| Introduction | Spirit | History | Technology | Human Resource | Formation |  |
Detecting incidents and quickly providing appropriate information
Early Warning
Based on our own unique information network and knowledge accumulated over the years, we provide early warning information about anticipated incidents and information about incidents that might occur and have growing impact. We make sure the information reaches stakeholders quickly and after undergoing thorough scrutiny. Whether in normal or emergency situations, we contact the right person in an organization and provide reliable information on a timely basis.
Information from around the world examined to detect signs of attack
Each day, new causes of incidents that exploit vulnerabilities arise somewhere in the world. The Early Warning group investigates various sources of information, and looks for patterns in the information to detect "signs" of attack activities. In this effort, they scour message boards, malware information, incident reports, and elsewhere. Publicly available information sources may also contain critical information. In some cases, an analysis conducted in response to a report of damage may lead to the knowledge that another organization is being used as a springboard for attacks, or to the identification of the malware used to carry out attacks or the platform used by the attacker.
Information processed into five types and distributed according to content
The results of information collection and analysis are summarized in an easy-to-understand notification and provided using one of five types of distribution channels, including "early warning information" directed toward specific industries, etc., and "security alerts" made available to the general public on our web page. The most suitable distribution channel is chosen in light of the nature of the case at hand. [Table 1]
Table 1: Speed, volume, or accuracy. Five media for providing information are used as appropriate according to the nature of information.| Name | Description | Interval | Target |
|---|---|---|---|
| Distribution method | |||
| Early Warning(Japanese Only) | Information that mainly provides an overview of vulnerabilities and threats that are believed to have a major impact within the country or an impact on critical infrastructure operators, along with countermeasures. Unlike security alerts, this information is focused on immediacy. | As needed | Critical infrastructure, etc. |
| CISTA + email | |||
| Security Alerts | Information that mainly provides an overview of vulnerabilities and threats that are considered to have a major impact within the country, along with countermeasures that should be taken. | As needed | Companies, general users |
| Website + Mailing list |
| Name | Description | Interval | Interval |
|---|---|---|---|
| Distribution method | |||
| Analyst Notes | Important information selected from the vulnerability information, threat information, and security-related information collected daily, and edited along with analyst comments. Reference information positioned as "analyst notes." | Every day | Overseas CSIRTs, critical infrastructure, etc. |
| CISTA + email | |||
| Weekly Reports(Japanese Only) | Important vulnerability information released in the past one or two weeks, along with summaries of each information, targeted to system administrators of companies and organizations. | Every week | Companies, general users |
| Website + Mailing list | |||
| Cyber News Flash(Japanese Only) | Information summarizing matters with an ongoing or future impact within the country, along with an overview of the situation, not amounting to a security alert. | As needed | Companies, general users |
| Website |
From providing information to sharing information, and to reducing risks
For example, in our early warning information, we provide incident and vulnerability information, attack warning, information related to advanced cyber attacks, and so on to organizations registered as users, through CISTA[1] and email. We assume this information will be used by personnel responsible for security countermeasures within the organizations.
The users who receive the information will feed back new information, further enhancing the quality of the information. [Figure 1]
By moving from one-way information provision to two-way information sharing, we will be able to reduce overall risks.
[1] A portal site for limited users where important threat information can be obtained. Collective Intelligence Station for Trusted Advocates
Figure 1: Accuracy of information is increased through information sharing, reducing risks to companies, industries, and communities.
CISTA: Collective Intelligence Station for Trusted Advocates
This portal site provides and shares threat information as well as analysis and countermeasure information on a timely basis. Specific users such as information security-related departments and internal CSIRTs of organizations that provide infrastructures, services, or products that have a major impact on people's social activities are able to receive security alerts and early warning information from JPCERT/CC, and also use the website as a platform for sharing information among companies and industries. By sharing information about damage within organizations, countermeasures taken, and so on, users are able to grasp the status and overall picture of incidents and reduce the risk of threats.
(Japanese Only)
Supporting awareness and defense by providing timely information
Security countermeasures are a race against time. In some cases, attacks begin within days after vulnerability information is released. Early awareness and defense are key to minimizing damage. Timely information provision that makes it possible is also essential.
Incidents related to organizations are often recognized only after being contacted by us.
| Introduction | Spirit | History | Technology | Human Resource | Formation | |
