1. “KEEP IN TOUCH”
for CYBER PEACE
OSIPP Guest Lecturer/ Special Appointed Reseacher!
Kunihiro Maeda
kunihiro.maeda@mac.com
cybersecurity norms, confidence building measures,
and capacity building
2. Outline:
Today’s keyword is “Confidence building”. Confidence Building
Measures(CBM) is the word from Cold War Age. It is like a HOT
LINE after Cuba Crisis between Soviet Union and U.S.A. It took a
6 hours to talk with Soviet’s chief secretary Khrushchev for
President Kennedy through the diplomatic protocol then. It’s a risk
of miscommunication. We have to keep in touch with enemy or
not, because of keeping peace. It’s a simple solution.
1. Communication Channel is very important(Human connection,
Telecommunication infrastructure, Mass Media with good
journalism, e.t.c.)
2. Soft law and power is not so weak. Weak tie provide available
approach against emergency. Make the trust and relationship one
upon another. It will be great wall.(ex. UN GGE)
3. Technology is always dual-use. Good for fun, but for genocide.
Capacity/Capability raise our standard of IT literacy. It’s a quiet
method, but effective.
3. Profile Kunihiro Maeda
4
CEO of Unique ID Inc., and Quantum ID Inc. Specially Appointed Researcher of Osaka
School of International Public Policy at Osaka University, Visiting Fellow of Tokyo University,
Part-time lecturer of Tamagawa University. Part-time lecturer of Graduate School of Arts
and Design at Onomichi University.
I made SNS with my friend in 1996. It was called "Human Web". Maybe it was First SNS in
Japan. In 1998, They tried to make another version “Small World Connection” as work of
art. We sent their works to multi-media competition “Ars Electronica” in Australia. And They
entered it Digital Be-in in USA. We went to San Francisco for presentation. Our work won
the praise of early adapter, just as art. In 2001, We tried to make commercial web site
“Kanshin Kukan(Interest Community)”. Our work won the praise of early adapter in Japan.
We got “Good Design award” in 2001 and he got Web Creation Award in 2006 as a pioneer
of Japanese CGM(Consumer Generated Media=Social Media).
Now I’m is interested in ICT for peace, Humanitarian Technology(Critical Infrastructure,
Drone, not only web technology), Cyber Warfare, Cyber Intelligence and Collective
Intelligence for Human Security.
4. Do you know about “Seoul Framework”
5
The ‘Seoul Framework’ offers guidelines for governments and international organizations on coping with
cybercrime and cyberwar. It highlights the importance of boosting internet access, particularly for developing
countries, for education, development and to ensure freedom of information and expression.
The annual conference on cyberspace aims to establish international cyber-norms and guidelines. The Seoul
conference followed previous gatherings in London and Budapest. It will likely become a bi-annual event, with the
next conference set for the Netherlands in 2015.
http://www.undp.org/content/seoul_policy_center/en/home/presscenter/articles/2013/10/18/-seoul-framework-could-make-cyberspace-safer-more-accessible-.html
5. Seoul Conference on Cyberspace 2013 - Panel Discussion 5
International Security
6
Seoul Conference on Cyberspace 2013 - Panel Discussion 5 International Security October 18(Fri.)
10:50-12:20 Auditorium, Coex, Seoul!
http://www.undp.org/content/seoul_policy_center/en/home/presscenter/articles/2013/10/18/-seoul-framework-could-make-cyberspace-safer-more-accessible-.htmlhttp://www.undp.org/content/seoul_policy_center/en/home/presscenter/articles/2013/10/18/-seoul-framework-could-make-cyberspace-safer-more-accessible-.html
https://www.youtube.com/watch?v=8HWxPPwtuWg
6. Five Principles for Shaping Cybersecurity Norms
Harmonization of Laws and Standards: Given the global and ubiquitous nature of the Internet, developing global
cybersecurity laws and standards will promote understanding, predictability, and enables collaboration on
problem solving among countries.!
・Risk Reduction
Cybersecurity stakeholders should work to improve the security of the Internet through collective responses to
threats by sharing information about threats and vulnerabilities, and by engaging in the active prevention of
cybercrime. !
・Transparency
Governments can help to build trust and increase predictability and stability in cyberspace by practicing greater
transparency in their cybersecurity practices. Microsoft supports greater government transparency, and recently
released another paper promoting the development of a national cybersecurity strategy to articulate priorities,
principles, and approaches for managing national level risks in cyberspace.!
・Collaboration!
As governments construct cybersecurity practices to address security concerns at the international level, they can
seek input from a variety of stakeholders, including the private sector, civil society, and academia.!
・Proportionality!
The issue of proportionality is challenging, because it not yet clear how proportionality in cyberspace will be
interpreted. However, nations should begin to develop interpretations of proportionality in cyberspace under
customary international law.
7
http://download.microsoft.com/download/B/F/0/BF05DA49-7127-4C05-BFE8-0063DAB88F72/Five_Principles_Norms.pdf
7. Accusation? not only for Freedom of expression. U.S. Gov
let them know to keep their easy hacks in check
N.S.A. Breached North Korean Networks Before Sony Attack, Officials Say
8
WASHINGTON — The trail that led American officials to blame North Korea for the destructive cyberattack on Sony Pictures Entertainment in
November winds back to 2010, when the National Security Agency scrambled to break into the computer systems of a country considered one of the most
impenetrable targets on earth. Spurred by growing concern about North Korea’s maturing capabilities, the American spy agency drilled into the Chinese
networks that connect North Korea to the outside world, picked through connections in Malaysia favored by North Korean hackers and penetrated directly
into the North with the help of South Korea and other American allies, according to former United States and foreign officials, computer experts later
briefed on the operations and a newly disclosed N.S.A. document.
A classified security agency program expanded into an ambitious effort, officials said, to place malware that could track the internal workings of many of
the computers and networks used by the North’s hackers, a force that South Korea’s military recently said numbers roughly 6,000 people. Most are
commanded by the country’s main intelligence service, called the Reconnaissance General Bureau, and Bureau 121, its secretive hacking unit, with a large
outpost in China. …
http://www.nytimes.com/2015/01/19/world/asia/nsa-tapped-into-north-korean-networks-before-sony-attack-officials-say.html?_r=0
“We don’t have a better plan – you’re
going to have to stick it up your ass.”
10. The risk of “confidentiality"
11
http://www.forbes.com/sites/scottasnyder/2015/01/08/south-koreas-other-hacking-incident-and-the-need-for-greater-cooperation-in-northeast-asia/print/
11. U.S. cyber strategy for national interest
12
http://www.wsj.com/articles/white-house-to-create-new-division-to-streamline-cyberthreat-intelligence-1423572846
12. Xinhua Insight: Conference urges int'l action against
cyber-terrorism@World Internet Conference 2014
13
WUZHEN, Zhejiang, Nov. 21 (Xinhua) -- That the international community must cooperate to fight online terrorism and maintain peace and stability, is
consensus of the World Internet Conference that closed on Friday.
China has been a major victim of terrorism in recent years, said Gu Jianguo, head of the cyber security and protection bureau under the Ministry of Public
Security. The Internet is an important tool for groups to plan and organize acts of terror and incite followers.
The East Turkestan Islamic Movement (ETIM) has claimed responsibility for a series of incidents featuring knife attacks in Kunming, a bombing in
Urumqi and a car plowing through a crowd in Beijing and threatened to continue their campaign in an online video clip.Since 2010, ETIM has released
almost 300 videos inciting people to participate in their terror campaign. The videos show bomb-making techniques and spread religious extremism.
"Terrorists have their own websites and propaganda platforms on other major portals. They take advantage of social network sites to promote
terrorism,"said Gu, claiming it is easy access to terrorist videos and learn how to make bombs on video sharing websites.
Such freewheeling activities have severely undermined world peace and stability and damaged lives and property, said Gu. "The Internet gives them a global
presence that they did not have before," said James Andrew Lewis, a senior fellow at the Center for Strategic and International Studies based in the United
States. "First of all they use it for propaganda to disseminate Jihad ideology. Besides that they share information and technology that allow them to make
bombs, to recruit people in the west and in Xinjiang," said Michael Barak of Israel's international institute for counter-terrorism. "They are very active on
social media and every terror organization has their own media outlet and twitter accounts. Jihad magazines are in English," he said. Barak believes terrorist
even use online payment systems similar to bitcoin to raise money. No country can manage the threat of cyber-terrorism alone, but at present, there is no
international legal framework to deal with cyber-terrorism, said Cheng Lin, president of the People's Public Security University of China.
"Worse yet, there is neither an effective coordination mechanism nor a top-level design bringing together different countries,"said Cheng.
"International cooperation is very important: monitoring all the websites, everything they run, and recruitment analysis," said Barak.
Gu suggested the international community reach a consensus on the definition of cyber-terrorism, which he said should include all kinds of online
activities promoting and inciting terrorism.
"The answer is that maybe not to focus on the symptoms but on the disease, propaganda and fund-raising are the symptoms, the disease is terrorism, that's
where we need to cooperate," said Lewis.
Gu revealed that there has been a sharp decline of criminal prosecutions for materials promoting terrorism since the beginning of the year when China
tightened up scrutiny and penalties.
"Those who produce and disseminate terrorist materials are based outside China, so we need international cooperation to address the 'cancer' of the
Internet," said Gu.
http://www.xinhuanet.com/english/special/wicwuzhen2014/
WUZHEN, Zhejiang, Nov. 21 (Xinhua) -- That the international community must cooperate to fight online terrorism and maintain peace and stability, is
consensus of the World Internet Conference that closed on Friday.
China has been a major victim of terrorism in recent years, said Gu Jianguo, head of the cyber security and protection bureau under the Ministry of Public
Security. The Internet is an important tool for groups to plan and organize acts of terror and incite followers.
The East Turkestan Islamic Movement (ETIM) has claimed responsibility for a series of incidents featuring knife attacks in Kunming, a bombing in
Urumqi and a car plowing through a crowd in Beijing and threatened to continue their campaign in an online video clip.Since 2010, ETIM has released
almost 300 videos inciting people to participate in their terror campaign. The videos show bomb-making techniques and spread religious extremism.
"Terrorists have their own websites and propaganda platforms on other major portals. They take advantage of social network sites to promote
terrorism,"said Gu, claiming it is easy access to terrorist videos and learn how to make bombs on video sharing websites.
Such freewheeling activities have severely undermined world peace and stability and damaged lives and property, said Gu. "The Internet gives them a global
presence that they did not have before," said James Andrew Lewis, a senior fellow at the Center for Strategic and International Studies based in the United
States. "First of all they use it for propaganda to disseminate Jihad ideology. Besides that they share information and technology that allow them to make
bombs, to recruit people in the west and in Xinjiang," said Michael Barak of Israel's international institute for counter-terrorism. "They are very active on
social media and every terror organization has their own media outlet and twitter accounts. Jihad magazines are in English," he said. Barak believes terrorist
even use online payment systems similar to bitcoin to raise money. No country can manage the threat of cyber-terrorism alone, but at present, there is no
international legal framework to deal with cyber-terrorism, said Cheng Lin, president of the People's Public Security University of China.
"Worse yet, there is neither an effective coordination mechanism nor a top-level design bringing together diffective coordination mechanism nor a top-level design bringing together diff fferent countries,"said Cheng.fferent countries,"said Cheng.ff
"International cooperation is very important: monitoring all the websites, everything they run, and recruitment analysis," said Barak.
Gu suggested the international community reach a consensus on the definition of cyber-terrorism, which he said should include all kinds of online
activities promoting and inciting terrorism.
"The answer is that maybe not to focus on the symptoms but on the disease, propaganda and fund-raising are the symptoms, the disease is terrorism, that's
where we need to cooperate," said Lewis.
Gu revealed that there has been a sharp decline of criminal prosecutions for materials promoting terrorism since the beginning of the year when China
tightened up scrutiny and penalties.
"Those who produce and disseminate terrorist materials are based outside China, so we need international cooperation to address the 'cancer' of the
Internet," said Gu.
13. Xinhua Insight: Conference urges int'l action against
cyber-terrorism@World Internet Conference 2014
14
WUZHEN, Zhejiang, Nov. 21 (Xinhua) -- That the international community must cooperate to fight online terrorism and maintain peace and stability, is
consensus of the World Internet Conference that closed on Friday.
China has been a major victim of terrorism in recent years, said Gu Jianguo, head of the cyber security and protection bureau under the Ministry of Public
Security. The Internet is an important tool for groups to plan and organize acts of terror and incite followers.
The East Turkestan Islamic Movement (ETIM) has claimed responsibility for a series of incidents featuring knife attacks in Kunming, a bombing in
Urumqi and a car plowing through a crowd in Beijing and threatened to continue their campaign in an online video clip.Since 2010, ETIM has released
almost 300 videos inciting people to participate in their terror campaign. The videos show bomb-making techniques and spread religious extremism.
"Terrorists have their own websites and propaganda platforms on other major portals. They take advantage of social network sites to promote
terrorism,"said Gu, claiming it is easy access to terrorist videos and learn how to make bombs on video sharing websites.
Such freewheeling activities have severely undermined world peace and stability and damaged lives and property, said Gu. "The Internet gives them a global
presence that they did not have before," said James Andrew Lewis, a senior fellow at the Center for Strategic and International Studies based in the United
States. "First of all they use it for propaganda to disseminate Jihad ideology. Besides that they share information and technology that allow them to make
bombs, to recruit people in the west and in Xinjiang," said Michael Barak of Israel's international institute for counter-terrorism. "They are very active on
social media and every terror organization has their own media outlet and twitter accounts. Jihad magazines are in English," he said. Barak believes terrorist
even use online payment systems similar to bitcoin to raise money. No country can manage the threat of cyber-terrorism alone, but at present, there is no
international legal framework to deal with cyber-terrorism, said Cheng Lin, president of the People's Public Security University of China.
"Worse yet, there is neither an effective coordination mechanism nor a top-level design bringing together different countries,"said Cheng.
"International cooperation is very important: monitoring all the websites, everything they run, and recruitment analysis," said Barak.
Gu suggested the international community reach a consensus on the definition of cyber-terrorism, which he said should include all kinds of online
activities promoting and inciting terrorism.
"The answer is that maybe not to focus on the symptoms but on the disease, propaganda and fund-raising are the symptoms, the disease is terrorism, that's
where we need to cooperate," said Lewis.
Gu revealed that there has been a sharp decline of criminal prosecutions for materials promoting terrorism since the beginning of the year when China
tightened up scrutiny and penalties.
"Those who produce and disseminate terrorist materials are based outside China, so we need international cooperation to address the 'cancer' of the
Internet," said Gu.
http://www.xinhuanet.com/english/special/wicwuzhen2014/
15. Not in front of the telly: Warning over 'listening' TV:
(Business Intelligence in IoT age)
16
Samsung is warning customers about discussing personal information in front of their smart television set. The warning applies to TV viewers who control their
Samsung Smart TV using its voice activation feature. When the feature is active, such TV sets "listen" to what is said and may share what they hear with Samsung
or third parties, it said. Privacy campaigners said the technology smacked of the telescreens, in George Orwell's 1984, which spied on citizens.
Data sharing
The warning came to light via a story in online news magazine the Daily Beast which published an excerpt of a section of Samsung's privacy policy for its net-
connected Smart TV sets. These record what is said when a button on a remote control is pressed.
The policy explains that the TV set will be listening to people in the same room to try to spot when commands or queries are issued via the remote. It goes on to
say: "If your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party."
Corynne McSherry, an intellectual property lawyer for the Electronic Frontier Foundation (EFF) which campaigns on digital rights issues, told the Daily Beast
that the third party was probably the company providing speech-to-text conversion for Samsung.
She added: "If I were the customer, I might like to know who that third party was, and I'd definitely like to know whether my words were being transmitted in a
secure form."
Soon after, an activist for the EFF circulated the policy statement on Twitter comparing it to George Orwell's description of the telescreens in his novel 1984 that
listen to what people say in their homes.
In response to the widespread sharing of its policy statement, Samsung has issued a statement to clarify how voice activation works. It emphasised that the voice
recognition feature is activated using the TV's remote control.
It said the privacy policy was an attempt to be transparent with owners in order to help them make informed choices about whether to use some features on its
Smart TV sets, adding that it took consumer privacy "very seriously".
Samsung said: "If a consumer consents and uses the voice recognition feature, voice data is provided to a third party during a requested voice command search.
At that time, the voice data is sent to a server, which searches for the requested content then returns the desired content to the TV."
It added that it did not retain voice data or sell the audio being captured. Smart-TV owners would always know if voice activation was turned on because a
microphone icon would be visible on the screen, it said.
The third party handling the translation from speech to text is a firm called Nuance, which specialises in voice recognition, Samsung has confirmed to the BBC.
Samsung is not the first maker of a smart, net-connected TV to run into problems with the data the set collects. In late 2013, a UK IT consultant found his LG
TV was gathering information about his viewing habits.
Publicity about the issue led LG to create a software update which ensured data collection was turned off for those who did not want to share information.
http://www.bbc.com/news/technology-31296188
16. World Economic Forum : The Global Risks Landscape 2015
(What is the impact and likelihood of global risks?)
17
Survey respondents were asked
to assess the likelihood and
impact of the individual risks on
a scale of 1 to 7, 1 representing
a risk that is not likely to
happen or have impact, and 7 a
risk very likely to occur and
with massive and devastating
impacts. !
!
http://reports.weforum.org/
global-risks-2015/appendix-b-
the-global-risks-perception-
survey-2014-and-methodology/
19. Seoul Conference on Cyberspace 2013 - Plenary Session 3
20https://www.youtube.com/watch?v=Wb7ON1njlwA
1. Development of international rules for cyberspace
2. Confidence building measures in cyberspace
3. Cybersecurity capacity building
20. Conventional regulatory framework(at ITU)
21http://www.slideshare.net/izumia/internet-governance-and-development-140305
Conventional regulatory framework
(at ITU)
!! Governments to regulate; business and technologist
participate and form international organization (ITU)
!! Civil Society/individual users have no role
!! Inter-national, but not Global
Governments
Int’l Orgs
Technologist
Industry
Civil Society
21. Internet governance old model:private sector self management
22http://www.slideshare.net/izumia/internet-governance-and-development-140305
Internet governance old model
private sector self management
IETF, ICANN, W3C, Unicode Consortium)
!! Self-management led by technologists
!! Engineers, pioneers form “private club” to manage
!! Looks global, but lacks legal and political legitimacy
!! Not scalable, little civil society involvement
Int’l
Orgs
Governments
Technologists
New industry
Traditional
industry
Civil Society
Self- management
22. New Model: Multi-stakeholder governance
23http://www.slideshare.net/izumia/internet-governance-and-development-140305
New Model: Multi-stakeholder
governance
!! Net governance cannot exclude users
!! Not “consumers” or “mass”, but Netizens who have power
!! All stakeholders to get involved with proper balance
!! Minimize government involvement, support participation from
civil society and developing countries
Government
Civil Society
(Netizens)
Technologists
Industry
Multi-stakeholder
Governance
Int’l Orgs
23. JAPANESE APPROACH: PRACTICE (Proactive Response Against
Cyber-attacks Through International Collaborative Exchange)
24
24. JAPANESE APPROACH: PRACTICE (Proactive Response Against
Cyber-attacks Through International Collaborative Exchange)
25
- The project has been implemented since the fiscal year 2011 with the aim of
countering
and reducing the risks of cyber attacks (distributed denial of service attacks, malware
infection activities, etc.) which produce growing damages in recent years.
- We will internationally build a network to gather information related to cyber attacks
and
malware, etc. through cooperation with Internet service providers and universities in
Japan and other countries, and collaborate with other countries to conduct research,
development, and field trial for technology that makes it possible to predict the
occurrence
of cyber attacks and quickly respond to them.
- We will utilize international conferences (bilateral and multilateral) and call upon
organizations (Internet service providers, universities, etc.) of various countries to
collaborate in sharing information such as cyber attack monitoring data and analysis
results and in conducting research and development.
http://www.nisc.go.jp/active/kihon/pdf/InternationalStrategyonCybersecurityCooperation_e.pdf
26. JAPANESE APPROACH: TSUBAME (International network traffic
monitoring project) www.nisc.go.jp/eng/
27
- TSUBAME is a project for monitoring and visualizing Internet traffic, and has been
implemented since 2007. The project was developed under the framework of the Asia
Pacific Computer Emergency Response Team (APCERT), which is a community of
Computer Security Incident Response Teams (CSIRT*) in the Asia Pacific region. The
project was initiated and is led by JPCERT/CC.!
- This project installs monitoring sensors in the national CSIRTs of the Asia Pacific
region(as of September 2013, sensors have been installed in 23 teams in 20 economic
regions), and visualizes the monitoring results in the region. The project is aimed at
strengthening collaboration among CSIRTs (cooperation in responding to cross-border
security incidents, and sharing threat information and analysis capabilities) through
the process of gathering and visualizing malicious Internet activities detected by each
sensor, sharing this information among all members, and responding to them together.
http://www.nisc.go.jp/active/kihon/pdf/InternationalStrategyonCybersecurityCooperation_e.pdf
27. Thank you!
Keep in touch for
our good relationship
kunihiro.maeda@mac.com