Creating Value with an Enterprise IT Governance Implementation Model Using COBIT 5

After the subprime mortgage crisis and the Lehman Brothers collapse in the US, the Financial Services Agency of Japan (FSA) strengthened financial regulations. The FSA regulations introduced an IT governance perspective, which detailed the rules for information security enhancement and IT risk minimization. In response to this, the management of financial institutions have been struggling with a kind of “defensive” IT governance, or a risk minimization and compliance approach.
On the other hand, the Japan Revitalization Strategy was approved by the Abe Cabinet of Japan in 2013 and the FSA applied the Corporate Governance Code in 2015, in which listed companies are urged to achieve sustainable growth and increase corporate value over the mid- to long term. Under these circumstances, financial institutions are seeking aggressive or proactive IT governance aiming at value creation for stakeholders rather than defensive or reactive risk minimization and compliance.
The requirements that management teams of enterprises, especially financial institutions, need to satisfy are intended to transform their IT governance from defensive risk management and compliance to proactive IT governance. Figure 1 shows the relationship between defensive risk management and proactive IT governance as well as the related frameworks. Enterprise management teams are seeking a transformation that focuses on moving from the left to the right in the figure.

Figure 1—Relationship Between Defensive Risk Management and Proactive IT Governance

Source: Y. Inaba. Reprinted with permission.

This article presents an enterprise IT governance (EITG) implementation model derived from the following practical experiences using COBIT:

  • Implementation of a group IT governance system1 using the COBIT 4.1 process reference model and its Maturity Model at a global insurance group based in Japan
  • Implementation of a governance, risk management and compliance (GRC) system2 at an IT service subsidiary of the insurance group using COBIT 5
  • Practical experience as an employee of a major auditing firm in Japan, Deloitte Touche Tohmatsu LLC

The Proactive IT Governance Model

The core of the proactive IT governance model is value creation for stakeholders and fulfillment of the organization’s fiduciary duty and accountability. Figure 2 shows the concept of the proactive IT governance model developed and presented in this article.

Figure 2—IT Governance Implementation Model for Enterprise Seeking IT-enabled Value Creation

View Large Graphic
Source: Y. Inaba. Reprinted with permission.

Goals Cascade From Stakeholder Needs to Enabler Goals

The left-hand side downstream flow of figure 2 or the enlarged chart in figure 3 shows the goals cascade from stakeholder needs to enabler goals. This follows the COBIT 5 principle, Meeting Stakeholder Needs.

Figure 3—Relationship Between Defensive Risk Management and Proactive IT Governance

Source: Y. Inaba. Reprinted with permission.

First, the governance team, consisting of the directors, evaluates the value creation needs for the stakeholders, comprising shareholders, customers, employees, regulatory agencies and social communities such as economic societies, and reports to the management team on what kind of value it should create. The report can be made by creating mission, vision and values (MVV) statements. This corresponds to the action of aligning the governance objective with value creation.
Then, the management team sets the enterprise goals from the results of the evaluation of the stakeholder needs, which consist of the 4 components of the balanced scorecard (BSC), i.e., financial, customer, internal, and learning and growth. The result of this step is the creation of the management strategy document. The next step is that the management team sets the IT-related goals from the enterprise goals, formatting according to the same 4 components of the IT BSC. The output of this step is an IT strategy document. Finally, the goals are cascaded down to the enabler goals, as described in COBIT 5. The result of the enabler goals setting is represented in the enabler strategies, i.e., the strategies for principles/policies, processes, organizational structures, culture, information, service/systems and human resources (HR). Usually, those enabler strategies are included in the IT strategy documentation.
These series of goals cascades can be supported by the mapping from stakeholder needs to enterprise goals described in the COBIT 5 framework3 and the mapping from enterprise goals to IT-related goals and then to process enabler goals described in COBIT 5: Enabling Processes.4

Implementation of the 7 Enablers with Plan-Build-Run-Monitor Cycle

The next step is management execution, which includes a series of practices on the Plan-Build-Run-Monitor (PBRM) Cycle. The management team executes by focusing on 7 enablers. The bottom part of figure 2 shows this cycle and it is further described in figure 4.

