Tag Archives: japan

China Hacked Japan’s Military Networks

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2023/08/china-hacked-japans-military-networks.html

The NSA discovered the intrusion in 2020—we don’t know how—and alerted the Japanese. The Washington Post has the story:

The hackers had deep, persistent access and appeared to be after anything they could get their hands on—plans, capabilities, assessments of military shortcomings, according to three former senior U.S. officials, who were among a dozen current and former U.S. and Japanese officials interviewed, who spoke on the condition of anonymity because of the matter’s sensitivity.

[…]

The 2020 penetration was so disturbing that Gen. Paul Nakasone, the head of the NSA and U.S. Cyber Command, and Matthew Pottinger, who was White House deputy national security adviser at the time, raced to Tokyo. They briefed the defense minister, who was so concerned that he arranged for them to alert the prime minister himself.

Beijing, they told the Japanese officials, had breached Tokyo’s defense networks, making it one of the most damaging hacks in that country’s modern history.

More analysis.

AWS achieves its third ISMAP authorization in Japan

Post Syndicated from Hidetoshi Takeuchi original https://aws.amazon.com/blogs/security/aws-achieves-its-third-ismap-authorization-in-japan/

Earning and maintaining customer trust is an ongoing commitment at Amazon Web Services (AWS). Our customers’ security requirements drive the scope and portfolio of the compliance reports, attestations, and certifications that we pursue. We’re excited to announce that AWS has achieved authorization under the Information System Security Management and Assessment Program (ISMAP), effective from April 1, 2023, to March 31, 2024. The authorization scope covers a total of 157 AWS services (an increase of 11 services over the previous authorization) across 22 AWS Regions (an increase of 1 Region over the previous authorization), including the Asia Pacific (Tokyo) Region and the Asia Pacific (Osaka) Region. This is the third time that AWS has undergone an assessment since ISMAP was first published by the ISMAP steering committee in March 2020.

ISMAP is a Japanese government program for assessing the security of public cloud services. The purpose of ISMAP is to provide a common set of security standards for cloud service providers (CSPs) to comply with as a baseline requirement for government procurement. ISMAP introduces security requirements for cloud domains, practices, and procedures that CSPs must implement. CSPs must engage with an ISMAP-approved third-party assessor to assess compliance with the ISMAP security requirements in order to apply as an ISMAP-registered CSP. ISMAP evaluates the security of each CSP and registers those that satisfy the Japanese government’s security requirements. Upon successful ISMAP registration of CSPs, government procurement departments and agencies can accelerate their engagement with the registered CSPs and contribute to the smooth introduction of cloud services in government information systems.

The achievement of this authorization demonstrates the proactive approach that AWS has taken to help customers meet compliance requirements set by the Japanese government and to deliver secure AWS services to our customers. Service providers and customers of AWS can use the ISMAP authorization of AWS services to support their own ISMAP authorization programs. The full list of 157 ISMAP-authorized AWS services is available on the AWS Services in Scope by Compliance Program webpage, and customers can also access the ISMAP Customer Package on AWS Artifact. You can confirm the AWS ISMAP authorization status and find detailed scope information on the ISMAP Portal.

As always, we are committed to bringing new services and Regions into the scope of our ISMAP program, based on your business needs. If you have any questions, don’t hesitate to contact your AWS Account Manager.

 
If you have feedback about this post, submit comments in the Comments section below. If you have questions about this post, contact AWS Support.

Want more AWS Security news? Follow us on Twitter.

Hidetoshi Takeuchi

Hidetoshi Takeuchi

Hidetoshi is the Audit Program Manager for the Asia Pacific Region, leading Japan security certification and authorization programs. Hidetoshi has worked in information technology security, risk management, security assurance, and technology audits for the past 26 years. He is passionate about delivering programs that build customers’ trust and provide them with assurance on cloud security.

AWS achieves its second ISMAP authorization in Japan

Post Syndicated from Hidetoshi Takeuchi original https://aws.amazon.com/blogs/security/aws-achieves-its-second-ismap-authorization-in-japan/

Earning and maintaining customer trust is an ongoing commitment at Amazon Web Services (AWS). Our customers’ security requirements drive the scope and portfolio of the compliance reports, attestations, and certifications we pursue. We’re excited to announce that AWS has achieved authorization under the Information System Security Management and Assessment Program (ISMAP) program, effective from April 1, 2022 to March 31, 2023. The authorization scope covers a total of 145 AWS services (an increase of 22 services over the previous authorization) across 22 AWS Regions, including the Asia Pacific (Tokyo) Region and the Asia Pacific (Osaka) Region. This is the second time AWS has undergone an assessment since ISMAP was first published by the ISMAP steering committee in March 2020.

