NPI publishes "Digital Technology and Economy/Finance Annual Research Report ...Yuichi (祐一) Iwata (岩田)
Launched in FY2020 under the sponsorship of Japan's Ministry of Foreign Affairs, this study group is scheduled to run for three years until FY2022.
The aim of this study group is to analyze and consider the impact of the innovation and expansion of digital and other advanced technologies on the economy, finance, international relations, and international security from a global perspective in terms of both potentials and risks, and then to examine and propose issues and solutions for Japan and a direction that can be presented to the world.
Utilizing a network of experts from industry, academia, and government, we will try to clearly organize specialized concepts such as "big data," "AI," "IoT," "5G," "cyber security," "digital currency," "blockchain," and "FinTech" as implications in the context of international issues, and also pay attention to "values" and "psychology," which are important in implementing technologies.
本講演は発表者が2017年から2020年に行った研究活動のうち、制御システムの末端装置に対する攻撃の検知およびその検知の結果を含む異常動作を監視する仕組みについて解説します。末端装置に対する攻撃の検知については、自動車内部や工場で利用されるController Area Network (CAN)に接続される装置への攻撃の検知を扱います。CANは攻撃を検知するのが非常に難しいネットワークですが、この攻撃検知をする手法について、発表者が開発手法を含むいくつかの方法について解説します。もう一つの異常動作を監視する仕組みについては、発表者がITU-T SG17(セキュリティ)にて提案し勧告化されたX.1367(X.elf-iot)について解説します。インターネットリーチャビリティを持たない末端装置で発生した問題をセキュリティオペレーションセンター(SOC)までどうやって伝えるのかを解説します。最後にこれらの検知と監視によって作り出されるセキュリティマネジメントのイメージを提示し、課題を説明します。
Presentation in SECCON on 12th of February,2023.
I would like to explain in the followings;
a)It is not possible to derive anything useful from the concept of active cyber defence per se
2)The issue can be derived solely from whether the attacker is affected or not.
3)Even where there is an impact, the legal position is very different depending on the intensity of the attack and counter-attack
3)The legal position requires a 3D analysis of national and international law
4)Traditional frameworks of analysis of national and international law are very effective when analysing by subject and action (geographical generalisations are harmful and futile).
5)The legal implications of a 'national security strategy' can only be analysed by cybersecurity legal experts.
6)As for the specific issues, there is a vast legal grey zone, with various issues depending on International/national law and specific acts.
NPI publishes "Digital Technology and Economy/Finance Annual Research Report ...Yuichi (祐一) Iwata (岩田)
Launched in FY2020 under the sponsorship of Japan's Ministry of Foreign Affairs, this study group is scheduled to run for three years until FY2022.
The aim of this study group is to analyze and consider the impact of the innovation and expansion of digital and other advanced technologies on the economy, finance, international relations, and international security from a global perspective in terms of both potentials and risks, and then to examine and propose issues and solutions for Japan and a direction that can be presented to the world.
Utilizing a network of experts from industry, academia, and government, we will try to clearly organize specialized concepts such as "big data," "AI," "IoT," "5G," "cyber security," "digital currency," "blockchain," and "FinTech" as implications in the context of international issues, and also pay attention to "values" and "psychology," which are important in implementing technologies.
本講演は発表者が2017年から2020年に行った研究活動のうち、制御システムの末端装置に対する攻撃の検知およびその検知の結果を含む異常動作を監視する仕組みについて解説します。末端装置に対する攻撃の検知については、自動車内部や工場で利用されるController Area Network (CAN)に接続される装置への攻撃の検知を扱います。CANは攻撃を検知するのが非常に難しいネットワークですが、この攻撃検知をする手法について、発表者が開発手法を含むいくつかの方法について解説します。もう一つの異常動作を監視する仕組みについては、発表者がITU-T SG17(セキュリティ)にて提案し勧告化されたX.1367(X.elf-iot)について解説します。インターネットリーチャビリティを持たない末端装置で発生した問題をセキュリティオペレーションセンター(SOC)までどうやって伝えるのかを解説します。最後にこれらの検知と監視によって作り出されるセキュリティマネジメントのイメージを提示し、課題を説明します。
Presentation in SECCON on 12th of February,2023.
I would like to explain in the followings;
a)It is not possible to derive anything useful from the concept of active cyber defence per se
2)The issue can be derived solely from whether the attacker is affected or not.
3)Even where there is an impact, the legal position is very different depending on the intensity of the attack and counter-attack
3)The legal position requires a 3D analysis of national and international law
4)Traditional frameworks of analysis of national and international law are very effective when analysing by subject and action (geographical generalisations are harmful and futile).
5)The legal implications of a 'national security strategy' can only be analysed by cybersecurity legal experts.
6)As for the specific issues, there is a vast legal grey zone, with various issues depending on International/national law and specific acts.
