CyberDefenseTopics, RFC1126, AI Usage - Aug 27th to Sep 2nd, 2023 F5 SIRT This Week in Security

Editor's introduction 

This week in security editor is Koichi. I recently hear the word ""Active Cyber Defense" in the news on TV. So I chose topics of Japanese cyber security agency, Active Cyber Defense, data transmission by pigeon, and how to use Generative AI for security training.

We in F5 SIRT invest lot of time to understand the frequently changing behavior of bad actors. Bad actors are a threat to your business, your reputation, and your livelihood. That’s why we take the security of your business seriously. When you’re under attack, we’ll work quickly to effectively mitigate attacks and vulnerabilities, and get you back up and running. So next time you are under security emergency please contact F5 SIRT

Japanese cyber security agency was hacked, and they admitted it.

Financial Times reported Japan’s cyber security agency suffers months-long breach, that Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC), the agency responsible for the nation's cyber defenses, has been hacked for several months by a hacker who is reportedly backed by the Chinese military.
You need to subscribe to read this article, therefore, reading other articles to know what happened.
According to the article, the security breach occurred in October 2022 and was disclosed in August of this year, the incident was limited to a breach of the agency’s email system. NISC released an announcement that their classified e-mails were leaked.
On the release, NISC admitted it is possible that emails containing personal information sent and received by NISC between early October 2007 and mid-June 2023 may have been leaked to external parties.

"Active Cyber Defense", or "Offensive Cyber Operation (OCO)"

The Japanese government is considering introducing an Active Cyber Defense strategy for defense. The term "Active Cyber Defense" has frequently appeared in the news in Japan. The Japanese Government is considering introducing "Active Cyber Defense", or "Offensive Cyber Operation (OCO)", which has not been approved so far, instead of passive defense strategy.
Please see the picture here to know what is "Active Cyber Defense" and passive difences.
On 8/7, the Washinton Post reported that Chinese military hackers had intruded into the military network of the Japanese Self-Defence Force (JSDF) and stolen sensitive data 3 years ago, and this scoop was very shocking to the Japanese Cabinet. And of course, the above news must be another shock.
To address this, the Cabinet Office set up an expert panel consisting of several experts to discuss the introduction of Active Cyber Defenses, which had not previously been approved.
Under the current interpretation of the Japanese Constitution, the JSDF is allowed to use weapons to fight back only when they or Japanese civilian are attacked by the enemy. Cyber attacks were also considered to be subject to this criterion, and therefore have so far only been dealt with when it was confirmed that hackers had infiltrated the network. However, many have voiced that such restrictions make effective defense in cyberspace difficult, so a more proactive defense posture is required.
In order to establish an organization to do Active Cyber Defense, it is said that the Japanese government plans to restructure the NISC and establish a new command post organization.
The head of the Preparatory Office, Mr. Koyanagi, said that this is an urgent issue, stating, "We plan to develop the system, as well as improve the legal system and strengthen operations, and we will hold discussions on the concrete implementation of the system as soon as possible"
The Japanese government is expected to aim to submit the law amendments and other proposals to next year's ordinary parliamentary session.
This article is based on this: https://www.nhk.or.jp/kaisetsu-blog/100/486718.html

Which is faster, network transfer on the internet, or, the homing pigeon?

Jeff Geerling has released an interesting YouTube video: "Testing one of the oldest Internet myths" 
When transferring very large amounts of data, sometimes it is faster to directly deliver a hard drive.
I have heard that some companies in Japan asks employee to transport the HDD which contain a large amount of data from Tokyo office to Osaka branch (about 400km) using the shinkansen (rapid train) when ADSL was the predominant communication line.
And there is a joke RFC that uses a homing pigeon to transport the data instead of the internet.
RFC 1149: A Standard for the Transmission of IP Datagrams on Avian Carriers 
Therefore, the idea has existed already. However, Mr.Jeff has put it into practice.
He had prepared 3 of 1TB SSD which is very small to attach to the pigeon, and compared the time to transfer between homing pigeon and the file transfer via the internet. The goal is 1.6km away. Gray, the homing pigeon is released and transported the SSDs. So it was a short trip.
The total time for transport by a homing pigeon and retrieving data was approximately 150 minutes. In contrast, the file transfer via the Internet took approximately 450 minutes (approximately 7 hours and 30 minutes). So it is proved that the homing pigeon is faster to transfer 3 TB than that of internet, at least in his environment.

Use Generative AI for security training

NEC Corporation, one of the biggest information technology and electronics corporations in Japan, of course, is using Generative AI for their business. They announced that its in-house Generate AI service is being used about 10,000 times a day by some 25,000 people. Generative AI has halved the time of preparing (Japanese excessively formal) documents and has also drastically reduced the time to take minutes.
Like Microsoft or NTT, the Generative AI is also used for security. NEC uses it to support threat investigation and malware analysis. Furthermore, Generative AI is used to craft a fake e-mail that simulates an email attack, for employee training purpose, also used to propose countermeasures agains that, so that employee is able to experience a real e-mail attack/defense.
This article is based on this: https://www.itmedia.co.jp/news/articles/2308/30/news125.html

Published Sep 07, 2023
Version 1.0
No CommentsBe the first to comment