Figure 4—Implementation of the 7 Enablers

Source: Y. Inaba. Reprinted with permission.

For the process enabler, the enabler goal setting corresponds to the selection of the priority processes from the 37 processes defined by the COBIT 5 process reference model, each with its targeted capability level defined in theCOBIT 5 Process Assessment Model (PAM): Using COBIT 5. The selection of processes is driven by the goals cascade from stakeholder needs. The next step is to build enablers. The process capability assessment is made regarding the selected processes and following that, the improvement action plan is formulated to fill the gaps between the current capability level and the targeted level and the improvement is implemented. Then, the improved processes are operated to achieve the process enabler goals. Finally, the process performance or the process enabler goals are monitored.
Regarding the other enablers, the enterprise IT governance implementation model described in this article does not include detailed and concrete processes to follow because the focus is on the process enablers. The intent is to explore the other enablers after the completion of the process enabler implementation descriptions. This is supported by the fact that the detailed enabler guide5 for the process enabler already exists as do the process assessment model and the assessor guides.6, 7
Developing the information enabler can happen next because COBIT 5: Enabling Information gives the guidance needed to build that enabler. In addition, how to assess the current information enabler status and how to reach the targeted status for the information enabler needs to be described.
Experience would tend to indicate that implementation guidance for the service/system enabler and the HR enabler is in great demand because they seem to be the essential enablers for the era of disruptive innovations and digital transformations, where proactive IT governance is required. ISACA’s plans include issuing such guidance in the form of another 5 enabler guides to assist its members in implementing COBIT 5.

Monitoring Enabler Goals Up to Value Creation for the Stakeholders

The right-hand side upstream flow of figure 2 or the enlarged chart in figure 5 shows the goals monitoring from enabler goals up to value creation for the stakeholders.

Figure 5—Goals Monitoring

Source: Y. Inaba. Reprinted with permission.

First, the implementation and the operation of each enabler are monitored and the result of the monitoring is reported in an enabler monitoring report. The report is then summarized into an IT monitoring report, which describes the results of the monitoring of IT-related goals. Continuing the flow upstream, the IT monitoring report is integrated into a management monitoring report, which describes the monitoring results of not only IT, but also other governance areas.
Finally, the value created through the governance and management cycles is described in a value creation report, or the integrated monitoring report, and it is reported to the stakeholders as the fulfillment of accountability.

Enterprise IT Governance Perspective in the Enterprise Governance Environment

To enhance the governance and management cycle described above, it would be valuable to view it from the standpoint of enterprise governance—in other words, a corporate governance model which is shown in figure 6. The top circle describes enterprise governance and the bottom circle indicates governance of enterprise IT (GEIT), which is referred to here as EITG.

Figure 6—Enterprise IT Governance

Source: Y. Inaba. Reprinted with permission.

Enterprise governance is performed by C-suite executives under the direction and oversight of the board of directors (BoD). According to the EITG implementation model, it consists of the 2 major governance areas: business governance, referred to here as business value creation governance (BVCG), and corporate governance, referred to here as valued service governance (VSG).
On the top side, BVCG includes the enterprise’s business (e.g., property and casualty insurance or life insurance, in the case of an insurance company) and/or functional unit (underwriting, claims handling) governance. It can be an IT service delivery business and/or a system development function as well as a system operation function for an IT service company.
On the bottom side, VSG is broken down to the so-called corporate governance areas, i.e., corporate planning, financial reporting, HR, risk, information security, compliance and audit/assurance. These area definitions are generally similar for all industries.
Once the governance team sets up the management goals and strategies from the stakeholder needs, they are allocated into the individual areas of enterprise governance. IT governance is one of them.
Focusing on IT governance, the chief information officer (CIO), the chief executive officer (CEO) and the chief operating officer (COO) execute the goals cascade into enabler goals setting in order to align with the enterprise business and create IT value for the stakeholders. This is depicted in the circle at the bottom of figure 6, where IT governance is put at the center of the chart and BVCG and VSG are located around IT governance with the overlapped areas labeled “Align.”
It is important to note that there are several similar circles behind the scenes. For each governance area, each C-suite executive in charge of it is executing a PBRM cycle under another circle where each governance area is put at the center, and the other governance areas, including IT governance, are located around it with the overlapped “Align” label (figure 7).

