Session 4.2 Creation of national ICT security infrastructure
for developing countries
Industry-wide approach:
Raising awareness for ICT security
infrastructure
Miho Naganuma
Little eArth Corporation
Rapporteur Q3/17
Information Security Operators Group Japan (ISOG-J)
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
2
Issues in Cybersecurity
Together with rapid growth of economies, multirateral business relations are expanding and
connected.
Meanwhile, it also raises issues for the necessity of
secure network infrastructures with sophisticated
cybersecurity services.
We are facing an urgent crisis in a continuing effort
to raise awareness of cybersecurity


incident response planning against DDoS attacks, targeted
attacks including Advanced Persistent Threat (APT) attacks
with practice-based information
fast development of technologies for countermeasures
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
3
Issues in Cybersecurity (cont.)
Key issue : Information exchange
 Cybersecurity
information exchange and technical
collaboration
 Wide range of collaboration – International,
regional, national level and industry level
Developing international recommendation/
standards in Cybersecurity and information
exchange
industry-wide/unique collaboration
by Managed Security Service Providers
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
4
Information Security Operators Group Japan
1. Support for industry
a. Providing guideline for
service users
b. Research for related
legal, regulatory
requirements
2． Communications
a. Technical exchange
and update
b. workshop and
seminar
Building trust in the
community and enhance
active collaboration
http://www.jnsa.org/isog-j/e/
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
5
Organisation
Active
involvement of
related parties
New WG:
Security Operation
Information sharing
and collaboration
Government
support
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
6
Members organisations
Security Operation information sharing and
collaboration WG
Seeking “effective” information sharing and collaboration by




Providing information and analysis methodologies
Review actions with management view
Support actions with research view
Involving SOC Operators/Analyst, specialist for process management etc.
Information transmission enjoying the nature of neutrality
Consideration on the requirements for cybersecurity operation
collaboration



Obstacles toward the collaboration
Criteria of collaborating operations / sharing information
Actions to conquer the obstacles
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
8
Obstacles for information sharing
Differences between free-of-charge information and
charged one
Differences between contracted users and noncontracted ones
Disadvantageous to offer information first?
Difficulties to provide information even if the
information is wanted
Difficulties to acquire information due to separation
of operational unit
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
9
Case 1
Failed to re-utilise the collected information



Failed to find the reason to share the information
Lack of sense of purpose to continue the sharing
Trap of money as a purpose

the information sharing will be terminated when the monetary
relationship terminated
Failed to invoke any meaningful actions after gaining
some information from the logs of the other
companies

Value of Information possess
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
10
Case 2
Collaboration based on personal relationship
disappears when the person moves to the other
place




The information sharing is difficult if the boss/supervisor is
not supportive to the activities
It is difficult to advance the collaboration actively if we
cannot get any useful feedback for our customers
When the person in charge move to different department,
the hand-over procedure is not good enough
If sharing information itself becomes the objective, the
motivation of the operators at field will drop
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
11
Other obstacles
Different view of Technologies, and operations among
organizations


best to start from information sharing
collaboration will be next step
Internal relations vs External relations
Reluctant feeling to share information in Security-industry
Question what kind of information we want to share
Support from management level and department heads.


How does the information sharing and collaboration lead to the profit
of the company?
Merit for each organization need to be considered
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
12
Advantage of information sharing in ISOG-J
Members can




issue incident information with the name of ISOG-J
use both individual company name and ISOG-J name when
disclosing information depending on the situation
share the practices of certain incidents among members
share some trend information or some notes on that instead of
cybersecurity information itself
By disclosing information periodically from ISOG-J such
information becomes a reference source
From the viewpoint of education, it is beneficial to analyze
detection information over certain network collaboratively is
a good first step
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
13
Candidate solutions
1. Issuing threat analysis document for management
figures

Information on what kind of threats against IT system we have,
and what kind of business continuity risk they pose
2. Starting with sharing statistical information on logs
of IDS/IPS, NW appliances, servers etc.






Objective of sharing information and collaboration
Policy of the data handling
Manipulate the log so that sensitive information can be hidden
(such as user name)
Log information sharing scheme
Standard log format
With considering how we can take best advantage of the log
data of each company
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
14
Candidate solutions
3. Quantative information of incidents that are
detected


Gather incident information collected by SOCs
Member organisations get access to the information
4. Sharing Meta information instead of raw data
 Sensitive information including threads information
that is difficult to be disclosed can be shared
 General information can be shared to customers
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
15
Highlights for raising awareness
Industry–wide approach
 Involving
related parties for ICT infrastructure
security (Gov, Gov. agencies, CIRT, ISP, MSSP,
Security Vendors etc.)
 “Neutral” organisation/association
Communication in industries
 Encourage
bottom-up approach
 Analyse obstacles and make feasible scenarios and
candidate solutions
 Communication as education
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
16
www.jnsa.org/isog-j/en
Thank you
Contact: miho.naganuma@lac.co.jp
Geneva, 6-7 December 2010
Addressing security challenges on a global scale
17