CYBER IMMUNE SYSTEMS THAT

HELPS TRUST AND RELIABILITY,

HELPED BY CROSS BOARDER

CORPORATION Sao Paulo, Brazil

November 12, 2013

Dr. Makoto (Mac) Yokozawa

Nomura Research Institute, Ltd.(Japan)

Visiting Professor at Kyoto University

JISA, Japan Information Service Industry Association, Public Policy Subcommittee Chair

Dr. Makoto (Mac) YOKOZAWA Visiting Professor

Market and Organization Informatics Laboratory The Graduate School of Informatics

Kyoto University

Yoshida-Honcho, Kyoto 606-8501 Japan Voicemail & FAX +1-650-653-2501 +81-3-4496-6014

m-yokozawa@i.kyoto-u.ac.jp http://yokozawa.mois.asia/

0

11820047(08

)

1

ISSUES AROUND THE ICT

CO PYRIGHT M. YO KOZAWA 2

CYBER IMMUNE TECHNOLOGIES

Figure 2 Key Elements of a Simplified Immune System Artificial Immune Systems for Intrusion Detection, James McCaffrey,

“Microsoft MSDN Test Run”

Heuristics Based Antivirus Protection Software

(Commercial)

3

WHAT’S NEW AND WHAT’S OLD

Cyber Security Cyber Immunity

4

Protection before incidents

“In vitro” observation

Rules and Patterns Based

Filtering and Collaboration

Quick Response

Artificial

Resilience after incidents

“In vivo” observation

Heuristics and Knowledge Based

Filtering and Collaboration

Reorganizing the Ecosystem

Organic

WHY IMMUNE SYSTEM?

5

Maturity in Cyber Security to some extent,

New Fashion in Countermeasures for Cyber security

Incidents Increasing Number of Unknown Threats

Weak Literacy and Zero Literacy Nodes (IOT,M2M)

BYOD

Moving from Governance by Legislation to Governance by Market-base Principles and

Architecture

Reasons for Immunity Do not re-install the Windows, Repair and Reuse without Shutting down your Service

Targeted Attack and Advanced Persistent Attack will never end in a day, with a single

pattern

Backdoors everywhere - Embedding Spy Chips in Everyday Household Gadgets and

Appliances

Data Sovereignty and Data Ownership

HOW DO WE COLLABORATE IN CYBER

IMMUNITY?

Sharing Immunity

Forensics

Heuristics in Detection

Heuristics in Immunity

Meta Knowledge

New Network Structure and Technologies

IPv6

non-IP New Network Protocol

Resilient Structure

Redundant and Modular Network Connection

Privacy and Security Tradeoff Study

Security Improves Privacy Protection in many situation

Sometimes Privacy have to be sacrificed in order to improve Security

Security BY Design and Privacy BY Design --- need to Change the Architecture

Identity Management and Trust Framework

6

7

WHAT YOU SEE ON THE TABLE

8

9

Proposal from US-Japan Business to US-Japan Governments 2012 (1) Privacy

a. Balancing Protection and Utilization b. OECD Guideline on the Protection of Privacy and Cross boarder Flows of

Personal Data c. Public-Private Partnership in Privacy Protection, 3rd Country Issues,

Activities in International Institutes d. Regulatory Structure and Vitality in Cloud Business e. EU Data Protection Rules and APEC Cross Boarder Privacy Rules

(2) Information Security

a. “Security as a Service”, “Security in Cloud Services”, Trust and Cost b. Cloud Services and Devices, their New Aspects and New Threats in

Information Security c. Maturity and Immaturity in Security Awareness d. Security related Areas of Collaboration between US and Japan

• Developments of Security Enhancing Technology • Organizational Design in Operation • Organizational Management and Internal/External Communication • Education and Awareness Development • Quick Response and Resilience • Desktop Exercise and Evaluation of Maturity in Information Security

Yahoo! Japan: Active User: 25 mil. Yahoo! Premium member：7.6 mil.

Ｇｍａｉｌ Account170 mil.

Member: over 20 mil.

30 mil. in Japan (estimated)

9 mil. in Japan (estimated)

56 mil. subscriber

25 mil. subscriber

67 mil. Active:43 mil.

ＪＡＬ Ｍｉｌａｇｅ Ｂａｎｋ 20 mil.

32mil subscribers

ＮＩＫＫＥＩ ＩＤ 1 mil.

ID Federation Business is blooming in Japan (based on NRI’s track record in 2011)

Affiliated Contents provider

Affiliated Net shop

NIKKEI Career College

NIKKEI AD Tech

2 mil. members

More than 200 million IDs

Insurance

Real Estate

Telecom

EC

Membership-based site

News Media

Publishing

Nonlife Insurance

Air Career

Beverage

Telecom

Credit Card

Housing Rental

Travel Agent

Copyright（C） Nomura Research Institute, Ltd. All rights reserved. 11

Trust Framework should be the platform for the National Identification System in

Japan

Due to the absence of Trust

Framework (OITF) in Japan, NII

(National Institute of Informatics) needs

to get certified by an assessor working

for U.S. national identification system.

U.S. Japan E.U.

U.S. ver. of

Trust

Framework

Japan ver. Of

Trust

Framework

ID ID ID ID ID ID ID ID ID

E.U. ver. of

Trust

Framework

Link Link

U.S. Japan E.U.

U.S. ver. of

Trust

Framework

ID ID ID ID ID ID ID ID ID

E.U. ver. of

Trust

Framework

Link Link

NII

Link

Establishing Trust Framework (OITF)

in Japan, Japanese e-government can

be accessed by a private sectors ID.

Furthermore, it will enable Japanese

people to connect to the global

services.

As-Is To-Be Establishing Trust Framework in Japan