iot security measures - etsi · dyn’s system was generated from over 100,000 iot devices infected...
TRANSCRIPT
IoT Security Measures
October 25th, 2019
Office of the Director-General for CybersecurityMinistry of Internal Affairs and Communications (MIC)
JAPAN
1
• Chief Cabinet Secretary (Chief)• Relevant Ministers• Experts
Cybersecurity Strategic Headquarters
METI (Information Policy)
MIC (Telecommunications and Network Policy)
MOD (National defense)
NPA (Cybercrimes and attacks)
Ministries under HQ Members
(Secretariat)National Center of Incident Readiness
and Strategy for Cybersecurity(NISC)
MOFA (Diplomacy and security)
Ministries responsible for critical infrastructures- FSA (financial organizations)- MIC (local governments, information and communication)
- MHLW (medical services, water supply)- METI (electricity, gas, chemistry, credit, petroleum)
- MLIT (railway, aviation, logistics, airport)Other related ministries- MEXT (security education), etc.
Government organizations
Critical infrastructureBusinesses, etc. Companies Individuals
Cabinet Prime Minister
Cooperation
Cooperation
IT Strategic Headquarters
Cooperation
National Security Council(NSC)
Cooperation
Cybersecurity Structure of Japanese Government
Critical Infrastructure Expert Panel
Technological Strategy Expert
Panel
Human Resources Expert Panel for
Dissemination and Enlightenment
CybersecurityMeasures Promotion Committee
Government Security Operation
Coordination Team(GSOC)
Cyber Incident Mobile Assistant Team
(CYMAT)
2Cyberattacks Observed by NICTER
National Institute of Information and Communications Technology (NICT) is observing cyber attacks globally by monitoring 300,000+ unused IP addresses (NICTER).
■ TCP SYN ■ TCP SYN/ACK ■ TCP ACK ■ TCP FIN■ TCP RESET ■ TCP PUSH ■ TCP Other ■ UDP ■ICMP
3Attacks on IoT Devices (Observed by NICTER)
Number of cyberattacksobserved by NICTER in one year
128,8256,6
545,1
1 281 1 504
2 121
0
400
800
1200
1600
2000
2400
2013 2014 2015 2016 2017 2018
100 million packets
3.9 timesincrease
About half of attacks targeted at IoT devices!
IoTdevices,
48%
Others, 41%
Targets of cyber attacks observed by NICTER
IoT Devices: Router, Web Camera, Sensor, etc.
File Sharing, Databases, etc.
4
On October 21, 2016, the Dyn’s DNS server in the United States experienced two large-scale DDoS attacks
A number of companies that use Dyn’s DNS service were also affected due to communications failure
The attacks originated on a large number of IoT devices infected with malware called “Mirai”
A large volume of communication targeting the Dyn’s system was generated from over 100,000 IoT devices infected with malware
It reportedly reached 1.2 Tbps. Many leading Internet services and news sites using
Dyn’s DNS service were affected
Large-scale DDoS Attacks due to IoT devices
Many infected devices with simple and weak ID and PW
ID: root password: 1234
Status of System Failure
DynAirbnbNETFLIX
Amazon
The Wall Street Journal
The New York Times
5Reasons why IoT Devices are Targeted by Cyberattacks
(1) The extent and degree of impact by attacks is severe.
(2) The life cycle of IoT devices is long-term.
(3) IoT devices are not well-monitored.
(4) Interoperability of IoT devices and network is not sufficient.
(5) Functions and performance of IoT devices are limited.
(6) IoT devices can be connected in a way that the developers have never expected.
6Comprehensive Package of IoT/5G Security Measures MIC published the “comprehensive package of IoT/5G security measures” in August 2019. It is the revised version of the “comprehensive package of IoT security measures” released in October
2017, on the basis of the situational changes in cyberspace, such as the launch of 5G services, increasingimportance for data flow and management, and increasing necessity for supply chain risk management.
Items to be considered Framework of Comprehensive Package
Key measures to each important fieldof ICT services and networks
R&D Human Resource Development
Awareness Raising
International Cooperation
Information Sharing
Information Disclosure
IoT, 5G, cloud services, and smartcity security, etc
Studies on ideal method for trustservices, etc
Hardware vulnerability
AI Cryptography
etc
New risks associated with the launch of 5G services Virtualization, software, and mobile edge computing Operation of IoT devices for industrial use
1
Human resource development for Tokyo 2020 Games
Regional human resource development
etc
Informationsharing platform
Promotion of information disclosure
etc
Collaboration with ASEAN member states
International standardization
etc
Supply chain risk management Risks in the whole supply chain process of ICT products and services Cases of attacks where contractors are used as steppingstones
2
Data flow and management for the realization of Society 5.0 Security for cloud services and smart cities Trust services
3
AI utilization in cybersecurity Importance of promoting cybersecurity measures utilizing AI
4
Possibility of practical use of large-scale quantum computers
Necessity of studying new recommended cryptography with considerationof the large-scale quantum computers in the future
5
Large-scale international events Measures for the Rugby World Cup, the 2020 Tokyo Olympic and
Paralympic Games, and significant events afterward
6
7IoT Security Measure by Government
Effective Measure
Identify vulnerable IoT devices, such as ones with default ID/password setting, and alert the users of these devices to change the setting.
