4 posts categorized "#FIRST" Feed

Dec 22, 2016

Update from the CyberGreen Project

Hi, this is Moto Kawasaki from Global Coordination Division. It has been a little while since I wrote about the CyberGreen Project last time, and I would like to update the achievements of the Project.

The most impressive news in the first half of this fiscal year 2016 (Apr-Sep in Japan) is the renewal of its web site. Please have a look at the Info site and you'll find nice pages introducing distinguished advisers and board members of the Project, the mission statement and Project goals, and much more.

Figure 1: CyberGreen Info site
Fig_1

It is a good summary and outcome of what we have been aiming for years, and especially the Blog page shows cutting-edge stories around the Project, including investments not only from JPCERT/CC over the years, but also from the newly-joined Foreign & Commonwealth Office of the United Kingdom and Cyber Security Agency of Singapore, which proves the project is well-supported by various organizations.

If you click the Statistics tab, you'll find the Stats site that describes the Beta-2 version of the statistics with a colored map and scores by region and by AS number. These scores are based on the data from the Open Resolver Project and other data sources, as listed in the Data Inventory page. The calculation algorithm is described in the About page, and the score is a kind of density as per the formula: the natural logarithm of the number of open servers found in a region over the natural logarithm of the maximum number of nodes per country in that region, which is expressed by the score between 0 (best) and 100 (worst).

Figure 2: Colored map on Stats site
Fig_2
Figure 3: Scores indicating risks
Fig_3

With these renewed sites, we had several promotions such as CyberGreen Workshop at the APCERT Annual General Meeting & Conference 2016 (please find a blog post on the Conference here), a session on “CyberGreen: Improving Ecosystem Health through Metrics based Measurement and Mitigation Support” at the FIRST Regional Symposium for Arab and African Regions, and another CyberGreen Index proposed as “Measuring CyberGreen Readiness” at the 9th Annual National Conference on Cyber Security, Sri Lanka.

Figure 4: Green Index proposed at the Conference in Sri Lanka
Fig_4

In addition to the continued efforts by the CyberGreen Project team, there was another big news: “CyberGreen Metrics v.2 Method and Report Finalized.” As described in the news page, we will see another revision in the Info and Stats sites, hopefully in early 2017.

As such, we wish you to join CyberGreen to make the Internet safer together.

Thank you very much.

- Moto Kawasaki

Jul 10, 2015

The 27th FIRST Annual Conference in Berlin

Hello, Taki here, and its currently rainy season in Japan.

Just recently, I attended the 27th FIRST Annual Conference, held on June 14-19 , 2015 in Berlin – a city that I visited for the first time.

Berlinpic1_2

(Photo by Hiroshi Kobayashi)

I would like to go over some activities that JPCERT/CC was involved in during the conference.

This year I attended together with 3 colleagues, Yurie Ito, Koichiro (Sparky) Komiyama and Hiroshi Kobayashi. The conference was themed “Unified Security: Improving the Future”, focusing attendees’ collective efforts on improving the future of security together. As usual, it was great to catch up with the various people that work in the industry and also getting to know some new people as well. Many discussions around work over the past year and prospective collaboration over the next year were had.

JPCERT/CC was involved in 3 different presentations at the conference and I would like to take the time to briefly introduce each of them.

First, Yurie's presentation was titled, "A Proposal for Cybersecurity Metrics Through Cyber Green". Cyber Green, currently led by JPCERT/CC, is a project that aims to measure the health of the Internet by aggregating data sets of key risk factors, enabling comparisons over time and around the world, in order to identify what can be improved to make the Internet a better place. The presentation centered around the overview of the project, along with some details on the methods as to how the data is collected, analyzed and shown.

I was a co-presenter in a talk titled, "VRDX-SIG: Global Vulnerability Identification" along with Mr. Art Manion of CERT Coordination Center (CERT/CC) and Dr. Masato Terada of the Hitachi Incident Response Team (HIRT). The FIRST VRDX-SIG (Vulnerability Reporting and Data eXchange Special Interest Group) was chartered in 2013 to study existing practices on how vulnerabilities are identified, tracked and exchanged, and to develop recommendations on how to better the existing practices across disparate vulnerability databases (including Vulnerability Notes Database by CERT/CC, Japan Vulnerability Notes (JVN) by JPCERT/CC and Information-technology Promotion Agency, Japan (IPA), Open Sourced Vulnerability Database (OSVDB) and other vendor security advisories). This talk presented results of the work of the VRDX-SIG, including the creation of a vulnerability database catalog and some findings about vulnerability identification and tracking.

The last presentation that JPCERT/CC was involved in was a presentation by Hiroshi titled, "Keeping Eyes on Malicious Websites - “ChkDeface” Against Fraudulent Sites". He first talked about some noteworthy features of defaced websites reported to JPCERT/CC, and then introduced a tool called "ChkDeface", developed and implemented at JPCERT/CC, to collect various information on the defaced websites through a secure and efficient monitoring method. JPCERT/CC is planning to share the source code of this tool with some CSIRTs in the FIRST community, and eventually to open source the tool so that it can be practically utilized to trigger deeper discussion among security experts about more precise detection methods ― so here's hoping for a follow-up blog entry when that happens.

JPCERT/CC was a part of a few working groups as well, including the Energy-SIG, Vulnerability Coordination-SIG and CVSS-BoF in addition to the aforementioned VRDX-SIG. While I am unable to provide any insight about what was actually discussed, I believe that the work being done is worthwhile and when there is any output provided, I hope to notify through this blog or some other forms of communication.

Lastly, Berlin was a wonderful city, a little colder than I had expected, and hope to create a chance to visit again.

