Final draft of U.S. - Japan joint statement on "cybersecurity"

[Dave Farber <dave () farber net>]

> X-Sender: declan () mail well com
> X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
> Date: Mon, 15 Sep 2003 02:20:52 -0400
> To: politech () politechbot com
> From: Declan McCullagh <declan () well com>
>
>
>
>
> ---
>
> Date: Sat, 13 Sep 2003 01:39:14 -0700
> To: declan () well com
> From: gt () twics com (Gohsuke Takama)
> X-Sender: metaa () tkm att ne jp
> Subject: US - JAPAN JOINT STATEMENT ON PROMOTING GLOBAL CYBER SECURITY,
>  September 9, 2003, FINAL DRAFT
>
> Hi Declan,
> it looks like some talks were going on between the US and Japan gov on
> cybersecurity. I thought Politech readers might be interested.
>
> Gohsuke Takama
> ----
> Tokyo, Sep 10, 2003
>
> I was attending the US - Japan Informaion Systems & Network Security Forum
> which organized by in conjunction of US gov and Japanese gov. at the
> opening remarks, US Ambassador Howard Baker announced the "US - JAPAN JOINT
> STATEMENT ON PROMOTING GLOBAL CYBER SECURITY", made on September 9, 2003.
> as attached below.
>
> guest from the US are Paul Kurtz of US President Special Assistant at
> Homeland Security Council, Dr. Susan Zevin of NIST, Steven Chabinsky of
> FBI, Scott Charney of Microsoft. (full list below)
> - two major topics of the forum are:
>  "Formulation of National Information Security Policy"
>  "Public-Private Coordination in Information Security"
>
> some note:
> - in the joint statement, "...the international adoption of the Council of
> Europe Convention on Cybercrime." was writen in. the sentence has tones of
> the US and Japan both going to consider to adopt CoE Convention on
> Cybercrime, however, it is questionable that the US really adopt the
> Convention. ( according to what I heard from Privacy International people
> in London)
>
> - it was interesting that US President Special Assistant Paul Kurtz of US
> Homeland Security Council repeatedly addressed that DHS's cybersecurity is
> for cyber crimes, not for cyber terrorisms.
>
> - some may remember that Scott Charney of Microsoft used to be  the head of
> the G8 group on cybercrime.
>
> - obviously there were no talks about OpenSource nor recently buzzed
> Japan/Korea/China joint effort of software development. actually, according
> to CNET Japan news, Scott Charney of MS had a speaking gig at METI
> institution a day before the forum.
>
> - while answering some question from the audience, Charney mentioned that
> number of Windows security hole exploits increase after the patch release.
> because there are chances that patch itself could be reverse engineered for
> developing attack methods. at least MS is aware of this.
>
> - Toshiyuki Takei of MPHPT(Soumusho) mentioned that it has a plan to
> estabrish Telecom-ISAC (<computer incident> Information Sharing and
> Analysis Center) which includes the idea of Wide Area Monitoring System.
> however, you can points out that this type of gov own Security Operation
> Centers need to have 3rd party oversight committee. because there is a risk
> of that the center could become surveillance facility used by law
> enforcements.
>
> - the forum speakers and panelists are:
>   Howard Baker: US Ambassador
>   Paul Kurtz: US Homeland Security Council
>   Dr. Susan Zevin: NIST
>   Steven Chabinsky: FBI
>   Scott Charney: Microsoft
>   Kazuhiro Sugita, Junji Yoshihara: Japan's Cabinet Secretaiat
>   ViceMinister Nishikawa, Satoshi Iwata, Tomohiro Innami: METI
>   Toshiyuki Takei: MPHPT
>   Tomohiro Yamakawa: GBDe Spokesman/NTT Data
>   Kazumasa Utashiro: IIJ
>
>
> --------------------------------------------------------------
> UNITED STATES - JAPAN JOINT STATEMENT ON PROMOTING GLOBAL CYBER SECURITY
> September 9, 2003
> FINAL DRAFT
>
> The increasing number of cyber attacks and the interdependence of global
> information networks places responsibility on all nations to respond to the
> challenge of securing critical information infrastructures. The Governments
> of Japan and the United States recognize the importance of ensuring the
> security and reliability of information systems and networks as well as
> both countries' roles as global leaders to create a "culture of security".
> To this end, the two Governments will share information and perspectives
> regarding the challenge of securing information systems and networks, and
> raise awareness and highlight best practices in addressing cybersecurity
