Threat Intelligence Blog

The topic of information sharing has always been a pain point for the cyber industry. How much do we share? What systems need to be in place to safely share information? The questions go on. Not only does this impact corporate entities, but it also has ramifications on relationships between foreign governments. In early May 2017, the Government of Japan and the U.S. Department of Homeland Security (DHS) took a step to bridge this gap and strengthen the cyber relationship between the two nations by signing an information sharing agreement.

One constant struggle with information sharing is the quantity and the quality of the information shared by the appropriate stakeholders. If information flow goes only one way, chances are sharing opportunities will slow considerably or at worst, stop altogether. Common concerns the private sector has over such arrangements is that providing too much detail could expose organizational shortcomings and vulnerabilities, cause public embarrassment, or damage stock value and brand recognition.

The DHS and Japan plan to share cyber threat indicator information via the DHS’ Automatic Indicator Sharing (AIS) platform. Although originally intended for the private sector, government entities are also a part of this free program. The types of information shared includes malicious IP addresses, the sender email address included in a phishing email, and more.

A core attribute of the AIS process revolves around privacy considerations, which is also a main concern for the cyber industry (as pointed out earlier). All submissions from public and private entities remain anonymous unless otherwise directed by the submitting entity. Data is input into fields of information, some of which is given human review to ensure that personally identifiable information (PII) that is not directly pertinent to a cyber threat is inadvertently disclosed. Once this is accomplished, the data is immediately shared to participating members. The DHS Traffic Light Protocol – an established set of criteria designed to facilitate information sharing with the appropriate audience – helps participants handle and share indicators based on TLP markings.

Security cooperation between Japan and the U.S. has been consistently strong, an attribute that is evident in how the two governments have engaged with respect to cyber security.  In 2013, the U.S.-Japan Cyber Defense Policy working group was established with the purpose of deepening military partnership between the two nations by cooperating on information assurance, defensive cyberspace operations, and building a common understanding of the respective missions of the U.S. Department of Defense and its Japanese Ministry of Defense counterpart.  In mid-2015, the United States extended its cyber defense coverage to Japan, helping its partner detect and mitigate an increasing volume of digital attacks directed against government, military, and infrastructure networks.

Japan has also made consistent strides in its approaches to improving cybersecurity measures worldwide. In 2015, Tokyo published a national-level cyber security strategy, setting the foundation for the common understanding of cyberspace and the actions of the relevant stakeholders operating in its realm. Japan has demonstrated its commitment toward improving its cyber security posture, amending its Cybersecurity Basic Act, bolstering international engagements via a dedicated cyber office for national security policy, and maintaining Japan’s Computer Emergency Response Team (JPCERT) position as regional leader in best practice domestic and international engagement program.

However, Japan faces similar challenges as most other governments, including limited financial, material, and personnel resources, complicating interagency coordinating processes, and an approach to cyber security that is overly cautious in some areas.  Additionally, Japan is deficiency in cybersecurity personnel; the Japanese military’s cyber defense unit has around 90 members, compared to more than 6,000 people at the Pentagon. This, as well as an underfunded cybersecurity budget, is an obstacle that Japan must address in the near term.

Japan has good reason to buttress its cyber defenses. Not only is its economy heavily reliant on the Internet – its private sector participation in such a program is important to the global community and Japanese banks lose approximately $110 million USD annually to cyber crime – but it is also hosting the 2020 Olympics in Tokyo. With the Games being a notorious target for hostile cyber actors, and many experts believing that Asia is on the frontline of cyber crime, more proactive indicator sharing could benefit international financial stakeholders as a whole.

In cyberspace, the adage that has generally proven true is that the development of cyber strategies, enactment of cyber crime laws, and improved cyber cooperation should not be viewed as a conclusion but a constant process. Cyber information sharing is a necessary component and complement to these mechanisms. Providing threat data in a timely manner is essential to creating and sustaining a trusted and valuable cyber sharing ecosystem, thereby bolstering a collective defense approach to cyber security.

Additional Posts

Weekly Phishing Activity: November 20, 2017

The following data offers a snapshot into the weekly trends of the top industries being targeted by ...

ACC Foundation Cybersecurity Summit

ABOUT THE SUMMIT On behalf of the ACC Foundation, we invite you to participate in our one-day ...