1st Next-Generation security Architecture Study Meeting

Overview

• Date: Thursday, February 24, 2022 (2022) from 1:00 p.m. to 3:00 p.m.
• Location: Online
• Agenda:
  1. Opening
  2. Proceedings
     1. Cybersecurity Strategies, Priority plan and Maintenance Policies
     2. Technical Review Meeting
     3. Guidelines for Zero Trust Architecture Adoption Policy
     4. Technical Report on Continuous Diagnosis and Response security Architecture (tentative name)
     5. Free discussion
  3. Adjournment

Materials

• Agenda (PDF/101KB)
• Appendix 1: cybersecurity Strategies (PDF / 2,319 kb)
• Exhibit 2: Guidelines for Zero Trust Architecture Application Policies (PDF / 2,740 kb)
• Exhibit 3: Technical Report on Continuous Diagnosis and Response security Architecture (tentative name) (PDF / 2,333 kb)
• Proceedings Summary (PDF/888KB)

References

• Appendix 1: NIST SP800-207 "Zero Trust Architecture"
• Reference 2 NEDO 2020 CDM Basic Survey Results Report (PDF / 8,268 kb)
• Reference 3: Adoption of NEDO's 2021 CDM Feasibility Study (PDF / 1,137 kb)

Summary of proceedings

Date

Thursday, February 24, 2022 (2022) from 1:00 p.m. to 3:00 p.m.

Location

Held online

Attendees

Member

• UEHARA Tetsutaro (Professor, Faculty of Information Science and Engineering, Ritsumeikan University)
• Seiji Kono (Chief security Officer, Technology Management Office, Microsoft Corporation)
• Shigeru Kimura, Evangelist and Architect, security Operations, Cisco Systems LLC
• GOTO Atsuhiro (President of security Graduate University of Information * 1)
• Natsuhiko Sakimura, President of OpenID Foundation
• Yusuke Tahara (General Manager of Integration Service & Planning Department, Integration Promotion Division, LAC Co.,Ltd.)
• Morifumi Narahara (Chief IT Architect, Tanium LLC)
• Toshio Nawa (Managing Director / Senior Analyst, Cyber Defense Research Institute Co., Ltd. * 2)
• Norihiko Maeda (Director of the Office of the President of FFRI,Inc. security)
• Mitsuhiko Maruyama (Partner, PwC Consulting LLC)

* 1 Individual hearings were held on Wednesday, March 2, 2022.
* 2 Individual hearings were held on Friday, March 4, 2022.

Observer

• Cyber security Center (NISC)
• Hiroki Takakura (National Institute of Informatics)

Digital Agency (Secretariat)