ISMAP is a Japanese government program for assessing the security of public cloud services. The purpose of ISMAP is to provide a common set of security standards for cloud service providers (CSPs) to comply with as a baseline requirement for government procurement. ISMAP introduces security requirements for cloud domains, practices, and procedures that CSPs must implement. CSPs must engage with an ISMAP-approved third-party assessor to assess compliance with the ISMAP security requirements in order to apply as an ISMAP-registered CSP. The ISMAP program will evaluate the security of each CSP and register those that satisfy the Japanese government’s security requirements. Upon successful ISMAP registration of CSPs, government procurement departments and agencies can accelerate their engagement with the registered CSPs and contribute to the smooth introduction of cloud services in government information systems.

The achievement of this authorization demonstrates the proactive approach AWS has taken to help customers meet compliance requirements set by the Japanese government and to deliver secure AWS services to our customers. Service providers and customers of AWS can use the ISMAP authorization of AWS services to support their own ISMAP authorization programs. The full list of 145 ISMAP-authorized AWS services is available on the AWS Services in Scope by Compliance Program webpage, and you can also use the ISMAP Customer Package on AWS Artifact. You can confirm the AWS ISMAP authorization status and find detailed scope information on the ISMAP Portal.

As always, we are committed to bringing new services and Regions into the scope of our ISMAP program, based on your business needs. If you have any questions, don’t hesitate to contact your AWS Account Manager.

If you have feedback about this post, submit comments in the Comments section below.
Want more AWS Security how-to content, news, and feature announcements? Follow us on Twitter.

Hidetoshi Takeuchi

Hidetoshi Takeuchi

Hidetoshi is the Audit Program Manager for the Asia Pacific Region, leading Japan security certification and authorization programs. Hidetoshi has worked in information technology security, risk management, security assurance, and technology audits for the past 25 years. He is passionate about delivering programs that build customers’ trust and provide them with assurance on cloud security.

Cloudflare is redefining employee well-being in Japan

Post Syndicated from Tomonari Sato original https://blog.cloudflare.com/cloudflare-is-redefining-employee-well-being-in-japan/

Cloudflare is redefining employee well-being in Japan

This post is also available in 日本語

Cloudflare is redefining employee well-being in Japan

“You can accomplish anything if you do it. Nothing will be accomplished unless you do it. If nothing is not accomplished, that’s because no one did it.“
— Yozan Uesugi

Long hours and hard work. If you ask anyone in Japan what our work culture is like, chances are, these are the words that will come to mind. Different countries have their own cultures and also specific work habits and ways of having a work-life balance. The pandemic brought everyone (companies and their people) a new reality, new lessons, and new habits. Here at Cloudflare, our thinking around where and how we do our best work has evolved over the course of the pandemic. We care about addressing the diverse needs of our workforce and our policies and benefits are designed to optimize for their flexibility and needs. To that end, Cloudflare Japan is making a few important changes to our employee benefits:

  • “take what you need” time off for all our employees
  • 16-week gender-neutral paid parental leave
  • flexible working hours

First, let’s try to understand a bit of the Japanese work culture. According to Japan’s labor laws, Japanese employed workers are assumed to work a maximum of 8 hours a day, or 40 hours per week. But ask any employed person in Japan and you will soon discover that people work much longer hours than that. A 2015 study by the Organization for Economic Co-operation and Development (OECD) found that about 22% of Japanese employees work 50 hours or more each week on average, well above 11% in the U.S., and 6% in Spain. On top of that, people are also less likely to take personal time off. While existing labor laws provide every employed person with at least 10 days of annual leave (+1 day for every year of service, usually capped at 20 days), a 2017 General Survey on Working Conditions published by the Ministry of Health, Labor, and Welfare found that on average, people only actually took 8.8 days of annual leave per year.

