(This blog post is also available in Japanese.)
Palo Alto Networks recently participated in the second Cyber3 (Cyber Connect, Cyber Security, and Cyber Crime) Conference , which was held in Tokyo in late November and included official support from the Japanese government. The conference brought over 300 thought leaders from all over the world to discuss cybersecurity challenges and share best practices. As William H. Saito, Cyber3 Chairman and Special Advisor to the Japanese Cabinet Office, made it clear during his opening remarks, the goal was to keep the forum interactive and contribute to better cyber resiliency.
The conference showcased the strong leadership of the Japanese government to provide a thought-provoking and multi-stakeholder platform that allows leaders in academia, business, and government to network with each other, build trust, and discuss innovations such as artificial intelligence and connected cars and cyberthreat intelligence in an open and frank manner. Japanese Chief Cabinet Secretary Yoshihide Suga was on hand for closing remarks, which underscored the government’s interest in the gathering.
This is a watershed moment for Japan. While Europe and the United States have regular cybersecurity conferences addressing both technical and strategic audiences, such as DefCon and NATO Conference on Cyber Conflict, Japan has not had such a high-level, cybersecurity-focused conference, due to the lack of interest in cybersecurity until the first Cyber3 Conference was held in Okinawa in early November 2015. The atmosphere changed drastically after September 2013, when Tokyo was chosen to host the Summer Olympic and Paralympic Games 2020. The clear deadline and mission to make the games successful sparked the Japanese to craft cybersecurity policies, invest more in cybersecurity human resources development, and move forward the public-private partnerships for information sharing and global collaboration. That is why some of the Cyber3 speakers were surprised to find out during the two-day conference how passionate the Japanese are about ensuring security for Tokyo 2020 and promoting cyberthreat information sharing.
The Japanese government hosted the G7 Ise-Shima Summit in May 2016 and included cybersecurity as a standalone topic for the first time in G7 discussions. The two consecutive Cyber3 Conferences and G7 Ise-Shima Summit’s cybersecurity documents prove the Japanese government’s firm determination to play a leading role in cybersecurity policymaking, thought leadership discussions and global cooperation.
Palo Alto Networks representatives participated in this important conference as a sponsor and as speakers and shared insights regarding automated cyberattack prevention, cyberthreat information sharing, and business risk management. Rick Howard, Chief Security Officer at Palo Alto Networks, was on the “Threat Intelligence, Information Sharing” panel and pointed out that cyberthreat information sharing has not previously worked well because security vendors monetize and compete on their information. However, cyberattacks are increasing and becoming more complicated. To improve cyber defense overall to protect users, security vendors have to pursue a collective defense. That’s why Palo Alto Networks, Fortinet, Symantec, and McAfee launched the Cyber Threat Alliance (CTA) two years ago – an example of vendors that compete directly in the market but, when it comes to shared threat intelligence, have agreed to work together for the greater good of protecting individuals, businesses and governments. U.S. President Barack Obama referred to CTA as a successful example of information sharing during the White House Cybersecurity Summit at Stanford University in February 2015.
Ryan Gillis, Vice President of Cybersecurity Strategy and Global Policy at Palo Alto Networks, moderated the “Human Resources Development” panel. First, Yasuhiko Taniwaki, Director-General of the Global ICT Strategy Bureau, Japanese Ministry of Internal Affairs and Communications, stated that the Japanese government included cybersecurity human resources development in its Cybersecurity Strategy in 2015, as Japan faces a shortage of cybersecurity talent. In July 2014, the Japanese Information-Technology Promotion Agency found that Japan has 230,000 cybersecurity professionals, and that 140,000 of them need further training; it also found that there is a shortfall of 22,000 professionals. Taniwaki encouraged academia, the government, and industries to work together to tackle the manpower challenge and pointed out that people who can bridge business leadership and IT engineers are in dire need. The Japanese government plans to create a human resources development plan by March 2017.
I appeared on a panel titled “Current and Future World, Government, and Organizations Changed by Cyber.” I reiterated the importance of a multi-stakeholder approach, which is the philosophy of Cyber3. Since the damage caused by cyberattacks is not necessarily constrained within a certain sector, a traditional stovepipe approach to combating them no longer works. We must overcome silos and work together beyond the border of organizations, sectors and nations. Several countries in the world are facing political dynamics and administration changes. Cybersecurity, however, is a bi-partisan issue and opportunity – a business and consumer enabler, not just a cost center. We should take advantage of the convenience brought by ICT and ensure security. Cybersecurity is everybody’s problem – individual, company, government, or university. At the same time, cybersecurity enriches our lives and I hope Tokyo 2020 changes our mindset under the tight deadline and creates a positive prototype of multi-stakeholder efforts to increase resiliency.
Noboru Nakatani, Executive Director of Interpol Global Complex for Innovation, pointed out a stark contrast between Japanese and non-Japanese perspectives on cybersecurity. The Japanese tend to frame breaches as information leaks and blame the insufficient cyber defense on the victim organizations. On the other hand, Americans and Europeans tend to frame breaches as hacks and often focus on how to prevent future successful cyberattacks by attackers. The trend is reflected in how the media reports cyber incidents.
Situational awareness supported by full visibility and cyberthreat information would help shift such a mindset. During the Day 2 luncheon, Rumi Horio, Security Consultant, Palo Alto Networks K.K., cited an anecdote of several blind men who touched different parts of an elephant and thought it was a fan, rope or something else. Japanese organizations are inclined to count the number of cyberattacks rather than seek methods to reduce the attack surface and prevent attackers from achieving their goals by cyberattacks. She argued that it is time to take a proactive approach rather than being reactive to damages.
Cyber3 was an insightful cybersecurity conference for mutual learning and finding new ways of partnering and collaborating to take actions based on lessons learned together. Palo Alto Networks appreciates the opportunity to have been able to sponsor and participate in the conference in 2016 and 2015. We look forward to continuing to work with the Japanese government and global thought leaders.