It is prohibited to access IoT devices on the Internet without permission of users.
Amended the law in May 2018 to implement the measure without violating the law, and started the measure, “NOTICE” project, in February 2019.
Challenge
Government Action
8Outline of the “NOTICE” Project
Starting on February 20, 2019, the Ministry of Internal Affairs and Communications (MIC) andNICT, in cooperation with Internet Service Providers (ISPs), conduct the “NOTICE”* project tosurvey vulnerable IoT devices and to alert users to the problem. This project is implemented incompliance with the amendment of the NICT Act.
<Overview of the “NOTICE” Project>(1) NICT surveys IoT devices on the Internet and identifies vulnerable devices, which are those with
weak ID/password settings.(2) NICT provides the information of the identified vulnerable devices to ISPs.(3) The ISPs identify the users of the devices and alert users.
*National Operation Towards IoT Clean Environment
NICT
Used for cyberattacks in the past
E.g., the same alphanumeric
characters used
1) Try to loginIoT devices
2) Providing information Telecommunications carriers (ISPs)
3) Alerting users Support Center
Device usersIoT devices in Japan
“NOTICE” support center helps users to address the vulnerabilities.
9Project to Alert Users of IoT Devices Infected with Malware
<Overview of the project>
(1) NICT identifies the devices generating the malware-infected traffic by using NICTER system.
(2) NICT provides the information of the malware infected devices to ISPs.
(3) The ISPs identify the users of the devices and alert users.
Telecommunications carriers (ISPs)
1) Observing malware-infected traffic
2) Providing information
3) Alerting users
Device users
NICT
Support Center
User Support
Along with NOTICE, MIC and the NICT, in cooperation with ISPs, conduct the projectto identify devices infected with malware by using NICTER system and notify theISPs so that they can alert users of the infected devices from mid June 2019.
10Progress on the Projects
Among 200 million IP addresses in Japan, approximately 90 million IP addressesmanaged by 33 ISPs that are participating in the projects have been investigated.
(1) Results of NOTICE(2) Results of the project to
alert users of malware-infected IoT devices
Approx. 31,000-42,000
Number of IP addresses in which ID and password could be entered
Total 147
In the above, the number of those which were successfully logged-in to with weak password settings and were subject to user alert
112-155 per day
Number of IP addresses which seem to be infected with malware and were subject to user alert
The number of Internet Service Providers participating in the project is 33.In addition to these measures, a proactive measure is required.
(⇒next page)
11Proactive measure for IoT security
Amendment of the Technical Condition of Terminal Equipment for IoT Security
Terminal equipment that is directly connected to telecommunication network through internet protocol is required to have:1) access control on the remote control function, 2) feature to encourage its user to change the default IDs/passwords3) firmware update feature for the future security fixes,or any equivalent/better security measures to/than above.
The requirement does not apply to personal computers or smartphones that are generally protected by other security measures such as anti-virus software.
Schedule
The amended Technical Condition will be enforced on April 1, 2020. After this, the type approval will be given to only the terminal equipment that conform to the Technical Condition.
MIC published the guideline for the security requirements of the Technical Condition, which describes the scope of device types, details of the requirements, etc.
12International Cooperation is Required
Since the botnets are formed globally and cyber attacks are conductedacross borders, the security measures should be taken in all country.
To realize a safe and secure cyberspace, it is important that manycountries share the best practices with each other and implement IoTsecurity measures.
In Japan, we are implementing three security measures for IoT devices (1),(2) and (3).
[Proposal]We would be happy to cooperate with each other such as by
sharing Japanese IoT security measures and providing relevantinformation of malware-infected devices observed by oursystem (NICTER).
We would also appreciate it if you could share the informationof IoT security measures conducted in your country.
13Cybersecurity Human Resource Development(National Cyber Training Center)
Practical cyber exercises for cybersecurity staff involved in the Tokyo 2020 Olympic and Paralympic Games*A total of 74 people in FY2017 and 137 people in FY2018 attended. In FY2019, a maximum of 400 people will participate in the exercises. (to be held until the Tokyo 2020 Games)
292 215 208
1 539
3 0092 666
3 000
0
1 000
2 000
3 000
estimated
Practical cyber defense exercises for administrative organizations and critical infrastructure providers*Total of 3,000 attendees with 100 sessions held annually*Held across Japan (not only the Tokyo metropolitan area)*Planning to establish new semi-advanced courses for offense and defense, and to introduce online courses in FY2020
One-year high-level cybersecurity training program to develop young innovators under 25 years old* 39 trainees in FY2017 and 46 trainees in FY2018 completed the one-year course. 46 trainees have been selected for the FY2019 program.
Numbers of CYDER participants
MIC and NICT* have been conducting cybersecurity exercises at the National Cyber Training Center to develop cybersecurity human resources with practical capabilities to deal with increasingly complicated and sophisticated cyberattacks.
*National Institute of Information and Communications Technology