Then came the COVID-19 pandemic and things started to change. With restrictions put in place, a lot of us had no choice but to work from home, a concept that’s completely foreign to the Japanese work culture. And now two years into the pandemic, there has been a shift in the Japanese way of working. In a recent Zero Trust survey that Cloudflare conducted in Japan, 74% of IT and cybersecurity decision makers said their organization will be implementing a combination of return-to-office and work-from-home. This means that the future of work in Japan is flexible.

While we encourage our teams to always get their work across the finish line, we also appreciate the value and importance of having personal time to be able to spend with loved ones, take up a hobby, or simply for rest and relaxation. We believe that time away from work helps you be better at work. Our time away from work policies are designed for that and reflect the reality that technology has enabled us to be more mobile and flexible in the 21st century.

On parental leave, we strongly believe that parents should have equal opportunity to bond with their new family member, and don’t believe in forcing a parent to designate themselves as a “primary” or “secondary” caregiver. We believe these designations create a false dichotomy that does not reflect the modern family, nor reflect our values of diversity and equality; especially when we know that these designations typically disadvantage the careers of women more than men in the workplace.

Lastly, we remain committed to providing great physical spaces for our employees to work, collaborate, and celebrate in, while they’re in the office. While remote work is currently still the norm, it will be up to teams and individuals to decide what works best for them for the task at hand. People may wish to come into our offices to meet with their colleagues, socialize, or join on-site workshops, but then choose to do their quiet focus time work from home. As such, we just completely redesigned and renovated our offices in San Francisco and London —  starting with these offices with experimentation in-mind and with the purpose of reimagining our other global offices. Our way of working has changed, and as such our spaces should support this shift, to be a place where teams can come together and collaborate most effectively.

Cloudflare in Japan: 12 years in and a 100% increase in blocked attacks

Cloudflare has had a longstanding presence in Japan, expanding our network into Tokyo in 2010, just months after launching. Today, we have seven points of presence across four cities, and we also announced our Tokyo office in 2020.

Also, it’s important to mention that in Q4 2021, Cloudflare blocked an average of 1.9 billion attacks per day in Japan. That number has grown to 3.8 billion attacks per day blocked by Cloudflare in Q1 2022, an increase of 100% since the previous quarter.

My goal when I joined Cloudflare almost six months ago remains the same — to help customers in Japan accelerate their digital transformation, that will in turn help improve Japan’s competitiveness in the world. In order to do this, we need to continue to provide a great work environment and build a great team. And we’re just getting started!

We are actively recruiting in Japan and have many open roles across different functions. If you’d like to join us in our mission to help build a better Internet, come talk to us!

Tomonari Sato: Why I joined Cloudflare and why I’m helping Cloudflare grow in Japan

Post Syndicated from Tomonari Sato original https://blog.cloudflare.com/tomonari-sato-why-i-joined-cloudflare-and-why-im-helping-cloudflare-grow-in-japan/

Tomonari Sato: Why I joined Cloudflare and why I’m helping Cloudflare grow in Japan

This post is also available in 日本語.

Tomonari Sato: Why I joined Cloudflare and why I’m helping Cloudflare grow in Japan

I’m excited to announce that I recently joined Cloudflare in Japan as Vice-President and Managing Director, to help build and expand our customer, partner base, and presence in Japan. Cloudflare expanded its network in Japan in 2010, just months after launching. Now, 12 years later, Cloudflare is continuing its mission to help build a better Internet in Japan and across the globe, and I’m looking forward to being able to contribute to that mission!

Tomonari Sato: Why I joined Cloudflare and why I’m helping Cloudflare grow in Japan

A little about me

In my 35-year career in the IT industry, I have been fortunate enough to work with some of the biggest technology companies in the world, working in various roles in both sales and technical sides of the business. I consider this one of my biggest strengths. In addition, working in the IT industry has allowed me to acquire industry knowledge across a number of different solutions such as custom development, packaged systems (ERP, CRM), MS Office products, and cloud solutions.

