BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Japan to Upgrade Its Cyberdefense Capabilities

From: Lee J <lee () riskbasedsecurity com>
Date: Mon, 30 Sep 2013 16:10:04 +1000
http://www.voanews.com/content/reu-japan-to-upgrade-its-cyberdefense-capabilities/1759595.html

Civil servants from across Japan recently gathered at Japan's Interior
Ministry to receive their first training session on how to defend
themselves against a cyber assault.

Japan has no central agency tasked with defending the nation in cyberspace,
and technicians from Japan's key ministries have been brought in to test
their skills.

Officials say the threat from hackers is rising and upping Japan's game is
increasingly urgent.

The country's Cabinet Secretariat, which staffs a small 24/7 cyber
surveillance team, says it detected 1,080,000 potential attacks against the
government's networks in 2012, for an average of about 3,000 potential
attacks daily.

That was nearly double the 660,000 incidents logged in 2011.

“There has been a spike in the number of targeted cyber attacks on the
Japanese government, so increasing our ability to deal with them is a
matter of urgency,” said Satoshi Murakami, an analyst at the Interior
Ministry.

Now Japan's defense ministry is adding cyberspace to the realm of national
defense, joining sea, air and land.

The ministry is seeking a budget increase to reorganize its loosely-spread
technicians into a centralized force of 100 cyber analysts.

However, so far it only monitors its own internal network, which safeguards
secrets from ballistic missile defense to joint technology development with
the U.S., and officials say it's struggling to handle even that.

“If you ask me what I need, I'd say I don't have enough people, equipment
or money to do the job. Every year cyber threats are getting more and more
complicated, and attacks like viruses have become increasingly difficult to
detect,” said Kazunori Kimura, head of cyber planning at Japan's defense
ministry.

“Cyber attacks are getting more and more sophisticated, and sometimes we
cannot defend against them using the systems we currently have in place,”
he added.

Experts say malicious software that infiltrates computer networks and
leaves behind spy programs has been successfully used in recent years
against Japan's space agency, national lawmakers and its finance and
agriculture ministries. A source close to the defense ministry's cyber
program says the ministry is attacked on a daily basis.

But, as yet, Japan has little idea where the hacking is coming from.

Analysts are prevented from following or countering hackers by laws that
prevent retaliation and the production of viruses.

That stops investigators from penetrating beyond computer systems that may
have been “hijacked” by hackers to disguise their real location.

“We've all got our hands tied by legislation here in Japan - we can't even
investigate who is doing the hacking. So even if the Defense Ministry was
hit by a cyber attack, they could do no more than a private sector company.
That is to say, they can only sit there and watch the attack. There's just
no way they can find out who did it, what their methods are, or what
country or organization they're from,” said Itsuro Nishimoto, head of
technology at LAC, a security company that advises many Japanese government
departments.

“They have a clear idea of what defines a physical attack, they know how to
respond if Japan's attacked with something like a missile. But in
cyberspace they've got no idea what to do. They don't know if some cyber
attacks could have a military purpose, or how Japan could respond to them
if so. It's not even being discussed,” he said.

The defense ministry says it is “studying” how it can respond to cyber
assaults.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: