A project leader standing up to sophisticated cyber attacks
Senior Expert, Cloud System Research Laboratory, Central Research Laboratories / Project Director (Social Security Group), National Security Solutions Division, NEC Corporation: Yukiko Yano
Cyber attacks are now a major problem for society, leading to issues such as information leaks and system failure. With the shift toward the Internet of Things progressing, they present a growing threat and risk to not only information systems, but also our lives in society. Yukiko Yano is meeting these increasingly sophisticated cyber attacks head on, as the Project Director for security measures. Here, she discusses recent trends in the damages caused by attacks, as well as points to take into account for cyber security measures. She also covers NEC's strengths, and provides advice from a specialist's perspective.
Bolstering security starts from "knowing" the on-site situation
--First, can you give us an overview of the sort of technology Recognizing Textual Entailment is?
Yano: I'm assigned to several departments right now, but my work is currently centered around my job as Project Leader of the Social Security group of the National Security Solutions Division.
To cope with increasingly sophisticated and diverse cyber attacks, it is important to know a site well through security monitoring, for example. It is also crucial to assess your ability to handle attacks through technological development, and build a relationship of trust by understanding the technology and awareness (security literacy) of your customers.
At the Social Security Group, we have put together a highly-specialized team with abundant informational capability and advanced technological prowess. Together we strive to propose optimal security solutions to customers, and develop new technology and services.
--What are the main tasks that your role as Director entails?
Yano: Broadly speaking, my responsibilities fall into three categories. The first is developing and pioneering security solutions. The second is developing new security technology in coordination with the research lab. And the third is coordination with outside entities, such as institutes, universities, and industry groups.
In addition to carrying out the management and decision-making for projects as director through a range of activities such as these, I am also sometimes involved in establishing direction and performing technological development for research and development as a researcher.
My main job is to comprehensively round up information from a variety of internal and external sources, such as the issues and requests of customers, feedback from NEC's security monitoring hubs and research labs, and outside industry or institute opinions. I then consider what new solutions are necessary, and what technology will be required, and focus our efforts in that direction.
Unknowingly becoming a perpetrator of cyber attacks
--As a specialist, tell us about recent trends and threats regarding cyber attacks.
Yano: A characteristic of recent trends is the increasing severity of the damage caused. Leaks of personal information are often highlighted, but that is only the beginning. In an increasing number of cases, intellectual property such as blueprints and proprietary technology have been targeted, along with public sector data such as policy information.
Additionally, with IoT gaining momentum, vigilance is also necessary outside of the conventional ICT systems at companies and organizations. For example, the threat of being subject to cyber attacks is spreading to social systems, such as mobile devices, surveillance cameras, gate authentication systems, power meters, and home consumer electronics devices used by many people. For this reason, it is becoming important to shore up systems while implementing measures that fulfill a myriad of requirements, such as not impacting the convenience of users.
--What about awareness and measures at companies with regard to cyber attacks and security?
Yano: The level of awareness and measures in place vary depending on the company or organization. There are still some companies with the conventional attitude that security is a form of insurance, but it is important for management to recognize security as a necessary expense.
There is a danger that the impact of cyber attacks will spread beyond the target company. For example, there have been cases in which a weakness in the system of a partner company was attacked and used as a stepping stone to target the data of a certain company affiliated with it.
In such cases, the companies originally targeted are not just victims, but also face the risk of unknowingly becoming perpetrators of attacks against other companies as well. In light of this, it is paramount that all companies approach cyber security as an issue faced by the whole of society, and not just a problem of their own.
Ongoing improvement is a key part of security measures
--Are there any points that you consider particularly important when it comes to cyber security?
Yano: Dealing with cyber attacks requires a variety of initiatives, such as protection based on information gathering and analysis, and quick incident response when targeted by a cyber attack, as well as recovery and countermeasures to identify what happened and prepare for subsequent attacks.
In addition to these, I think it is important to carry out ongoing improvements to security measures. Cyber attacks are constantly changing. The ICT environments of customers also change. Instead of putting security measures in place once and then wiping your hands of them, it is necessary to perform routine checks and review these measures regularly.
The other thing I believe is important is coordination. NEC of course conducts development of new solutions and technology itself, but it is also essential to coordinate and share information with group and partner companies that are well-versed in cyber attacks, as well as the community and institutes, etc. Another key point is the training and reinforcement of human resources knowledgeable about cyber security, both at customers and solution vendors.
--Tell us about NEC's advantages and strengths in the area of cyber security.
Yano: In addition to having a proven track record in implementing advanced cyber security at government offices, the NEC group has experience monitoring and operating around 180,000 PCs of our own. We provide customers with the expertise we've accumulated through these tangible activities as solution services and software packages.
The existence of the Cyber Security Factory as a central hub that combines information, technology and human resources is another of NEC's significant advantages.
NEC is also actively pursuing collaborations with public institutions both in Japan and overseas. One example of this is our participation in a proof-of-concept project sponsored by Ministry of Internal Affairs and Communications that involved industry-government-university cooperation. For this we provide human resource development through cyber exercises.
Overseas, we cooperated with Interpol and contributed to its efforts against international cyber crime by providing technology and systems, as well as dispatching temporary staff.