http://www.asahi.com/english/Herald-asahi/TKY200506150322.html By KOJI NISHIMURA The Asahi Shimbun 06/15/2005 Some of Japan's leading companies are about to deliberately set themselves up for sneak cyber attacks-but it's all part of a government plan to improve corporate online security. Under the plan starting next fiscal year, "legitimate" hackers will use typical cyber-attack methods-such as trying to infiltrate corporate networks or inundating Web sites with hits-to expose vulnerabilities. Their first targets will be in the telecommunications industry. It may sound like a frightening misuse of authority, but businesses should have nothing to fear as the "targets" will be limited to corporations that volunteer for the drills. The three-year program, with a budget of about 1.5 billion yen for the first year alone, is the brainchild of the Ministry of Internal Affairs and Communications, which oversees Internet service providers and other businesses. The mock attacks are aimed at helping businesses arm themselves against real cyber attacks by exposing system weaknesses and training personnel, sources said. Internet service providers already use sophisticated anti-virus software, firewalls and other protection against the rising threat of cyber attacks. But it is hard to tell how effective measures are until a hacker gets through. Another problem is businesses have little experience in working together to prevent damage from spreading, the sources said. The vulnerability of Internet businesses was demonstrated when Kakaku.com's database was invaded by a hacker in May, forcing the nation's top price-comparison Web site to shut down for about a week. The ministry plan includes setting up a task force of information security experts from universities and other institutions. Over several weeks, the team will stage surprise attacks on businesses that apply to take part. Because the attack will end when infiltration succeeds, it will not cause real damage to systems or data leaks, according to the sources. Through the exercise, companies will learn not only where problems lie, but also how well their crisis management plans work, the sources said. They can check when and how problems were detected and whether responses, including internal and external liaison, were adequate. The findings will be released publicly with the aim of improving anti-hacker protection. Participants' names won't be revealed, the sources said.(IHT/Asahi: June 15,2005) _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jun 16 2005 - 00:44:27 PDT