• Strategy & Organization Group security Risk Management Team

Information-Technology Promotion Agency

• Digital Architecture and Design Center

Minutes

• The secretariat explained Material 1 "cybersecurity Strategies, etc.", Material 2 "Guidelines for Zero Trust Architecture Application Policies", and Material 3 "Technical Report on Continuous Diagnosis and Response security Architecture (tentative name)".
• In the open discussion on the "Zero Trust Application Guideline," the following remarks were mainly made.
• Zero Trust has both advantages and disadvantages, so it is necessary to describe them side by side. Each ministry and agency has a system that requires stability and a system that is based on a borderline defense, not on the premise that it is connected to the Internet, so it is necessary to clarify the scope.
• Zero Trust will require careful monitoring. In addition, since there are cases where operation cannot be outsourced, there is a possibility that the operation load will increase, and it is necessary to formulate principles with an eye to operation.
• Zero Trust is the North Star, and the trusted environment will remain for the time being. In particular, financial institutions are strongly aware that the trusted environment is out of scope, but if the trusted environment is to remain, it is necessary to identify the risks, report them to top management, and obtain approval.
• Amazon, Microsoft, Google, Cisco, and others are promoting content useful for zero Trust, such as the "OpenID Continuous Access Evaluation Profile1.0" and the "OpenID Shared Signals and Events Framework Specification 1.0," which will be a reference for this initiative.
• It is not possible to protect information with zero Trust, and it is necessary to clarify the scope after clarifying the purpose.
• Although boundary defense and zero Trust are treated in an adversarial manner, the concept of boundary defense using zero Trust architecture has begun to emerge, and the composition may change in the future. Therefore, it is not necessary to emphasize transition to zero Trust too much.
• Zero Trust may be preceded by keywords, but in fact, implementation is very difficult. It is good to specify as one point that Zero Trust starts after construction.
• In the case of overseas private sector companies, when accessing after the zero Trust configuration, there is a case in which malware is infected if it is accessed continuously for 6 hours. Continuous assessment is important.
• Currently, it can be said that a mixed environment of zero Trust and boundary defense is the standard. In addition, if there is any suggestion about transition, it will be a hint to the user's point of view.
• I would like to hear more about network-based zero Trust, for example, microsegmentation, SDN, and IBN-based control.
• The burden is also increased in terms of user convenience. Efforts to reduce the burden on users should also be mentioned.
• We have to be careful not to create a situation where we can't do it even if we are told to do so because the operation load will increase.
• It is difficult to manage 100% of assets, and in recent years, it has become more difficult, such as the utilization of cloud. It is necessary to implement it with determination.
• It is considered that digital identity is difficult in Japan-which is not a form of a specialization-based recruitment method. In addition, it is possible to realize it after Security Clearance is taken care of.
• I think it would be good for the JNSA Working Group on Identity to be familiar with ID management and cooperate with it.
• It is easier to understand if the discussion is based on the successful example of Trust which introduced the zero organization architecture.
• It is assumed that cyber risks can be discovered in general, but the point of finding latent risks should be mentioned, and it is necessary to discuss the implementation of persistent authority confirmation, authentication and authorization for devices and authentication.
• With the application of Zero Trust, changes in physical strength and consciousness are required because changes in existing business will be large. It is necessary to clearly state that the reader must be prepared.
• The targets to be protected, such as assets, network accounts, workflows, and data, are clearly defined, so it is necessary to explain them so that there is no inconsistency. In addition, services such as operational flows must be included, and it is necessary to monitor a series of flows, not only the entrance and exit.
• Assets and resources need to be consistent with definitions such as cybersecurity strategies.
• It is necessary to explain the outline of Zero Trust carefully. Before shifting from role-based to attribute-based authentication, why should it be shifted, and why additional authentication such as multi-factor authentication is required?
• From a risk-based perspective, threat intelligence is a necessary perspective, and an intelligence policy engine is important. It is also good to introduce cases in private sector.
• Monitoring is based on eDiscovery in the United States, and it is possible to store and quickly browse each activity in time.
• Maturity is important. Even if we look at SP800171 and the Risk Management Framework, maturity is about 60%. The guidelines are idealism and challenging. For example, it is difficult to manage certificates, such as API encryption. It is necessary to work with considerable resolve.
• In the open discussion on "Technical Report on Continuous Diagnosis and Response security Architecture (tentative name)," the following remarks were mainly made.
• Ideal configuration management should also be considered. Human error is not related to the vulnerability of IT assets. Configuration management is state management, and it does not distinguish good from bad. Feedback loops created during learning seem to be the ideal form.
• Since some companies have already introduced SIEM, it is better to consider providing data to other systems.
• Overseas AWARE scoring is always checked, and it is a cutting-edge initiative to link the score with ABAC to achieve zero Trust certification. Overall, it is good to link the CRSA score with ABAC.
• It is necessary to be aware that the image to be aimed at is not a stationary point but a moving target. Therefore, it is important to spiral up while improving well.
• It is necessary to clarify the division of roles with the original SOC and NOC.
• It is necessary to have discussions from the beginning, including responses in the event of an emergency.

End