X-Sender: declan@xxxxxxxxxxxxx
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
Date: Mon, 15 Sep 2003 02:20:52 -0400
To: politech@xxxxxxxxxxxxxxx
From: Declan McCullagh <declan@xxxxxxxx>
---
Date: Sat, 13 Sep 2003 01:39:14 -0700
To: declan@xxxxxxxx
From: gt@xxxxxxxxx (Gohsuke Takama)
X-Sender: metaa@xxxxxxxxxxxxx
Subject: US - JAPAN JOINT STATEMENT ON PROMOTING GLOBAL CYBER SECURITY,
September 9, 2003, FINAL DRAFT
Hi Declan,
it looks like some talks were going on between the US and Japan gov on
cybersecurity. I thought Politech readers might be interested.
Gohsuke Takama
----
Tokyo, Sep 10, 2003
I was attending the US - Japan Informaion Systems & Network Security Forum
which organized by in conjunction of US gov and Japanese gov. at the
opening remarks, US Ambassador Howard Baker announced the "US - JAPAN JOINT
STATEMENT ON PROMOTING GLOBAL CYBER SECURITY", made on September 9, 2003.
as attached below.
guest from the US are Paul Kurtz of US President Special Assistant at
Homeland Security Council, Dr. Susan Zevin of NIST, Steven Chabinsky of
FBI, Scott Charney of Microsoft. (full list below)
- two major topics of the forum are:
"Formulation of National Information Security Policy"
"Public-Private Coordination in Information Security"
some note:
- in the joint statement, "...the international adoption of the Council of
Europe Convention on Cybercrime." was writen in. the sentence has tones of
the US and Japan both going to consider to adopt CoE Convention on
Cybercrime, however, it is questionable that the US really adopt the
Convention. ( according to what I heard from Privacy International people
in London)
- it was interesting that US President Special Assistant Paul Kurtz of US
Homeland Security Council repeatedly addressed that DHS's cybersecurity is
for cyber crimes, not for cyber terrorisms.
- some may remember that Scott Charney of Microsoft used to be the head of
the G8 group on cybercrime.
- obviously there were no talks about OpenSource nor recently buzzed
Japan/Korea/China joint effort of software development. actually, according
to CNET Japan news, Scott Charney of MS had a speaking gig at METI
institution a day before the forum.
- while answering some question from the audience, Charney mentioned that
number of Windows security hole exploits increase after the patch release.
because there are chances that patch itself could be reverse engineered for
developing attack methods. at least MS is aware of this.
- Toshiyuki Takei of MPHPT(Soumusho) mentioned that it has a plan to
estabrish Telecom-ISAC (<computer incident> Information Sharing and
Analysis Center) which includes the idea of Wide Area Monitoring System.
however, you can points out that this type of gov own Security Operation
Centers need to have 3rd party oversight committee. because there is a risk
of that the center could become surveillance facility used by law
enforcements.
- the forum speakers and panelists are:
Howard Baker: US Ambassador
Paul Kurtz: US Homeland Security Council
Dr. Susan Zevin: NIST
Steven Chabinsky: FBI
Scott Charney: Microsoft
Kazuhiro Sugita, Junji Yoshihara: Japan's Cabinet Secretaiat
ViceMinister Nishikawa, Satoshi Iwata, Tomohiro Innami: METI
Toshiyuki Takei: MPHPT
Tomohiro Yamakawa: GBDe Spokesman/NTT Data
Kazumasa Utashiro: IIJ
--------------------------------------------------------------
UNITED STATES - JAPAN JOINT STATEMENT ON PROMOTING GLOBAL CYBER SECURITY
September 9, 2003
FINAL DRAFT
The increasing number of cyber attacks and the interdependence of global
information networks places responsibility on all nations to respond to the
challenge of securing critical information infrastructures. The Governments
of Japan and the United States recognize the importance of ensuring the
security and reliability of information systems and networks as well as
both countries' roles as global leaders to create a "culture of security".
To this end, the two Governments will share information and perspectives
regarding the challenge of securing information systems and networks, and
raise awareness and highlight best practices in addressing cybersecurity
issues and the importance of public-private partnerships in implementing
effective cybersecurity initiatives.
Specifically, both Governments affirm that:
- The Governments cannot alone sufficiently defend cyberspace. Critical
infrastructure protection is a shared responsibility of the public and
private sectors.
- The Governments should foster public-private partnerships, which can be
used to raise security awareness, train personnel, identify and remediate
vulnerabilities, exchange information, and plan recovery operations.
- The Governments should identify and empower a centralized authority able
to develop and coordinate national cyber security policies and plans in a
holistic intergovernmental manner to provide effective management and
oversight of cybersecurity programs.
- The Governments are encouraged to work within the appropriate
multilateral fora - such as APEC, the G-8, and OECD - to implement
cybersecurity and cybercrime recommendations and action plans that are
adopted in these fora.
- The Government should establish, via whatever means determined
appropriate, watch and warning entities and mechanisms for the exchange of
cyber incident warnings, vulnerability information, event analysis, and
remediation.
- The Governments should take an initiative to facilitate public-private
partnerships in order to encourage the development of private sector
cybersecurity initiatives.
The United States and Japan affirm the importance of national approaches to
cybersecurity, including an emphasis on a focal point within each
Government for coordination efforts and partnerships with the private
sector. The United States and Japan also affirm the importance of
multilateral cooperation for cybersecurity, including the international
adoption of the Council of Europe Convention on Cybercrime.
In Japan, the Cabinet Secretariat's IT Security Office was established to
develop countermeasures against cyber attacks and to protect e-government.
The Government of Japan recognizes that the IT Security Office is the lead
coordinator and focal point in the Japanese Government's cybersecurity
efforts. As the Government of Japan recognized in its e-Japan II Strategy,
it is vitally important to strengthen cooperation among the various
government agencies involved in cyber-security by ensuring alternative
operation of information systems, monitoring of operational situations
full-time, creating a system for dealing with emergencies, and gathering
and sharing information on information system security. Thus, the IT
Security Office will be responsible for various activities, including
advising Ministries in the development of coordinated information
technology security policies, working with prefectural and local
governments, and building public/private partnerships.
The U.S. Department of Homeland Security's National Cyber Security Division
is, among other things, the focal point for U.S. Government cybersecurity
efforts to reduce the vulnerability of critical infrastructure or key
resources, and it coordinates those efforts - including partnerships with
the private sector and state/local governments - with relevant U.S.
Departments and agencies. The Department also coordinates closely with the
Department of State on international issues, which has the lead for U.S.
foreign policy. The Department of Justice (DOJ) and the Federal Bureau of
Investigation (FBI) lead the national effort to investigate and prosecute
cybercrime. The Homeland Security Council (HSC) at the White House ensures
coordination of all homeland security-related policy among federal and
executive agencies to secure the homeland, including key critical physical
and cyber infrastructure and assets.
-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
-------------------------------------------------------------------------
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
Like Politech? Make a donation here: http://www.politechbot.com/donate/
-------------------------------------------------------------------------