That's all for today.

Thank you for reading.

Berlinpic2_3

(Photo by Hiroshi Kobayashi)

- Takayuki (Taki) Uchiyama

Aug 11, 2014

The 26th FIRST Annual Conference in Boston

It's been quite a while. This is Taki again and I will be writing about my experiences at the 26th FIRST Annual Conference in Boston that I attended from June 23 - 27.

(Trinity Church - Photo by Hiroshi Kobayashi)

 

 

This year, I attended the conference with 3 colleagues, Yurie Ito, Koichiro (Sparky) Komiyama and Hiroshi Kobayashi. Having attended the conference on a few occasions in the past, it was a good time to catch-up with people that work in the industry and to discuss current work and how we may be able to collaborate going forward.

 

Hiroshi presented JPCERT/CC's activities related to the "Open DNS Resolver Check Site". He explained how the site works and gave an update on the achievement after APRICOT 2014 in February, where this topic was also covered. After the talk, we fielded some questions from a few CSIRTs and began some discussions about how to tackle the issue globally.

 

Also, JPCERT/CC participated in the VRDX-SIG meeting held then. VRDX stands for Vulnerability Reporting and Data eXchange. Membership is made up from administrators of vulnerability databases such as JVN, CERT Vulnerability Notes Database (CERT/CC). JPCERT/CC has served as the secretariat for the SIG and helps in facilitating discussions within the group. I regret not being able to share in detail what was discussed, but what I can promise is, as information becomes available from the SIG, the information should be useful to any organization that utilizes or searches for vulnerability information on the web.

 

Last but certainly not least, Koichiro (Sparky) Komiyama was elected to the Board of Directors for FIRST.Org, Inc. during the Annual General Meeting. His term is for 2 years, and we at JPCERT/CC will be supporting his activities in FIRST.

 

That is it for now.

Thanks for taking the time to read.

(Photo by Hiroshi Kobayashi)

 

-Taki Uchiyama

Jul 09, 2014

AfricaCERT Training in Djibouti

I am Toru Yamauchi, Research Director of JPCERT/CC.

JPCERT/CC has been contributing to CSIRT community in Africa since 2010 in order to enhance the global cybersecurity activity. In the rapid ICT development in Africa, it is getting important for African community to accelerate human resource development of cybersecurity and to establish the regional cooperation especially among National CSIRTs. I would like to introduce our recent on-site training program in Djibouti by my colleague Sparky (Koichiro Komiyama) and me, based on the collaboration with AfricaCERT.

 

Training courses as AfricaCERT Workshop, Djibouti

JPCERT/CC’s training program in Djibouti was conducted on May 29 and 30. It was a part of “AfricaCERT workshop”, which was one of the programs under Africa Internet Summit 2014 (AIS14) and AfNOG 2014.  

 

Dsc07938_5

 

AfricaCERT was established in 2012 as the African forum of computer emergency response teams. JPCERT/CC has been supporting their activities mainly in the CERT Training Course for Technical Staff. We have been conducting 9 training sessions since May 2010.

 

This time in Djibouti, we accommodated about 40 participants from 17 countries over the African region (Burkina Faso, Cameroon, Djibouti, DR Congo, Gambia, Ghana, Ivory Coast, Kenya, Malawi, Mauritius, Nigeria, Seychelles, Somalia, South Africa, Sudan, Tanzania and Zambia). Some people were from National CSIRTs under the governments. Other people were from universities and the private sector such as telecom companies.

We also supported TRANSITS training conducted by trainers from FIRST on May 26-28. The details are also on FIRST Web site. (http://www.first.org/newsroom/releases/20140604)

 

The result of the AfricaCERT workshop is reported by AfricaCERT’s Press Release as follows:

http://www.africacert.org/home/english-press-release/

 

In JPCERT/CC’s part, we had two modules as follows:

i) Introduction of cybersecurity in Japan, including JPCERT/CC’s activity

ii) Technical exercise on network forensic

 

Dsc07946_edit

Me speaking at the workshop

 

In the first session of the training course, I had a chance to speak about “Cybersecurity in Japan” for the participant’s reference of the policies of Japan which is not widely known outside of country. I talked about the history of internet, information security, and government’s policy on cybersecurity in Japan. The participants were so serious listening to my explanation. I was impressed by it, and I assumed that African people are eager to know the experiences in other region.

Subsequently, Sparky made a two-day network forensic exercise. He conducted hands-on training so that the participants would acquire the practical skills and capabilities which can be utilized when they go back to their home country. This session went quite successful - I assume that African people are fond of hands-on training rather than just listening to lectures. This discovery will help us arrange the next training contents in the African region.

Img_1390_edit

Sparky at the training

 

Mutual collaboration between AfricaCERT and JPCERT/CC

 

Besides the trainings, we were able to create a good relationship with the people of AfricaCERT. Sparky is already recognized in African community because of the trainings in the past four years. Sparky and I talked with the participants from many countries, and we made significant discussion. We were also invited to the meeting between the Government of Djibouti and AfricaCERT people on how to establish National CSIRT in Djibouti. Sparky made a brief presentation on CSIRTs culture and philosophy. I believe it helps participants to think about their National CSIRT in each country.

 

I would like to say African people were so competent and active for cybersecurity operation. I personally enjoyed the friendship with a lot of African people in this trip.

 

Finally, JPCERT/CC will continue to support the CSIRT community in Africa as well as keeping its close relationship with AfricaCERT, which we believe will stand on its feet in the near future, supported by the community in the region.   

 

If you have any inquiries on this topic or our CSIRT training program, please contact us at “global-cc[at]jpcert.or.jp”