Figure 7—Enterprise IT Governance From Each Governance Area Perspective

View Large Graphic
Source: Y. Inaba. Reprinted with permission.

In addition to cascading down to IT-related goals, the goals of each governance area are cascaded down in parallel. Then, the enabler goals are set for each governance area and the enabler implementations with the PBRM cycle for each governance area are executed.
For example, suppose there is a financial institution whose goals include the implementation of financial technologies (FinTech). Its HR management may plan to introduce an HR development program for FinTech and its IT management may plan to identify the skills for FinTech implementation and acquire people with the defined FinTech skills. Clearly, these 2 initiatives in these 2 departments should be aligned with each other.
Then the monitoring of the goals of each governance area is performed. And finally, working up to the enterprise governance chart (the top circle in figure 7), the governance team monitors the enterprise goals and integrates all the monitoring results from each governance area into a single management report.

Creating Value With the Enterprise IT Governance Implementation Model

COBIT 5 is a useful tool and guidance framework for EITG. Practitioners can create value for clients by combining the interpretation of service delivery from COBIT 5 guidance with the implementation practices outlined in the EITG implementation model described in this article.
By assuming this kind of advocacy role, practitioners can create value for clients as well as fulfill social responsibilities in Japan.

Yuichi (Rich) Inaba, CISA

Is a senior manager at Deloitte Touche Tohmatsu LLC where he developed an enterprise IT governance implementation model base on his COBIT experience. Previously, he was a manager at the holding company of a global insurance group based in Japan, where he had engaged in the implementation of a group IT governance system for the group by using COBIT 4.1. Subsequently, he was a senior consultant specialist in the areas of GRC, IT governance, risk management and information security at the IT service company of the group, where he implemented a GRC system for the IT service company of the group by using COBIT 5. He is a member of the Standards Committee of the ISACA Tokyo Chapter and currently working on the translation of COBIT 5 materials into Japanese as well as an advocacy of COBIT 5 in Japan.

Author’s Note

The content of this article is based on the author’s personal opinion and does not reflect an official position by Deloitte Touche Tohmatsu LLC.

Endnotes

1 Inaba, Y., H. Shibuya; “Executive Management Must Establish IT Governance,” COBIT Focus, vol. 1, 2013
2 Inaba, Y., “Creating Value With COBIT 5 at a Tokio Marine Group Company,” COBIT Focus, 24 November 2014
3 ISACA, COBIT 5, USA, 2012
4 ISACA, COBIT 5: Enabling Processes, USA, 2012
5 Ibid.
6 ISACA, COBIT Self-assessment Guide: Using COBIT 5, USA, 2013
7 ISACA, COBIT Assessor Guide: Using COBIT 5, USA, 2013

By Yuichi (Rich) Inaba, CISA

[ISACA – Cobit Focus]

Rick Howard Enters a Lion’s Den of Journalists

Amy Zegart is the Co-Director of the Stanford Center for International Security and Cooperation. This year, she invited me to join the advisory council for the Stanford Cyber Policy Advisory Program; a multi-year working group think tank designed to develop cyber strategy, doctrine, and fundamental ideas for the U.S. government. She also helps run the Stanford Cyber Boot Camp series, a program that aims to educate various communities around the country about cybersecurity issues.

This week, she targeted journalists and invited me, and some other prominent network defenders, to have an off-the-record conversation regarding what we thought about how journalists approach the cybersecurity topic.

The room was filled with journalists from ABC, The Washington Post, Foreign Policy, NPR, The Wall Street Journal, CNN, and The New York Times. I have dealt with reporters before, usually in a friendly situation explaining some technical aspect of the latest security event, but I have never been outnumbered before by a factor of 20 to 1 in a situation where we might be exchanging some “off-the-record” criticism on both sides.

Amy had us in a circular, two-tiered conference room, where the network defenders sat on the bottom tier, surrounded by journalists both on the same tier and on the upper tier. Going in, it felt like we were gladiators walking into the arena with hungry lions and tigers roaming around looking to eat us on our tier, and the spectators on the higher tier, who definitely were rooting for the animals.

