What are the security measures required for local government information systems, as described by vulnerability diagnosis professionals?
The government has announced that it will establish the Digital Agency by the fall of 2021. It is thought that the major reasons for this are the complications and slowness of administrative procedures due to the delay in digitization, and the lack of cooperation between ministries and agencies due to the new coronavirus disease.
In response to this, it is expected that digitalization will further progress in local governments and public institutions, but while digitization of information is extremely convenient, it is also next to the danger of cyber attacks. It is necessary to strengthen security in light of past information leakage issues.
Yoshikazu Hotta of Bartes Mobile Technology, who has various achievements in the field of vulnerability diagnoses such as information systems and software, explains what kind of measures are necessary for information systems of local governments.
The professional who talked to me this time
Baltes Mobile Technology Co., Ltd. Development Department Manager
Born in Osaka. He has been involved in system development and testing work for over 20 years at a software development company of the NTT DATA Group. He joined Bartes Mobile Technology Co., Ltd. in 2018. He is currently engaged in system development and security diagnostics.
The number of sophisticated cyber-attacks and viruses that are difficult to detect at a glance is increasing.
What kind of security issues are there in the field of local government administration?
The local government is a site that handles extremely confidential information such as the personal information of residents. Therefore, they are often attacked, and the reality is that cyber-attacks themselves are becoming more sophisticated every day.
Typical examples of sophistication are ransomware which locks infected computers and restricts access and targeted cyber attacks. In addition, for example, there are an increasing number of cyber-attacks that are difficult to detect, such as a virus being sent using an email disguised as an email from a person concerned, such as “This is a document about the meeting the other day.” increase.
Even if antivirus software is installed in each terminal of the local government, it is often not possible to respond to new types of viruses, and even if new measures are taken, the threat will also be new, and 100%. The reality is that safety is difficult.
Even with network isolation, it can be compromised as long as the system is vulnerable.
Is the measure by “network separation” not enough?
Certainly, local governments are thoroughly “network-separated” to separate the LGWAN connection system from the Internet connection system, so they are not directly exposed to threats from the global network. However, it does not mean that “network separation = absolute security”.
Even if there is no threat from the external network, there are cases where the infection progresses due to the actions of internal human beings. For example, a virus invades through a connected device such as a USB memory or HDMI cable. If the connected device does not have anti-virus measures, it can enter from there without going through an external network.
Another possibility is that a malicious person may access each system of the municipal network. As long as there are vulnerabilities in the system, that is, security holes, the possibility of allowing outsiders to invade, leaking information, tampering with the site, and hijacking accounts cannot be ruled out.
It is important to understand the danger through regular vulnerability diagnosis
What measures are needed to eliminate security holes in the system?
First, let’s perform a system vulnerability diagnosis. It is important to understand the danger of this. Even if no vulnerabilities are detected at that time, it is recommended to perform regular diagnosis. This is because it is thought that there are systems in local government information systems where unexpected security holes can be found through repeated repairs and function additions, even if vulnerabilities were not detected at the time of development.
At Baltes Mobile Technology Co., Ltd., a diagnostician with a nationally qualified information processing safety supporter combines two types of diagnosis, “machine diagnosis” and “manual diagnosis”, to support the strengthening of security of local government information systems. I am.
A combination of wide and quick “machine diagnosis” and deeply focused “manual diagnosis”
What are the methods of “machine diagnosis” and “manual diagnosis”?
“Machine diagnosis” uses tools to perform automated diagnosis. The feature is that various diagnoses based on the rules can be performed in a short time. “Manual diagnosis” is a diagnosis in which a diagnostician performs a more detailed analysis. Considering the intruder’s point of view, psychology, etc., we will try various intrusion methods while trying them. “Machine diagnosis” is used to diagnose the entire system widely and quickly, and “manual diagnosis” is used to narrow down the points and make a deep diagnosis. By combining these two, high-precision diagnosis is realized with few false positives.
Can you tell us about the importance of strengthening security based on your past diagnosis results?
Up to now, 74% of private company customers have been diagnosed with vulnerabilities and found that there is a high risk of damage such as information leakage. In addition, in the first case of our vulnerability diagnosis, some kind of vulnerability has been detected in most systems.
If you ever want to know about similar things, check out the Facebook page Maga Techs.