Most recently, I was director of the Enterprise Business Group for Japan at AWS, where I was responsible for all commercial industries such as Manufacturing, Process, Distribution, Retail, Telecommunications, Utility, Media, Service, Pharmaceuticals, among others. Prior to AWS, I was Microsoft’s Managing Executive Officer in charge of the Public Sector. In this role, I managed business and strategic relationships with the central government and local government, as well as the healthcare, pharmaceutical, and education industries to help customers accelerate their digital transformation, especially when it comes to their shift to the cloud. In 2005, I joined SAP Japan and spent eight years establishing the partner ecosystem, managing about 250 partners. My last role in SAP was to drive business as a sales leader for three industries (public, utility, and telecommunication). In 1999, I joined IBM to be an initial member of the ERP business unit. At IBM, I got the opportunity to manage large ERP implementations as a Senior Project Manager.

If I look back on my career, I experienced so many things from many dimensions. I started my career as an engineer after I graduated from university. It was the first time I learned what a computer was. I enjoyed my first job as a programmer. I remember how it was a great time for me to learn new things every day since technology was rapidly changing, even in the old days, many, many years ago. I am proud that I have always kept the engineering spirit even after I moved to a sales and management position. After two years as a programmer, I moved to Digital Equipment Corporation (DEC) and spent 12 years as a Systems Engineer. At that time, DEC decided to establish a new manufacturing facility in Japan to provide better quality for Japanese customers. My mission was to design, develop, and maintain all the application systems required to ensure a smooth and seamless manufacturing process, including master production schedule, manufacturing resource planning, inventory, purchasing, work order, shop floor control, and finally developed an automated warehousing system. My last job in DEC was to implement SAP R/3 as a Japan implementation manager. The Japan implementation team was part of the global SAP implementation project, giving me the opportunity to work in a multinational environment. I really enjoyed working at DEC. It was a truly excellent experience for me.

Why Cloudflare

As I look back on my career, one of the things I consider my strength is that throughout those years I got to experience working on technology and computers — as a customer, as a partner, and as a salesperson. Now 35 years later, I’m finally convinced that my role in a global IT company is to contribute to the digital transformation of our customers as well as the society as a whole in Japan, by being able to share global best practices. I decided to join Cloudflare to help accelerate the digital transformation that will help improve Japan’s competitiveness in the world. I believe we have a lot of opportunities to help companies in Japan in this transformation. I remember the feeling I had when I started my first-ever job. I felt a thrill and great motivation. I have the same feeling now with this excellent opportunity for me to launch my new journey with Cloudflare.

Growth opportunities in Japan

It’s often been said that Japan has been slow to adopt digital models, compared to the United States, Europe, and even some countries in Asia. In order to accelerate this digital transformation, the Japanese Government launched a new policy called “Cloud By Default” and subsequently established a Digital Agency in September 2021. There is so much to do, and we are behind. The shift to the cloud has just begun. Businesses are starting to move from on-premise to the cloud, and many organizations are selecting a multi-cloud environment as the next generation platform. Cloudflare has the right solutions, the right people and the right strategy to help Japanese organizations make that shift.

Cloudflare is in a unique position to transform the way we do business by providing security, enhancing the performance of business-critical applications, and eliminating the cost and complexity of managing individual hardware, all within a global cloud platform. Cloudflare’s vast global network, which is one of the fastest on the planet, is trusted by millions of web properties. With direct connections to nearly every service and cloud provider, the Cloudflare network can reach 95% of the world’s population within 50 ms. Cloudflare already has 250 data centers including two Japan sites, Tokyo and Osaka.

Cloudflare is ready to help customers in Japan accelerate their digital transformation and be a trusted solution provider for the Japanese market. I am very much looking forward to contributing to the growth of the business, and the acceleration of the digital transformation for businesses in Japan.

Symantec Reports on Cicada APT Attacks against Japan

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2020/11/symantec-reports-on-cicada-apt-attacks-against-japan.html

Symantec is reporting on an APT group linked to China, named Cicada. They have been attacking organizations in Japan and elsewhere.

Cicada has historically been known to target Japan-linked organizations, and has also targeted MSPs in the past. The group is using living-off-the-land tools as well as custom malware in this attack campaign, including a custom malware — Backdoor.Hartip — that Symantec has not seen being used by the group before. Among the machines compromised during this attack campaign were domain controllers and file servers, and there was evidence of files being exfiltrated from some of the compromised machines.

The attackers extensively use DLL side-loading in this campaign, and were also seen leveraging the ZeroLogon vulnerability that was patched in August 2020.

Interesting details about the group’s tactics.

News article.