In truth, it was nothing like that all. It turned out to be a free exchange of information from both sides that helped to dismantle some pre-conceived and incorrect assumptions that both the network defenders and journalists had about the other side. Here is my big takeaway from the boot camp.

Journalists are professionals who know a lot of things about a gazillion different topics, cybersecurity being one of them. Network defenders are specialists with a deep knowledge about cybersecurity but probably only a cursory knowledge of other things. Most journalists are generalists without a lot of depth in any particular topic but who know how to pull a compelling story out of a specific topic by sifting through myriad known facts, assumptions and rumors. They rely on network defenders to get the facts straight and to help them find the right angle to make the story good without it turning into marketing.

Network defenders should assist in this regard as much as possible. The relationship does not have to be adversarial. We are on the same side in most cases. The reporters want to publish a good story – hopefully one that’s balanced and accurate. The network defenders want to make sure that journalists educate the general public correctly. Without our help, we lose the opportunity to help educate the masses. And that opportunity is greater than ever, with so many publications – even publications that traditionally do not cover technology topics in depth – running stories on cybersecurity.

I thought the Stanford Cyber Boot Camp series was a huge success. Even though I initially felt like I was walking into the lion’s den, with reporters lying in wait to eat me at the first opportunity, the experience turned out to be the complete opposite. Both sides walked away a bit smarter about how to deal with the other. I learned that journalists have a tough job to do even if they are really good at their craft. They mostly just want to publish a good story. I also learned that my relationship with journalists does not have to be adversarial. Network defenders can help reporters publish good stories, and at the same time, ensure that the public receives accurate stories to read about cybersecurity.

[Palo Alto Networks Research Center]

William Saito: The G7’s Opportunity To Push Cybersecurity As A Business Enabler

G7 leaders are gathering this month in Japan, and the meeting is a huge opportunity to position cybersecurity as an enabler of business growth, writes William Saito, CSO and Vice Chairman, Japan, at Palo Alto Networks, in a new article for the World Economic Forum.

G7 leaders, notes William, “must collaborate with stakeholders in business, academia and civil society to promote the secure expansion of ICT. It can enhance efficiency and productivity, as well as add value and real revenue growth – not only in developed countries but developing ones as well. The Internet should be considered fundamental to economic development like roads, water and electricity; this is something that funding and aid agencies should focus on more.

Read the full article for William’s thoughts on “whack-a-mole security,” shifting mindsets among business leaders concerned about security, and what the G7 can learn from organizations such as the Internet Governance Forum.

[Palo Alto Networks Research Center]

Operation Ke3chang Resurfaces With New TidePool Malware

Introduction

Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve their custom malware arsenal. We’ve discovered a new malware family we’ve named TidePool. It has strong behavioral ties to Ke3chang and is being used in an ongoing attack campaign against Indian embassy personnel worldwide. This targeting is also consistent with previous attacker TTPs; Ke3chang historically targeted the Ministry of Affairs, and also conducted several prior campaigns against India.

Though we don’t have comprehensive targeting information, the spear phishing emails we found targeted several Indian embassies in different countries. One decoy references an annual report filed by over 30 Indian embassies across the globe. The sender addresses of the phishing emails spoof real people with ties to Indian embassies, adding legitimacy to the emails to prompt the recipients to open the attached file. Also noteworthy, the actors are exploiting a relatively new vulnerability in their attacks with TidePool, which is detailed below.

In this report we will highlight the reuse of the code responsible for a variety of registry changes and command and control traffic over time as the Ke3chang actor has evolved their codebase to TidePool since the 2013 report.

Exploitation of CVE-2015-2545

The weaponized document sent in phishing emails triggers the vulnerability outlined in CVE-2015-2545, which was first made public in September 2015.  Unlike previously seen exploit carrier docs, this version comes packaged as an MHTML document which by default opens in Microsoft Word.  We have seen multiple waves of activity with similar exploit docs, including those referenced in our recent Spivy blog. PwC recently released a great report analyzing the exploit documents themselves. The samples we are covering are documented in the “Windows User_A” section of their report (the malware they refer to as “Danti Downloader”).

