Introduction | Spirit | History | Technology | Human Resource | Formation |
Establishing and leading global CSIRT networks to address growing cyber threats
Addressing global cyber threats
As Japan’s point of contact for incident coordination, JPCERT/CC has a structure in place for international collaboration with overseas CSIRTs, companies, research institutions, and other parties. For regions where CSIRTs do not exist, we provide training sessions on creating CSIRTs. We continue to demonstrate leadership in the global CSIRT community by building trust among CSIRTs through joint international projects and other efforts.
Figure 1: JPCERT/CC participates in global CSIRT communities, including FIRST and APCERT
Building an international community founded on trust
CSIRT communities are formed on a regional basis and also to serve specific purposes. Among existing CSIRT communities, FIRST[1] stands out for its membership size and extensive track record of activities.
Ever since JPCERT/CC became the first Japanese organization to join FIRST, we have been supporting other CSIRTs in Japan and abroad seeking to join FIRST. We have also been deeply involved with APCERT[2], a CSIRT community in the Asia Pacific region, as a founding member, having served as its Secretariat and Steering Committee member to date. Through such activities, we have acquired trust in the international community, and we maintain cooperative relationships with the CSIRTs of other countries so that we may support each other in the event of an incident. [Figure 1]
While it is said that the Internet has no borders, differences in the culture, language, and legal system of each country pose difficulties in handling incidents. Collaboration based on trust among frontline engineers is indispensable to overcoming this challenge.
[1] Forum of Incident Response and Security Teams
[2] Asia Pacific Computer Emergency Response Team
Support for the establishment of overseas CSIRTs
We visit regions where CSIRTs are not fully established, and we help increase the incident response capabilities of those regions by holding training sessions to provide the know-how necessary for creating and running CSIRTs. To date, we have provided support primarily in the Asia Pacific region and Africa. Our wide range of support covers everything from technical matters directly connected with practical operations, including malware analysis and network forensics, to matters for organization managers, such as how a CSIRT organization should be run.
Working to support the establishment of CSIRTs
Operating TSUBAME and providing quantitative data on threat information
TSUBAME is a joint Internet threat monitoring system run by JPCERT/CC. [Figure 2]
It uses sensors deployed in Japan and abroad for monitoring threats and visualizes monitoring results. The data obtained by TSUBAME is shared mainly with the CSIRTs in regions that participate in the TSUBAME project[3]. We also support the activities of CSIRTs in each country by sharing signs of incidents based on data and providing training on analysis methods. In Mejiro, an Internet risk visualization service, we collect data on various risk factors on the Internet, calculate risk factor indicators for each country and region, and visualize the results.
By collaborating with organizations such as CyberGreen Institute, an NPO established following a demonstration experiment conducted by JPCERT/CC from 2014 to 2015, we are working to gather more useful monitoring data and improve the calculation formula for risk factor indicators.
[3] A project that deploys Internet threat monitoring sensors in national CSIRTs in the Asia Pacific region and others
Introduction | Spirit | History | Technology | Human Resource | Formation |