FC: Final draft of U.S. - Japan joint statement on "cybersecurity"

From: Declan McCullagh (declanat_private)
Date: Sun Sep 14 2003 - 23:20:52 PDT

  • Next message: Declan McCullagh: "FC: Richard Forno article on "high tech heroin""

    Date: Sat, 13 Sep 2003 01:39:14 -0700
    To: declanat_private
    From: gtat_private (Gohsuke Takama)
    X-Sender: metaaat_private
      September 9, 2003, FINAL DRAFT
    Hi Declan,
    it looks like some talks were going on between the US and Japan gov on
    cybersecurity. I thought Politech readers might be interested.
    Gohsuke Takama
    Tokyo, Sep 10, 2003
    I was attending the US - Japan Informaion Systems & Network Security Forum
    which organized by in conjunction of US gov and Japanese gov. at the
    opening remarks, US Ambassador Howard Baker announced the "US - JAPAN JOINT
    as attached below.
    guest from the US are Paul Kurtz of US President Special Assistant at
    Homeland Security Council, Dr. Susan Zevin of NIST, Steven Chabinsky of
    FBI, Scott Charney of Microsoft. (full list below)
    - two major topics of the forum are:
      "Formulation of National Information Security Policy"
      "Public-Private Coordination in Information Security"
    some note:
    - in the joint statement, "...the international adoption of the Council of
    Europe Convention on Cybercrime." was writen in. the sentence has tones of
    the US and Japan both going to consider to adopt CoE Convention on
    Cybercrime, however, it is questionable that the US really adopt the
    Convention. ( according to what I heard from Privacy International people
    in London)
    - it was interesting that US President Special Assistant Paul Kurtz of US
    Homeland Security Council repeatedly addressed that DHS's cybersecurity is
    for cyber crimes, not for cyber terrorisms.
    - some may remember that Scott Charney of Microsoft used to be  the head of
    the G8 group on cybercrime.
    - obviously there were no talks about OpenSource nor recently buzzed
    Japan/Korea/China joint effort of software development. actually, according
    to CNET Japan news, Scott Charney of MS had a speaking gig at METI
    institution a day before the forum.
    - while answering some question from the audience, Charney mentioned that
    number of Windows security hole exploits increase after the patch release.
    because there are chances that patch itself could be reverse engineered for
    developing attack methods. at least MS is aware of this.
    - Toshiyuki Takei of MPHPT(Soumusho) mentioned that it has a plan to
    estabrish Telecom-ISAC (<computer incident> Information Sharing and
    Analysis Center) which includes the idea of Wide Area Monitoring System.
    however, you can points out that this type of gov own Security Operation
    Centers need to have 3rd party oversight committee. because there is a risk
    of that the center could become surveillance facility used by law
    - the forum speakers and panelists are:
       Howard Baker: US Ambassador
       Paul Kurtz: US Homeland Security Council
       Dr. Susan Zevin: NIST
       Steven Chabinsky: FBI
       Scott Charney: Microsoft
       Kazuhiro Sugita, Junji Yoshihara: Japan's Cabinet Secretaiat
       ViceMinister Nishikawa, Satoshi Iwata, Tomohiro Innami: METI
       Toshiyuki Takei: MPHPT
       Tomohiro Yamakawa: GBDe Spokesman/NTT Data
       Kazumasa Utashiro: IIJ
    September 9, 2003
    The increasing number of cyber attacks and the interdependence of global
    information networks places responsibility on all nations to respond to the
    challenge of securing critical information infrastructures. The Governments
    of Japan and the United States recognize the importance of ensuring the
    security and reliability of information systems and networks as well as
    both countries' roles as global leaders to create a "culture of security".
    To this end, the two Governments will share information and perspectives
    regarding the challenge of securing information systems and networks, and
    raise awareness and highlight best practices in addressing cybersecurity
    issues and the importance of public-private partnerships in implementing
    effective cybersecurity initiatives.
    Specifically, both Governments affirm that:
    - The Governments cannot alone sufficiently defend cyberspace. Critical
    infrastructure protection is a shared responsibility of the public and
    private sectors.
    - The Governments should foster public-private partnerships, which can be
    used to raise security awareness, train personnel, identify and remediate
    vulnerabilities, exchange information, and plan recovery operations.
    - The Governments should identify and empower a centralized authority able
    to develop and coordinate national cyber security policies and plans in a
    holistic intergovernmental manner to provide effective management and
    oversight of cybersecurity programs.
    - The Governments are encouraged to work within the appropriate
    multilateral fora - such as APEC, the G-8, and OECD - to implement
    cybersecurity and cybercrime recommendations and action plans that are
    adopted in these fora.
    - The Government should establish, via whatever means determined
    appropriate, watch and warning entities and mechanisms for the exchange of
    cyber incident warnings, vulnerability information, event analysis, and
    - The Governments should take an initiative to facilitate public-private
    partnerships in order to encourage the development of private sector
    cybersecurity initiatives.
    The United States and Japan affirm the importance of national approaches to
    cybersecurity, including an emphasis on a focal point within each
    Government for coordination efforts and partnerships with the private
    sector. The United States and Japan also affirm the importance of
    multilateral cooperation for cybersecurity, including the international
    adoption of the Council of Europe Convention on Cybercrime.
    In Japan, the Cabinet Secretariat's IT Security Office was established to
    develop countermeasures against cyber attacks and to protect e-government.
    The Government of Japan recognizes that the IT Security Office is the lead
    coordinator and focal point in the Japanese Government's cybersecurity
    efforts. As the Government of Japan recognized in its e-Japan II Strategy,
    it is vitally important to strengthen cooperation among the various
    government agencies involved in cyber-security by ensuring alternative
    operation of information systems, monitoring of operational situations
    full-time, creating a system for dealing with emergencies, and gathering
    and sharing information on information system security. Thus, the IT
    Security Office will be responsible for various activities, including
    advising Ministries in the development of coordinated information
    technology security policies, working with prefectural and local
    governments, and building public/private partnerships.
    The U.S. Department of Homeland Security's National Cyber Security Division
    is, among other things, the focal point for U.S. Government cybersecurity
    efforts to reduce the vulnerability of critical infrastructure or key
    resources, and it coordinates those efforts - including partnerships with
    the private sector and state/local governments - with relevant U.S.
    Departments and agencies. The Department also coordinates closely with the
    Department of State on international issues, which has the lead for U.S.
    foreign policy. The Department of Justice (DOJ) and the Federal Bureau of
    Investigation (FBI) lead the national effort to investigate and prosecute
    cybercrime. The Homeland Security Council (HSC) at the White House ensures
    coordination of all homeland security-related policy among federal and
    executive agencies to secure the homeland, including key critical physical
    and cyber infrastructure and assets.
    POLITECH -- Declan McCullagh's politics and technology mailing list
    You may redistribute this message freely if you include this notice.
    To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
    This message is archived at http://www.politechbot.com/
    Declan McCullagh's photographs are at http://www.mccullagh.org/
    Like Politech? Make a donation here: http://www.politechbot.com/donate/

    This archive was generated by hypermail 2b30 : Sun Sep 14 2003 - 23:51:49 PDT