Investing in Japan Speech by Shuichi Hirano Managing Director, JETRO Sydney. Copyright (C) 2015 JETRO. All rights reserved.

Recovery and Reconstruction. towards disaster resilient communities - from lessons learnt in Japan - 24 August 2004.

RINGS INC. Corporate Profile

Integrated Support Center for Nuclear Non-Proliferation and Nuclear Security. 3 rd February Masao Senzaki Japan Atomic Energy Agency

Overall View and Collaborative Creation Activities for a Safe and Secure Society

Development of explosives detection technology to automatically detect explosive substances adhering to carry-on luggage

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

A new MAC protocol for reducing effect of needless transmission deferment induced by missed RTS/CTS handshake

The Australian Government s Approach to Critical Infrastructure Resilience

GOVERNMENT IT: FOCUSING ON 5 TECHNOLOGY PRIORITIES

Succeeded: World's fastest 600Gbps per lambda optical. transmission with 587Gbps data transfer

評価調査結果要約表 ( 英文 ) I. Outline of the Project

Introduction of CICC activities

A Critical cogitation on Critical Information Infrastructure

Issues in Info-communications

HFA Implementation Review Simplified Version for ACDR2010

BULGARIAN STRATEGY AND POLICY FOR 5G

Japan s activities for security and safety of IoT systems

Space Policy of Japan. Mar National Space Policy Secretariat Cabinet Office of Japan

Promoting Quality Infrastructure Investment in Africa

General Framework for Secure IoT Systems

White Paper: Next generation disaster data infrastructure CODATA LODGD Task Group 2017

Earthquake Preparedness

IPv6 Migration Framework Case of Institutions in Ethiopia

A PROTOTYPE IMPLEMENTATION OF VPN ENABLING USER-BASED MULTIPLE ASSOCIATION

DISASTER RISK REDUCTION AND MANAGEMENT USING ICT

Current Status and Prospect of Information Technology Development in Vietnam

A Case Study about IFEZ(Song-do) Smart-City. Ryan LEE

Progress of Regional Cooperation in the Field of Disaster Risk Reduction in Asia

Science, Technology and Innovation Policy of Japan - Promotion of Automated Driving System - Kazuo Kyuma

Why Japan? Masashi Nakazono JETRO Genève. Prepared for Handelskammer beider Basel & JETRO seminar on 4 Nov 2016

A Concept of Community Care System and Community Information Network

ICTs for inclusive social and economic development in Japan

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

Promoting Quality Infrastructure Investment

Connecting the Connectivities Symposium 11 June Thailand

Resolution adopted by the General Assembly. [without reference to a Main Committee (A/62/L.30 and Add.1)]

The Information Security Guideline for SMEs in Korea

Provisional Translation

Resolution adopted by the General Assembly on 14 December [without reference to a Main Committee (A/61/L.44 and Add.1)]

Development of Information Security-Focused Incident Prevention Measures for Critical Information Infrastructure in Japan

How to communicate with your government - Lessons from Japan -

Mississippi Emergency Management Agency. Brittany Hilderbrand & Kamika Durr. Office Of Preparedness

Improving Resilience and Acceptance of Large

Area Business Continuity Management Scalable Cross Sector Coordination Framework of Disaster Management for Business Continuity

Joint Research Project on Disaster Reduction using Information Sharing Technologies

RESILIENT AMERICA ROUNDTABLE: PARTNERING WITH COMMUNITIES TO BUILD RESILIENCE

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

The UNISDR Private Sector Alliance for Disaster Resilient Societies

Business Continuity Plan (BCP) in Case of an Emergency

On Layered VPN Architecture for Enabling User-Based Multiply Associated VPNs

RECCA Nagoya RECCA_MAPS_Nagoya DIAS en

IMPACT OF 5G CANTO 2018 PANAMA CITY, PANAMA JULY 28, 2018

OUTLINE of NICT. ~ INTRODUCTION of R&D ACTIVITIES for INFORMATION SECURITY ~

KOBE REPORT draft Report of Session 5.4, Thematic Cluster 5. Telecommunications Saves Lives: role of information and communication technologies

ITU Kaleidoscope 2013 Building Sustainable Communities Sustaining

using a case study involving the Japanese critical infrastructure sectors.

Tsunami Recovery Status Report Sri Lanka. Presented By Hon. Mahinda Samarasinghe Minister of Disaster Management And Human Rights

INTEGRATION OF IMAGERIES IN GIS FOR DISASTER PREVENTION SUPPORT SYSTEM

Bradford J. Willke. 19 September 2007

Japan s s Broadband Policy. Ministry of Public Management, Home Affairs, Posts and Telecommunications

Emergency Management BCERMS Orientation

Accelerating Innovation and Collaboration for the Next Stage

TURNING STRATEGIES INTO ACTION DISASTER MANAGEMENT BUREAU STRATEGIC PLAN

Hazard Management Cayman Islands

PROTECTING ARIZONA AGAINST CYBER THREATS THE ARIZONA CYBERSECURITY TEAM

UPU UNIVERSAL POSTAL UNION. CA C 4 SDPG AHG DRM Doc 3. Original: English COUNCIL OF ADMINISTRATION. Committee 4 Development Cooperation

A High-Performance Platform for Real-Time Data Processing and Extreme-Scale Heterogeneous Data Management

Applying Mitigation. to Build Resilient Communities

Overview. Objectives. Components. Information and Communication Technologies Sector Development Project. Project

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Valérie Andrianavaly European Commission DG INFSO-A3

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Transcription:

Vulnerability Analysis of information systems (Modeling of interaction between information systems and social infrastructures) Ichiro Murase Team Leader of Security Technology Team, Information Technology Research Department, Mitsubishi Research Institute, Inc. 1

Mission oriented program 2 MEXT Ministry of Education, Culture, Sports, Science and Technology JST Japan Science and Technology Agency Head Office RISTEX Research Institute of Technology for Society Mission Oriented Program 1 Establish a knowledge system for solving social problems of safety and realizing the ideal social system Mission Oriented Program 2 "Challenges in identifying vulnerabilities hidden in our highly sophisticated information society and exploring solutions" Director: Norihisa Doi (Professor, Faculty of Science and Engineering, Chuo University) Assistant Director: Suguru Yamaguchi (Professor, Graduate School of Information Science, Nara Institute of Science and Technology) 2

Hazard Map for natural disaster Example Simulation on lava flow in case of Mt. Fuji s eruption 3

Situation surrounding information systems Information systems had been the social infrastructure Social Effect would be very huge in case of CII accidents. Black box IT is the black box for many people by using general purpose products. Popularization The Internet had popularized Information systems. Complexity Information systems have very complex technologies. Interdependency Connecting systems had increased interdependence among information systems. Jan 2003 Aug 2003 Aug 2003 May 2004 - Increased effects of CII accidents - Emergence of CII accidents beyond calculation the Internet down by Computer Virus Slammer in Korea North America s Blackout Big confusion by Computer Virus Blaster in Japan Big confusion by one telecom carrier s accident in Japan 4

To Minimize effects of Information systems accident Characteristics on measures against Information systems accident in Japan - Problems on government, local government and CII - Measure of individual corporate without outer collaborations - Only turnaround without fundamental solutions - Bureaucratism on policy execution In case of Information systems accident - Turnarounds by each company - Difficulty in using knowledge on past cases - Difficulty in estimating effectiveness etc. Measures beyond individual corporate frameworks Need for understanding effects of CII Information systems accident Hazard map for Information systems accident Accumulation of knowledge by constructing database 5

Hazard map for information systems accident Hazard map is a tool that we can survey vulnerabilities on advanced information society and effects of information systems accident. In case of social accidents including a big earthquake, terrorism and natural disaster, we can analyze vulnerabilities on advanced information society and effects of information systems accident by simulating effects of social accidents. 6

Output image of Hazard map for information systems accident Simulation in case of information systems accident caused by blackout in Tokyo 12 hours later Blackout happens 24 hours later Map of Kanto are in Japan 1 hour later Areas that have large influences of Information systems accident caused by blackout 7

Vulnerabilities on advanced information society in Japan Information Systems in Japan much depend on power sector and communication sector. Other Sectors Financial, Transportation, etc. Telecommunication Sector Power Sector 8

Goal of Hazard Map for information systems accident Goal Hazard Map should show that information systems in Japan much depend on power sector and telecommunication sector. Points We would survey effects of large blackout on information systems. Despite there are many servers at data centers that have backup powers, client terminals have no backup powers, it would disturb stability of information systems. Information systems accident in Tokyo area would spread throughout all Japan. 9

Precondition 1 # Power sector 1) Regarding power supply network data, use the disclosure of information 2) Categorize large blackout as below; - all day blackout around whole metropolitan area - quarter day blackout around whole metropolitan area - all day blackout around one religion( about 20km in radius) - quarter day blackout around one religion( about 20km in radius) # Telecommunication sector 1) Regarding telecommunication backbone data in Japan, refer to WHITE PAPER Information and Communications in Japan 2002 2) Assume network structure as below; - backbone network established by main switching equipments set on each prefecture - edge network established between main switching equipments and local switching equipments set on each town 3) Serious trouble in each prefecture in case of main switching equipment accident 4) Serious trouble in town in case of local switching equipment accident 10

Precondition 2 # Relationship between power sector and telecommunication sector 1) No influence of blackouts on main switching equipments that have backup power unit 2) Big influence of blackouts on local switching equipments that have no strong backup power unit # General information systems 1) Assume Japanese Top 2000 companies 2) Assume information systems structure as below; - Main office in Tokyo, Main server in Tokyo - 3 typical patterns as below; type A: local offices at all prefectures( 10%) type B: local offices at 10 main cities( 70% ) type C: local offices at Tokyo, Osaka and Nagoya(20%) 3) Duplex network among offices at critical infrastructure companies 4) No-duplex network among offices 5) No influence of blackouts on servers in local offices at 10 main cities that have backup power unit 6) Big influence of blackouts on servers in local offices at prefectures that have no strong backup power unit 7) No connection between client terminal and UPS or backup power unit 11

Simulation Scenario 1. Large blackout in Tokyo area 2. Serious troubles in telecommunication sector 3. Influences on information systems in other sector #Assume relationship among offices by using Statistics on Information and Communication by Ministry of Internal Affairs and Communications 12

Output image 1 minute later 5 minutes later Influence of blackout on information systems 13

Telecommunication carrier s backbone network structure in Japan WHITE PAPER Information and Communications in Japan 2002 14

Power supply network in Japan http://www.fepc.or.jp/menu/hatsuden/hatsuden8.html 15

Prototype of Simulation on Information systems accident AnyLogic 5.0 (simulation software product) Developing prototype of simulation on information systems accident Focusing on huge blackout in Tokyo area Depending on power sector and communication sector This research is funded by RISTEX (Research Institute of Technology for Society ) of JST( Japan Science and Technology Agency). RISTEX promotes mission oriented program 2. The title of mission oriented program 2 is "Challenges in identifying vulnerabilities hidden in our highly sophisticated information society and exploring solutions. 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback