Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan.

Published byEaster Carpenter Modified over 8 years ago

Similar presentations

Presentation on theme: "Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan."— Presentation transcript:

1 Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan

2 Large-scale Accident in Critical Infrastructure  Typical Examples –Mizuho Bank ( 2002.4.1) –FDP at Tokyo ATC (2003.3.1)  Hard for Gov. to know what’s going on.→ first response is always in their hand.  Troubles/Accidents at Dependable infrastructure make huge impacts on our life.  Prevention  Response: minimize impact and involved areas  Learn from accidents: analysis and expertise (読売新聞:2002年4月3日報道写真)

3 Analysis on Inter-dependency among Critical Infrastructure By JST RISTEX Mission Program II Area with Large impact 0 hr.1 hr.12 hr.24 hr. Simulation on spreading impact on social systems in the case of critical accidents on core system of large scale bank in Japan (simulation)

4 Internet = Critical Infrastructure  Internet is critical infrastructure –Various kinds of our activities are now on the Internet. Online banking / reservations / shopping and commerce / money transfer / …. –We can’t imagine our life without the Internet.  “Dependable” infrastructure –What and how we can make this? –Need research

5 Internet: Global and Ubiquitous Infrastructure for Communication Communication Technology Wireless Satellite ATM Optical Fiber Copper Cable WDM/SDH ISDN Internet Technology CATV Cable Modem Society TCP/IP

6 Internet for Everything  Always connected with global address  New services with various kind of devices

7 Targets and Schedule of CEIIS Targets and Schedule of CEIIS Critical InfrastructureCompaniesIndividuals ◎ Establish Ground-Design of Japanese Information Security Policy ◎ Implement Effective Measures and Policy To be reliable for private sectors as their counter-party To be reliable in global arena Implement balanced investment toward technologies Keep transparency Maintain function as highly reliable infrastructure Keep verifiable design of function and business continuity Promote coordination and mutual assistance Support security-culture as major stakeholders Reach consensus in management and circulation methods of privacy information The First proposal (Oct/04) The Second Proposal (Mar/05) The Third Proposal (July/05) (1)Implementation Structure of Overall Information Security Policy (2)Measures for Government itself

8 Recommendations #1 (as of Nov. 2004)  “Information Security Policy Committee” (tentative name) –Under IT Strategy Headquarter –By FY2006 –Set mid / long term strategy –Recommendations –Evaluations  “National Information Security Center” (tentative name) –Operational guidelines for government systems –Audit and inspections –Response for IT incidents on government systems –Repository of “expertise”

9 E-government in 2005 (JP) Comm. Biz Edu. Transport National Resource National Resource Broadcast The Internet Various kind of digital communication infrastructure

10 http://www.e-gov.go.jp/  E-gov portal site –One stop service –Single window service –“online”

11 Targets and Schedule of CEIIS Targets and Schedule of CEIIS Critical InfrastructureCompaniesIndividuals ◎ Establish Ground-Design of Japanese Information Security Policy ◎ Implement Effective Measures and Policy To be reliable for private sectors as their counter-party To be reliable in global arena Implement balanced investment toward technologies Keep transparency Maintain function as highly reliable infrastructure Keep verifiable design of function and business continuity Promote coordination and mutual assistance Support security-culture as major stakeholders Reach consensus in management and circulation methods of privacy information The First proposal (Oct/04) The Second Proposal (Mar/05) The Third Proposal (July/05)

12 Catalyst: each ministries Sectors and Roles Government Local Government Critical infrastructure Companies Individuals Government “Culture of Security” Top down approach from Gov., Bottom up from private sectors

13 Top down & bottom up  Top down approach from Government –Standards and guidelines for procurement / installation / operation and responses –Critical Infrastructure Protection (CIP) –Minimum requirements on systems / networks –regulations  Bottom up approach from Private Sectors –Expertise from real operational systems –“Know How” on profitability / cost-down / actual operation / customizing systems / ….

14 Cabinet Secretariat FSAMETIMLITMPHPT Ele.FinanceGasTrainCommAir Critical Infrastructure Local Gov. Information flow

15 More works required  Exercise on Large scale accident –Within an identical infrastructure –With other infrastructures –We don’t know the effect of “Inter-dependency” Research required.  Awareness program –Classic / Legacy approach on generic security management –Changes on its systems drastically More computers and networks in their systems –Sharing Best Practices

16 Services Monitoring Traffic and access Other ISP’s X ISP Blocking the traffic Define their handlings in contract IT section Not enough expertise Out sourcing Top Management Decisions on business operations Attacker Conducting intentional activities Need to work globally Attack Traffic Forging source address Mission difficult (not impossible) (1) Improving Technology and Operation (2) Gov/Private Sector collaboration (3) Re-designing Security functions (4) HQ role (5) Learn more from accidents (6) Preparation / Prevention

17 Sharing Best Practices Best Practice developed through competition: high quality expertise on technology, engineering, and operation Distributing Best Practice Work with Non-profit area Improving business environment Private Sectors Government

18 Improving Information Sharing Government Critical Infrastructure Companies ISAC model? Inter-sector communication Anonymity / Responsibility Among Ministries LEA

19 Summary  Collaboration and mutual understandings on what we are doing is quite important among Government / private sector relationship  Need to do more –Improving information sharing –Exercises & Awareness –Research, esp. on analysis on “inter-dependency” among CI  CEIIS (Committee of Essensial Issues on Information Security) –Recommendations #2 by the end of FY2004 (Mar. 2005)

Download ppt "Protecting Our Infrastructure: utilizing everything we have. Suguru Yamaguchi Advisor on Information Security, Cabinet Secretariat, Government of Japan."

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Steps towards E-Government in Syria

Steps towards E-Government in Syria
Electronic commerce EDI (8 decade) – base of EC. 1994 – “Netscape” – propose SSL (Secure Sockets Layer) 1995 – “Amazon.com” “eBay.com” 1998 – DSL (Digital.

Electronic commerce EDI (8 decade) – base of EC – “Netscape” – propose SSL (Secure Sockets Layer) 1995 – “Amazon.com” “eBay.com” 1998 – DSL (Digital.
E-commerce Strategies

E-commerce Strategies
Thailand National Focal Point for IFCS Chemical Safety Section Food and Drug Administration Ministry of Public Health July 2003.

Thailand National Focal Point for IFCS Chemical Safety Section Food and Drug Administration Ministry of Public Health July 2003.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
A Case Study of Kenya’s National Broadband Strategy

A Case Study of Kenya’s National Broadband Strategy
Network/Technology Infrastructure Plan Section 5 – 6 – 7 As prepared for the TUSD Governing Board Summer 2007 John Bratcher Network Security Systems Analyst.

Network/Technology Infrastructure Plan Section 5 – 6 – 7 As prepared for the TUSD Governing Board Summer 2007 John Bratcher Network Security Systems Analyst.
INDUSTRIAL & SYSTEMS ENGINEERING

INDUSTRIAL & SYSTEMS ENGINEERING
15 - 1 Chapter 15 The Third Component: Powerful Networks.

Chapter 15 The Third Component: Powerful Networks.
Supply Chain Management

Supply Chain Management
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Copyright 2004 John Wiley & Sons, Inc.21 - 1 Information Technology: Strategic Decision Making For Managers Henry C. Lucas Jr. John Wiley & Sons, Inc Dinesh.

Copyright 2004 John Wiley & Sons, Inc Information Technology: Strategic Decision Making For Managers Henry C. Lucas Jr. John Wiley & Sons, Inc Dinesh.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.

1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
HSGP Funding for Security Efforts Presented by Michele Robinson.

HSGP Funding for Security Efforts Presented by Michele Robinson.
E-Business Romania Adriana Ţicău State Secretary for Information Technology Conferinţele Piaţa Financiară Bucharest, the 26 th of March 2002.

E-Business Romania Adriana Ţicău State Secretary for Information Technology Conferinţele Piaţa Financiară Bucharest, the 26 th of March 2002.
IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.

IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.

Similar presentations

Ads by Google