> issues and the importance of public-private partnerships in implementing
> effective cybersecurity initiatives.
>
> Specifically, both Governments affirm that:
>
> - The Governments cannot alone sufficiently defend cyberspace. Critical
> infrastructure protection is a shared responsibility of the public and
> private sectors.
>
> - The Governments should foster public-private partnerships, which can be
> used to raise security awareness, train personnel, identify and remediate
> vulnerabilities, exchange information, and plan recovery operations.
>
> - The Governments should identify and empower a centralized authority able
> to develop and coordinate national cyber security policies and plans in a
> holistic intergovernmental manner to provide effective management and
> oversight of cybersecurity programs.
>
> - The Governments are encouraged to work within the appropriate
> multilateral fora - such as APEC, the G-8, and OECD - to implement
> cybersecurity and cybercrime recommendations and action plans that are
> adopted in these fora.
>
> - The Government should establish, via whatever means determined
> appropriate, watch and warning entities and mechanisms for the exchange of
> cyber incident warnings, vulnerability information, event analysis, and
> remediation.
>
> - The Governments should take an initiative to facilitate public-private
> partnerships in order to encourage the development of private sector
> cybersecurity initiatives.
>
> The United States and Japan affirm the importance of national approaches to
> cybersecurity, including an emphasis on a focal point within each
> Government for coordination efforts and partnerships with the private
> sector. The United States and Japan also affirm the importance of
> multilateral cooperation for cybersecurity, including the international
> adoption of the Council of Europe Convention on Cybercrime.
>
> In Japan, the Cabinet Secretariat's IT Security Office was established to
> develop countermeasures against cyber attacks and to protect e-government.
> The Government of Japan recognizes that the IT Security Office is the lead
> coordinator and focal point in the Japanese Government's cybersecurity
> efforts. As the Government of Japan recognized in its e-Japan II Strategy,
> it is vitally important to strengthen cooperation among the various
> government agencies involved in cyber-security by ensuring alternative
> operation of information systems, monitoring of operational situations
> full-time, creating a system for dealing with emergencies, and gathering
> and sharing information on information system security. Thus, the IT
> Security Office will be responsible for various activities, including
> advising Ministries in the development of coordinated information
> technology security policies, working with prefectural and local
> governments, and building public/private partnerships.
>
> The U.S. Department of Homeland Security's National Cyber Security Division
> is, among other things, the focal point for U.S. Government cybersecurity
> efforts to reduce the vulnerability of critical infrastructure or key
> resources, and it coordinates those efforts - including partnerships with
> the private sector and state/local governments - with relevant U.S.
> Departments and agencies. The Department also coordinates closely with the
> Department of State on international issues, which has the lead for U.S.
> foreign policy. The Department of Justice (DOJ) and the Federal Bureau of
> Investigation (FBI) lead the national effort to investigate and prosecute
> cybercrime. The Homeland Security Council (HSC) at the White House ensures
> coordination of all homeland security-related policy among federal and
> executive agencies to secure the homeland, including key critical physical
> and cyber infrastructure and assets.
>
>
>
>
> -------------------------------------------------------------------------
> POLITECH -- Declan McCullagh's politics and technology mailing list
> You may redistribute this message freely if you include this notice.
> -------------------------------------------------------------------------
> To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
> This message is archived at http://www.politechbot.com/
> Declan McCullagh's photographs are at http://www.mccullagh.org/
> Like Politech? Make a donation here: http://www.politechbot.com/donate/
> -------------------------------------------------------------------------

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/