--- Date: Sat, 13 Sep 2003 01:39:14 -0700 To: declanat_private From: gtat_private (Gohsuke Takama) X-Sender: metaaat_private Subject: US - JAPAN JOINT STATEMENT ON PROMOTING GLOBAL CYBER SECURITY, September 9, 2003, FINAL DRAFT Hi Declan, it looks like some talks were going on between the US and Japan gov on cybersecurity. I thought Politech readers might be interested. Gohsuke Takama ---- Tokyo, Sep 10, 2003 I was attending the US - Japan Informaion Systems & Network Security Forum which organized by in conjunction of US gov and Japanese gov. at the opening remarks, US Ambassador Howard Baker announced the "US - JAPAN JOINT STATEMENT ON PROMOTING GLOBAL CYBER SECURITY", made on September 9, 2003. as attached below. guest from the US are Paul Kurtz of US President Special Assistant at Homeland Security Council, Dr. Susan Zevin of NIST, Steven Chabinsky of FBI, Scott Charney of Microsoft. (full list below) - two major topics of the forum are: "Formulation of National Information Security Policy" "Public-Private Coordination in Information Security" some note: - in the joint statement, "...the international adoption of the Council of Europe Convention on Cybercrime." was writen in. the sentence has tones of the US and Japan both going to consider to adopt CoE Convention on Cybercrime, however, it is questionable that the US really adopt the Convention. ( according to what I heard from Privacy International people in London) - it was interesting that US President Special Assistant Paul Kurtz of US Homeland Security Council repeatedly addressed that DHS's cybersecurity is for cyber crimes, not for cyber terrorisms. - some may remember that Scott Charney of Microsoft used to be the head of the G8 group on cybercrime. - obviously there were no talks about OpenSource nor recently buzzed Japan/Korea/China joint effort of software development. actually, according to CNET Japan news, Scott Charney of MS had a speaking gig at METI institution a day before the forum. - while answering some question from the audience, Charney mentioned that number of Windows security hole exploits increase after the patch release. because there are chances that patch itself could be reverse engineered for developing attack methods. at least MS is aware of this. - Toshiyuki Takei of MPHPT(Soumusho) mentioned that it has a plan to estabrish Telecom-ISAC (<computer incident> Information Sharing and Analysis Center) which includes the idea of Wide Area Monitoring System. however, you can points out that this type of gov own Security Operation Centers need to have 3rd party oversight committee. because there is a risk of that the center could become surveillance facility used by law enforcements. - the forum speakers and panelists are: Howard Baker: US Ambassador Paul Kurtz: US Homeland Security Council Dr. Susan Zevin: NIST Steven Chabinsky: FBI Scott Charney: Microsoft Kazuhiro Sugita, Junji Yoshihara: Japan's Cabinet Secretaiat ViceMinister Nishikawa, Satoshi Iwata, Tomohiro Innami: METI Toshiyuki Takei: MPHPT Tomohiro Yamakawa: GBDe Spokesman/NTT Data Kazumasa Utashiro: IIJ -------------------------------------------------------------- UNITED STATES - JAPAN JOINT STATEMENT ON PROMOTING GLOBAL CYBER SECURITY September 9, 2003 FINAL DRAFT The increasing number of cyber attacks and the interdependence of global information networks places responsibility on all nations to respond to the challenge of securing critical information infrastructures. The Governments of Japan and the United States recognize the importance of ensuring the security and reliability of information systems and networks as well as both countries' roles as global leaders to create a "culture of security". To this end, the two Governments will share information and perspectives regarding the challenge of securing information systems and networks, and raise awareness and highlight best practices in addressing cybersecurity issues and the importance of public-private partnerships in implementing effective cybersecurity initiatives. Specifically, both Governments affirm that: - The Governments cannot alone sufficiently defend cyberspace. Critical infrastructure protection is a shared responsibility of the public and private sectors. - The Governments should foster public-private partnerships, which can be used to raise security awareness, train personnel, identify and remediate vulnerabilities, exchange information, and plan recovery operations. - The Governments should identify and empower a centralized authority able to develop and coordinate national cyber security policies and plans in a holistic intergovernmental manner to provide effective management and oversight of cybersecurity programs. - The Governments are encouraged to work within the appropriate multilateral fora - such as APEC, the G-8, and OECD - to implement cybersecurity and cybercrime recommendations and action plans that are adopted in these fora. - The Government should establish, via whatever means determined appropriate, watch and warning entities and mechanisms for the exchange of cyber incident warnings, vulnerability information, event analysis, and remediation. - The Governments should take an initiative to facilitate public-private partnerships in order to encourage the development of private sector cybersecurity initiatives. The United States and Japan affirm the importance of national approaches to cybersecurity, including an emphasis on a focal point within each Government for coordination efforts and partnerships with the private sector. The United States and Japan also affirm the importance of multilateral cooperation for cybersecurity, including the international adoption of the Council of Europe Convention on Cybercrime. In Japan, the Cabinet Secretariat's IT Security Office was established to develop countermeasures against cyber attacks and to protect e-government. The Government of Japan recognizes that the IT Security Office is the lead coordinator and focal point in the Japanese Government's cybersecurity efforts. As the Government of Japan recognized in its e-Japan II Strategy, it is vitally important to strengthen cooperation among the various government agencies involved in cyber-security by ensuring alternative operation of information systems, monitoring of operational situations full-time, creating a system for dealing with emergencies, and gathering and sharing information on information system security. Thus, the IT Security Office will be responsible for various activities, including advising Ministries in the development of coordinated information technology security policies, working with prefectural and local governments, and building public/private partnerships. The U.S. Department of Homeland Security's National Cyber Security Division is, among other things, the focal point for U.S. Government cybersecurity efforts to reduce the vulnerability of critical infrastructure or key resources, and it coordinates those efforts - including partnerships with the private sector and state/local governments - with relevant U.S. Departments and agencies. The Department also coordinates closely with the Department of State on international issues, which has the lead for U.S. foreign policy. The Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) lead the national effort to investigate and prosecute cybercrime. The Homeland Security Council (HSC) at the White House ensures coordination of all homeland security-related policy among federal and executive agencies to secure the homeland, including key critical physical and cyber infrastructure and assets. ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. ------------------------------------------------------------------------- To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ Like Politech? Make a donation here: http://www.politechbot.com/donate/ -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sun Sep 14 2003 - 23:51:49 PDT