This document provides an overview of contact tracing efforts around the world from a legal and privacy perspective. It discusses key concepts in contact tracing like proximity tracing apps and exposure notification. It then reviews the frameworks and guidelines put forward by the EU and UK, as well as examples of contact tracing apps and programs in countries like China, Singapore, Germany, and Australia. Challenges in balancing privacy and public health are explored, and principles like privacy by design and transparency are discussed. Open issues around data minimization, consent, and handling personal data are also examined.
This document summarizes key differences between GDPR and Japan's APPI regarding personal data protection laws, using the "Rikunabi case" as an example.
The document outlines the main frameworks, definitions of personal data vs personal information, and rights of individuals. It then details how APPI is currently under review regarding areas like data breach reporting policies, voluntary business initiatives, and data utilization policies.
The case study describes how Rikunabi Career used behavioral data and a prediction model to calculate student jobseekers' likelihoods of withdrawing applications, without properly obtaining consent. This led to recommendations and guidance from Japan's Personal Information Protection Committee and an instruction from the Tokyo Labor Bureau regarding legal compliance.
This document discusses e-discovery in UK litigation and compares it to procedures in Japan. Key points:
- UK litigation requires full disclosure of all material evidence by both parties. This contrasts with Japan which does not have an automatic discovery process.
- Differences in civil procedure laws around document protection and data privacy can cause conflicts in cross-border e-discovery.
- Japanese companies may have weaknesses in areas like retention policies and cultural perspectives that make adapting to rigorous e-discovery standards challenging. Cooperation will be needed to resolve conflicts that arise from these differences.
This document discusses the legal issues surrounding cloud computing. It begins by outlining some of the key compliance risks when using cloud services, such as loss of governance over data and unclear jurisdiction. It then examines these issues in more depth, analyzing how data protection laws, information security laws, and international standards apply both within a single country and across borders. Challenges related to cloud forensics, subpoenas, and e-discovery in legal cases are also addressed. The document concludes by emphasizing the complexities of determining applicable laws in cross-border situations.
The document discusses security issues related to cloud computing including lack of standards, jurisdictional challenges, and balancing privacy and security concerns. It draws analogies between cloud security challenges and the "Star Wars" concept of balancing the light and dark sides of the force. It argues that frameworks, standards, and transparent defense systems are needed to address vulnerabilities and bring more balance to cloud security.
Describing the paradigm shift of Information security at Mass Internet age.
Bot Net Order look like Order 66.
What are "New Hopes " of cyber warfare ?
This document provides an overview of contact tracing efforts around the world from a legal and privacy perspective. It discusses key concepts in contact tracing like proximity tracing apps and exposure notification. It then reviews the frameworks and guidelines put forward by the EU and UK, as well as examples of contact tracing apps and programs in countries like China, Singapore, Germany, and Australia. Challenges in balancing privacy and public health are explored, and principles like privacy by design and transparency are discussed. Open issues around data minimization, consent, and handling personal data are also examined.
This document summarizes key differences between GDPR and Japan's APPI regarding personal data protection laws, using the "Rikunabi case" as an example.
The document outlines the main frameworks, definitions of personal data vs personal information, and rights of individuals. It then details how APPI is currently under review regarding areas like data breach reporting policies, voluntary business initiatives, and data utilization policies.
The case study describes how Rikunabi Career used behavioral data and a prediction model to calculate student jobseekers' likelihoods of withdrawing applications, without properly obtaining consent. This led to recommendations and guidance from Japan's Personal Information Protection Committee and an instruction from the Tokyo Labor Bureau regarding legal compliance.
This document discusses e-discovery in UK litigation and compares it to procedures in Japan. Key points:
- UK litigation requires full disclosure of all material evidence by both parties. This contrasts with Japan which does not have an automatic discovery process.
- Differences in civil procedure laws around document protection and data privacy can cause conflicts in cross-border e-discovery.
- Japanese companies may have weaknesses in areas like retention policies and cultural perspectives that make adapting to rigorous e-discovery standards challenging. Cooperation will be needed to resolve conflicts that arise from these differences.
This document discusses the legal issues surrounding cloud computing. It begins by outlining some of the key compliance risks when using cloud services, such as loss of governance over data and unclear jurisdiction. It then examines these issues in more depth, analyzing how data protection laws, information security laws, and international standards apply both within a single country and across borders. Challenges related to cloud forensics, subpoenas, and e-discovery in legal cases are also addressed. The document concludes by emphasizing the complexities of determining applicable laws in cross-border situations.
The document discusses security issues related to cloud computing including lack of standards, jurisdictional challenges, and balancing privacy and security concerns. It draws analogies between cloud security challenges and the "Star Wars" concept of balancing the light and dark sides of the force. It argues that frameworks, standards, and transparent defense systems are needed to address vulnerabilities and bring more balance to cloud security.
Describing the paradigm shift of Information security at Mass Internet age.
Bot Net Order look like Order 66.
What are "New Hopes " of cyber warfare ?