Hayakashi JPCERT Coordination Center (JPCERT/CC), the organization to which I belong, provides security teams and system administrators in enterprises as well as other organizations with support to handle incidents and with information to prevent damage caused by such incidents.
Recently, more and more attacks have been aimed at making money, and technology is evolving as attackers seek to exploit the cloud. Hacker groups who announce their plans in advance with the aim of attracting attention to their views are now increasingly attacking private enterprises in addition to their traditional target, government agencies. The way in which targeted companies respond to such threats is a matter of keen interest to many.
In the USA and other countries, infiltrating the IT systems of specific businesses without being noticed to steal corporate secrets and personal information over prolonged periods is becoming an increasingly serious problem.
Attack techniques are also becoming increasingly sophisticated and diverse, and as a result, conventional security measures that do no more than block incoming threats are no longer adequate. Organizations will have to take measures that limit the damage even if their systems are intruded upon.

Kuwana At the NTT Information Sharing Platform Laboratories, we're conducting research on the two key themes of cloud computing and security, focusing on encryption technology as a means of dealing with prevalent issues. Last year, we developed a first-ever type of fine-grained encryption technology together with Mitsubishi Electric Corporation. Recently we've also started looking at new ways of identifying signs of attacks by malicious programs before they occur.

Yamakawa My work involves coordinating between NTT laboratories and group companies to translate R&D outcomes into products for bringing onto the market. We put our heads together with our labs and group companies to come up with products and services that are likely to find a market. We're currently talking with group companies about ways of putting the outcomes of the security research being conducted by Kuwana-san and his colleagues to use in a form that meets their respective needs.

Hatakeyama I belong to NTT Communications Security Operation Center (NTT Com SOC), a provider of security infrastructure outsourcing services. You could describe NTT Com SOC as an organization dedicated to minimizing customer ICT system security risks through 24/365 monitoring, but we find ourselves having to deal with increasingly diverse and sophisticated new threats. Handling emergency situations such as security incidents also requires advanced skills, and so we depend more than ever on our dedicated research organizations for coming up with solutions to new threats.

Hayakashi You often hear that large enterprises have problems coordinating their response to incidents across their organizations, but the NTT Group appears to have the systems in place to respond to incidents from various perspectives — holding company, group companies, research labs and so forth — and is enhancing coordination between its organizations through such systems.

Kuwana As an operator of telecommunications infrastructure, we bear responsibility for protecting the information assets of our customers, and I think that every disaster or other contingency has pushed us to hone our ability to respond as a group.

Yamakawa Since we've been actively globalizing as a group over the past several years, I think we also need to hone our global security governance.

Hatakeyama While security measures call for increasingly advanced knowledge and response systems, there's a limit to the extent to which customers themselves can arm themselves with advanced technology while watching costs. Demand for outsourcing services is rising as a result, and we'll be doing our utmost to address that demand.

Yamakawa That will also require increasingly high level training of competent personnel, won't it?

Kuwana In June, the revised law on cybercrime went into effect, and I think we need to push ahead with the development of new technologies conforming to such legal structures and new guidelines.

Hayakashi Hackers are said to be specializing and teaming up to practice their trade, so I think that businesses taking security measures against hackers should, even while competing with each other in other areas, share the cost of protecting their systems to boost the efficiency of their security efforts. It might be difficult to balance demarcation of the scope of information that should be shared with issues related to the quality of competing services, but I'd like to see everyone making the effort to cooperate where they can from the perspective of boosting the overall competitiveness of Japanese industry. And I would expect the NTT Group, given its outstanding technological capabilities and accumulated expertise, to play a leading role in such efforts.

See the following website for the detailed dialogue

• http://www.ntt.co.jp/csr/portal/dialog/ (in Japanese only)

This is the end of the text.