The TidePool Malware Family

TidePool contains many capabilities common to most RATs. It allows the attacker to read, write and delete files and folders, and run commands over named pipes. TidePool gathers information about the victim’s computer, base64 encodes the data, and sends it to the Command and Control (C2) server via HTTP, which matches capabilities of the BS2005 malware family used by the Ke3chang actor

The TidePool malware is housed in an MHTML document which exploits CVE-2015-2545. The exploit code drops a DLL into

C:\Documents and Settings\AllUsers\IEHelper\mshtml.dll

This dropped DLL is the TidePool sample. It also launches Internet Explorer as a subprocess of the svchost service. For persistence, TidePool utilizes an ActiveSetup key, which will launch itself on boot with the following parameters:

rundll32.exe  C:\DOCUME~1\ALLUSE~1\IEHelper\mshtml.dll,,IEHelper

The TidePool sample then sends victim computer information to the C2 server, as shown in Figure 1. Once a connection is made, the sample behaves as a RAT, receiving commands from the C2.

Figure 1. The Base64 encoded data contains information about the victim’s service pack level, the current user, and the NETBIOS name of the victim system.

The Evolution From BS2005 to TidePool

During our initial triage of the TidePool samples in AutoFocus, we noticed Windows Registry modifications that by themselves were not unique, but when viewed together were used by multiple malware families. One of these families is the “BS2005” malware family used by the Ke3chang actor. This motivated us to dig deeper, since we had not seen any public reporting on them since 2013. From this analysis, Unit 42 compared the code bases of the new malware family, and the BS2005 malware samples. Based on our analysis we believe this new malware, which we are calling TidePool, is an evolution of the BS2005 malware family used by the Ke3chang actor.

Unit 42 has discovered 11 similar registry modifications that both TidePool and BS2005 employ. The registry setting that TidePool and BS2005 focuses on is:

Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IEHarden -> 0

When the IEHarden Value is set to 0 it disables the Internet Explorer Enhanced Security configuration, which is designed to prevent the execution of scripts, ActiveX Controls, file downloads, and the Microsoft virtual machine for HTML content. This is a technique common to both BS2005 and TidePool malware.

Below is the routine within TidePool that modifies the IEHarden registry settings. The repetition, order, and uniqueness of the code base in this function allowed us to link TidePool back to older versions of BS2005 and Operation Ke3chang.

Figure 2. Routine to modify the IEHarden Value linking TidePool to BS2005.

Code reuse overlap also allowed us to link the various interim malware iterations between Ke3chang and TidePool together. Going over every single code overlap would be tiresome, so we’ll highlight major functional similarities that allowed us to link TidePool to Operation Ke3chang. A listing of similar hashes and their compile dates can be found in the IOC section at the end of this blog. They are also divided into those that pre-date the Operation Ke3chang report and those that came after.

We compared 5 key samples that link TidePool to the original Operation Ke3chang malware. In order of comparison and usage we looked at:

BS2005 Operation Ke3chang sample

233bd004ad778b7fd816b80380c9c9bd2dba5b694863704ef37643255797b41f

2013 post Ke3chang

012fe5fa86340a90055f7ab71e1e9989db8e7bb7594cd9c8c737c3a6231bc8cc

2014 post Ke3chang

04db80d8da9cd927e7ee8a44bfa3b4a5a126b15d431cbe64a508d4c2e407ec05

2014 post Ke3chang

eca724dd63cf7e98ff09094e05e4a79e9f8f2126af3a41ff5144929f8fede4b42

2015 Current TidePool

2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18

Starting with a known Operation Ke3chang BS2005 sample, we focus on the C2 obfuscation. Figure 3 shows the routine for following 2 samples:

233bd004ad778b7fd816b80380c9c9bd2dba5b694863704ef37643255797b41f 012fe5fa86340a90055f7ab71e1e9989db8e7bb7594cd9c8c737c3a6231bc8cc

Figure 3. Comparing a BS2005 and post Ke3chang sample C2 obfuscation routine

Not only do BS2005 and TidePool share repeating registry behaviors, they also use a similar code routine to obfuscate the C2. Further analysis shows that they also share similar Base64 string handling. This routine goes back even further to MyWeb malware samples, also associated with Operation Ke3chang.

Next we compared the codebase for setting registry keys. The code reuse displayed in Figure 4 is the sequence that sets the IEHarden registry keys and other keys used throughout TidePool and Operation Ke3chang malware.

012fe5fa86340a90055f7ab71e1e9989db8e7bb7594cd9c8c737c3a6231bc8cc
04db80d8da9cd927e7ee8a44bfa3b4a5a126b15d431cbe64a508d4c2e407ec05

Figure 4. Sequence that sets the IEHarden registry keys and other keys used in TidePool and Operation Ke3chang samples.

The code that handles URL beacon creation is shown in Figure 5. These functions also displayed quite a bit of code reuse.

eca724dd63cf7e98ff09094e05e4a79e9f8f2126af3a41ff5144929f8fede4b4
012fe5fa86340a90055f7ab71e1e9989db8e7bb7594cd9c8c737c3a6231bc8cc

Figure 5. Comparing code blocks responsible for URL creation

Finally, we compared the following two samples.

04db80d8da9cd927e7ee8a44bfa3b4a5a126b15d431cbe64a508d4c2e407ec05 2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18

These samples are quite similar when looking at the library functions used, but the most notable features they have in common are the timeline of behaviors executed. Ke3chang and TidePool both modify the IEHarden registry key, as well as the following list of keys. Setting these registry keys is unique to the Ke3chang and TidePool malware families.

HKCU\Software\Microsoft\Internet Explorer\Main\Check_Associations

HKCU\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IEharden

A Few Words On Attribution

Attribution is an inexact process, however we have compiled several interesting findings which lend themselves to our conclusion that this activity and malware is related to the original Operation Ke3chang.

  • Strong behavioral overlap between the TidePool malware family and malware called BS2005 utilized by Operation Ke3chang
  • Strong code reuse and overlap showing a branching and evolution of malware from BS2005 to TidePool.
  • Targeting and attack method matches historic Ke3chang targeting.
  • When binaries included resources, encoding was 0x04 (LANG_CHINESE) indicating the actor’s system is likely running an operating system and software with Chinese as the default display language.

Conclusion

Despite going unreported on since 2013, Operation Ke3chang has not ceased operations and in fact continued developing its malware. Unit 42 was able to track the evolution of Operation Ke3chang’s tools by observing unique behavioral quirks common throughout the malware’s lineage. By pivoting on these behaviors in AutoFocus, we were able to assess a relationship between these families dating back to at least 2012 and the creation of TidePool, a new malware family continuing in Ke3chang’s custom malware footsteps. While we can’t know all of the groups’ attacks using TidePool or older malware, we have uncovered its use against Indian Embassies, which was also documented in the 2013 report, indicating this is likely a high priority target as it has continued over multiple years.

Customers can utilize the Ke3changResurfaces AutoFocus tag to examine the samples discussed in this post. IPS coverage for TidePool is provided by TID 14588.

TidePool IOCs

Phishing emails:

4d5e0eddcd014c63123f6a46af7e53b5ac25a7ff7de86f56277fe39bff32c7b5

1896d190ed5c5d04d74f8c2bfe70434f472b43441be824e81a31b7257b717e51

de5060b7e9aaaeb8d24153fe35b77c27c95dadda5a5e727d99f407c8703db649

Weaponized document attachments:

785e8a39eb66e872ff5abee48b7226e99bed2e12bc0f68fc430145a00fe523db

eea3f90db41f872da8ed542b37948656b1fb93b12a266e8de82c6c668e60e9fc

TidePool Dropper:

38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f

TidePool dlls:

67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed

2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18

9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba

C2 domain:

goback.strangled[.]net

TidePool sample groupings

Group 1: 3/1/2012 – 3/22/2012

71b548e09fd51250356111f394e5fc64ac54d5a07d9bc57852315484c2046093 (BS2005)

39fdcdf019c0fca350ec5bd3de31b6649456993b3f9642f966d610e0190f9297 (BS2005)

bfa5d062bfc1739e1fcfacefd3a1f95b40104c91201efc618804b6eb9e30c01

4e38848fabd0cb99a8b161f7f4972c080ce5990016212330d7bfbe08ab49526

d097a1d5f86b3a9585cca42a7785b0ff0d50cd1b61a56c811d854f5f02909a5

25a3b374894cacd922e7ff870bb19c84a9abfd69405dded13c3a6ceb5abe4d27

Group 2: 6/1/2012 – 7/10/2012

12cc0fdc4f80942f0ba9039a22e701838332435883fa62d0cefd3992867a9e88(BS2005)

a4fae981b687fe230364508a3324cf6e6daa45ecddd6b7c7b532cdc980679076(BS2005)

c1a83a9600d69c91c19207a8ee16347202d50873b6dc4613ba4d6a6059610fa1

Group 3: 8/28/2012 – 11/19/2012

023e8f5922b7b0fcfe86f9196ae82a2abbc6f047c505733c4b0a732caf30e966(BS2005)

064051e462990b0a530b7bbd5e46b68904a264caee9d825e54245d8c854e7a8a(BS2005)

07aa6f24cec12b3780ebaba2ca756498e3110243ca82dca018b02bd099da36bb(BS2005)

cdb8a15ededa8b4dee4e9b04a00b10bf4b6504b9a05a25ecae0b0aca8df01ff9(BS2005)

f84a847c0086c92d7f90249be07bbf2602fe97488e2fef8d3e7285384c41b54e(BS2005)

89ccea68f76afa99d4b5d00d35b6d2f229c4af914fbb2763e37f5f87dcf2f7b

be378ad63b61b03bdc6fd3ef3b81d3c2d189602a24a960118e074d7aff26c7b

c5d274418532231a0a225fc1a659dd034f38fde051840f8ed39e0b960d84c056

Group 4: 4/18/2013 – 11/5/2013

233bd004ad778b7fd816b80380c9c9bd2dba5b694863704ef37643255797b41f(BS2005)

3795fd3e1fe4eb8a56d611d65797e3947acb209ddb2b65551bf067d8e1fa1945(BS2005)

6d744f8a79e0e937899dbc90b933226e814fa226695a7f0953e26a5b65838c89(BS2005)

b344b9362ac274ca3547810c178911881ccb44b81847071fa842ffc8edfcd6ec(BS2005)

e72c5703391d4b23fcd6e1d4b8fd18fe2a6d74d05638f1c27d70659fbf2dcc58 (BS2005)

690c4f474553a5da5b90fb43eab5db24f1f2086e6d6fd75105b54e616c490f3

d64cd5b4caf36d00b255fdaccb542b33b3a7d12aef9939e35fdb1c5f06c2d69

0ec913017c0adc255f451e8f38956cfc1877e1c3830e528b0eb38964e7dd00ff

Post Fireye’s Ke3chang blog

Group 5: 5/2/2013 – 10/23/2013

012fe5fa86340a90055f7ab71e1e9989db8e7bb7594cd9c8c737c3a6231bc8c

0f88602a11963818b73a52f00a4f670a0bf5111b49549aa13682b66dd989515

2a454d9577d75ac76f5acf0082a6dca37be41f7c74e0a4dbd41d8a9a75120f5

66d9001b6107e16cdb4275672e8dd21b3263481a56f461428909a7c265c6785

863ee162a18d429664443ce5c88a21fd629e22ad739191c7c6a9237f64cdd2f

8b3ef6112f833d6d232864cf66b57a0f513e0663ee118f8d33d93ad8651af33

904e31e4ab030cba00b06216c81252f6ee189a2d044eca19d2c0dc41508512f3

Group 6: 03/09/2014

F3c39376aa93b6d17903f1f3d6a557eb91a977dae19b4358ef57e686cd52cc037c17ccdd8eba3791773de8bc05ab4854421bc3f2554c7ded00065c10698300fe

Group 7: 08/26/2014

eca724dd63cf7e98ff09094e05e4a79e9f8f2126af3a41ff5144929f8fede4b4

Group 8: 04/09/201404db80d8da9cd927e7ee8a44bfa3b4a5a126b15d431cbe64a508d4c2e407ec05

Group 9: 3/11/2015

6eb3528436c8005cfba21e88f498f7f9e3cf40540d774ab1819cddf352c5823d

Group 10: 08/04/2015

6bcf242371315a895298dbe1cdec73805b463c13f9ce8556138fa4fa0a3ad242

Group 11: 12/28/2015

2252dcd1b6afacde3f94d9557811bb769c4f0af3cb7a48ffe068d31bb7c30e18

38f2c86041e0446730479cdb9c530298c0c4936722975c4e7446544fd6dcac9f

67c4e8ab0f12fae7b4aeb66f7e59e286bd98d3a77e5a291e8d58b3cfbc1514ed

9d0a47bdf00f7bd332ddd4cf8d95dd11ebbb945dda3d72aac512512b48ad93ba

, , , and

[Palo Alto Networks Research Center]

Key Takeaways from the G7 ICT Multi-Stakeholders Conference in Japan

With our global economy more and more reliant on the digital systems that connect our individual national infrastructures, ministers from Japan, Britain, Canada, France, Germany, Italy, the U.S., and the European Union made coordination on information and communication technology (ICT) policy a major initiative during their G7 ICT Ministers Meeting held April 29–30 in Takamatsu, Japan. They also agreed multi-stakeholder approaches are essential for ICT and cybersecurity efforts.

As host of the G7 meeting, the Japanese government put that agreement into action, organizing the first-ever G7 ICT Multi-Stakeholders Conference in parallel with the government-only Ministers Meeting. The conference, which included representatives of industry, academia, and governments from around the world, aimed to work on a way forward to strengthen our international efforts for protecting critical ICT and enhancing our global cybersecurity posture. As a representative of industry at the conference, Palo Alto Networks applauds the Japanese government’s leadership in using this opportunity to bring together this unique group of leaders.

The discussions among the conference participants highlighted the difficulties in sharing cyberthreat intelligence and best practices in a timely and harmonized manner as well as the increasing incorporation of cybersecurity into Japanese business decisions and operations. Mark Hughes, CEO of BT Security, shared his experiences from the London 2012 Summer Olympics and emphasized the importance of using technologies that disseminate cyber intelligence in a coordinated manner to avoid confusion and duplication. He also pointed out that future Olympic Games would face challenges in processing and analyzing in real time the growing volume of cyberthreat information.

As the Internet of Things and automated threats grow, the volumes of data we are dealing with will only make the threat landscape more complex, increasingly impacting the fabric of our day-to-day digital lifestyle. It is essential for academia, government, and industry to re-architect their systems and networks away from legacy platforms and onto next-generation technology that can handle large volumes of data, automatically preventing threats and enabling faster response.

But next-generation technology alone will not be enough to tackle the challenges we face in securing ICT. During the panel session, Hiromichi Shinohara, Senior Executive Vice President for the NTT Corporation, stressed the need to recognize cybersecurity as an integral part of business operations and to work together with other companies and sectors to support cyberthreat information sharing and human resources. His comments mirror the guidance put forward in the Japanese Cybersecurity Guidelines for Business Leadership Version 1.0 issued by the Japanese Ministry of Economy, Trade and Industry (METI) and Information-Technology Promotion Agency (IPA) in December 2015. It makes the point that cybersecurity must be an integral part of business operations, and executives should show leadership not only by investing in measures to protect their brand, operations continuity, and customer trust but also by contributing to cyberthreat information-sharing frameworks in a mutually beneficial way.

As a global critical infrastructure company based in Japan, NTT’s decision to declare cybersecurity a responsibility for business operations at this international conference was incredibly meaningful in setting the stage for others in Japan and globally to follow suit. Palo Alto Networks also appreciates the leadership taken by the Japanese government and industry in the cybersecurity field and looks forward to continuing to work with them to enable business operations and secure trust in our digital age.

Note

Mihoko Matsubara, CSO Japan, Palo Alto Networks K.K., and Danielle Kriz, Senior Director, Global Policy, Palo Alto Networks, published their co-authored blog about the METI/IPA Cybersecurity Guidelines for Business Leadership earlier this month. Matsubara is also giving a talk about cybersecurity for major global events including the Tokyo Olympic Games 2020 at the Palo Alto Networks Day conference in Tokyo on June 7.

[Palo Alto Networks Research Center]

English
Exit mobile version