6. 賞金リスト(2013)
• ブラウザ
– Google Chrome on Windows 7 ($100,000)
– IE 10 on Windows 8 ($100,000)
– IE 9 on Windows 7 ($75,000)
– Mozilla Firefox on Windows 7 ($60,000)
– Apple Safari on OS X Mountain Lion ($65,000)
• Web Browser Plug-ins using Internet Explorer 9
on Windows 7
– Adobe Reader XI ($70,000)
– Adobe Flash ($70,000)
– Oracle Java ($20,000)
6
31. CBMの例 1/2
1. CBMs dealing with troop movements and exercises:
a. Notification of maneuvers (with different procedures and length of advance notice for different types and sizes of maneuvers).
b. Notification of alert exercises and mobilization drills.
c. Notification of naval activities outside of normal areas.
d. Notification of aircraft operations and flights near sensitive and border areas.
e. Notification of other military activities (in the "out of garrison" category) which might be misinterpreted.
2. CBMs dealing with exchanges of information. Information may be exchanged, directly or through third parties, in the following categories:
a. Military budgets
b. New equipment and arms
c. Unit locations
d. Significant changes in a unit's size, equipment or mission
e. The major elements of strategic and tactical doctrine
3. CBMs dealing with exchanges of personnel. These personnel exchanges should be balanced in terms of numbers and duration, and could include:
a. Inviting observers to maneuvers, exercises and "out of garrison" activities. (The observers could be from neighboring states, from a third party neutral
nation, or from an international organization).
b. Stationing permanent liaison observers at major headquarters. (As in b above, the observers could be from neighbors, neutrals, or international
organizations).
c. Exchanging personnel as students or instructors at military academies, military schools, and war colleges.
d. Exchanging military attachés from all three services (land, sea, air). These attaché positions should be filled by highly qualified personnel, and not be used as
"golden exiles" to get rid of officers who are politically undesirable.
4. CBMs dealing with the assembly, collation, and dissemination of data.
a. A central registry should be set up (under international organization auspices) to assemble, collect, analyze and publish information on
armaments, organization and disposition of military units.
b. Independent technical means (under national or international organization control) should be available to verify this data. There should be agreement on the
nature of these means and an understanding that there will be no interference with these means.
5. CBMs dealing with border tensions.
a. Set up demilitarized zones in sensitive border areas. Depending on the sensitivity of the area and the tensions between the two countries, certain types of
weapons and units (i.e., armor, artillery) could be excluded from these areas.
b. Establish joint patrols in these areas (with or without the participation of other third party neutrals).
c. Establish fixed observation posts in these areas manned by neutrals and representatives from the two border nations.
d. Set up sensors (ground, tower, air, tethered aerostat) to supplement these patrols and observation posts. 31
32. 6. CBMs dealing with actions which might be interpreted as provocative.
a. Agreement should be reached on acceptable and unacceptable military activities, especially in sensitive and border areas.
b. Clear limits should be placed on those military activities, such as a mobilizations and calling up selected reserves, which could lead to misunderstandings. Notification
procedures should be established for practice movements.
7. CBMs dealing with communications.
a. Direct ("hot line") communications systems should be established between heads of state, chiefs of military forces (defense ministers), general staffs, and units in contact
across a border.
b. The use of coded military message traffic (on-line and off-line cryptography) should be limited.
8. CBMs dealing with weapons.
a. Agreement should be reached on levels and types of weapons, with emphasis on the exclusion of high-performance and expensive weapons systems.
b. Agreement should be reached on levels of military arms budgets.
c. Defensive weapons (anti-aircraft artillery, anti-tank weapons, mines) should be given preference in ceilings over offensive weapons (tanks, artillery, aircraft).
9. CBMs dealing with extra-military contacts
a. Encourage visits by military athletic teams.
b. Encourage social and professional contacts through the attaché network and the various elements of the regional military system.
10. CBMs dealing with training and education.
a. Teach CBM approaches in national military academies, staff schools, and war colleges, as well as in the multinational military schools.
b. Apply CBM techniques in command post and field exercises.
c. Encourage the development of military trans-nationalism (i.e., a sense of military professionalism and mutual respect that transcends national boundaries).
d. Examine primary and secondary school curricula and texts for aggressive, hostile or false information on potential adversaries.
11. CBMs and regional military systems.
a. The institutions and activities of regional military systems such as the Inter-American Military System should be examined to see how they can be used in support of a
confidence-building regime. The CBM support functions can include verification, contacts, channel of communications and a forum for expressing a wide range of ideas. (The
institutions of the Inter-American Military System include: Inter-American Defense Board, Inter-American Defense College, multinational military schools in Panama, Service
Chief's Conferences, military attaches, joint exercises, communications links, etc).
b. Consideration should be given to lowering the presently high U.S. profile in most of the institutions of the Inter-American Military System, and to the possibility of moving
key institutions (Board and College) to a Latin American country.
12. CBMs and functionalism. Certain functional areas of military-to-military cooperation should be assessed for their possible value as confidence-builders,
even between adversary nations. These include: search and rescue (SAR) missions for aircraft and shipping; disaster relief; hurricane tracking; civic action;
humanitarian projects.
13. CBMs dealing with ways of expanding CBMs.
a. Establish a regional or subregional mechanism, similar to the Conference on Security and Cooperation in Europe (CSCE) to study confidence-building measures and ways to
improve and increase them.
b. Discuss CBMs at the periodic conferences of service chiefs.
c. Explore the possibility of extending CBMs geographically to other areas. In the Central American case to the Caribbean and South America.
32
CBMの例 2/2
35. 35
2012年8月末現在、20の国経済地域から30チームが加盟
Full Members (22)
AusCERT – Australia
BKIS – Vietnam
BruCERT – Negara Brunei Darussalam
CCERT – People's Republic of China
CERT Australia – Australia
CERT-In – India
CNCERT/CC – People's Republic of China
HKCERT/CC – Hong Kong, China
IDCERT – Indonesia
ID-SIRTII – Indonesia
JPCERT/CC – Japan
KrCERT/CC – Korea
MOCERT – Macau
MyCERT – Malaysia
PHCERT – Philippine
SingCERT – Singapore
SLCERT – Sri Lanka
TechCERT – Sri Lanka
ThaiCERT – Thailand
TWCERT/CC –Chinese Taipei
TWNCERT – Chinese Taipei
VNCERT – Vietnam
General Members (8)
BDCERT – Bangladesh
BP DSIRT – Singapore
EC-CERT –Chinese Taipei
GCSIRT – Philippines
MonCIRT – Mongolia
mmCERT – Myanmar
NCSC –New Zealand
NUSCERT – Singapore
ご参考:Asia Pacific Computer Emergency Response Team
(APCERT)
36. 具体的取り組み:TSUBAMEプロジェク
ト
Project Member
23 CSIRTs from 20 economy
Currently Preparing
Vietnam, Lao PDR, Pakistan
23 teams from 20 economies (as of Mar 2012)
・APAC地域のCSIRTと共同で
のネットワーク定点観測を
行う。
・データを共有し、CSIRT間
の連携を強化する。
36
40. Measurementは可能か?
• “If you can not measure it, you
can not improve it.“ Lord Kelvin
• データを持っている専門家に
期待されるのは「基準をつく
る」ことで指針を示すこと
• OECD Working Party on
Information Security and
Privacy (WPISP)で議論が始
まったばかり
40
参照:政府機関 セキュリティ 統一基準 総合評価 (2007)
http://www.nisc.go.jp/conference/seisaku/dai15/pdf/15siryou01.pdf
42. 参考資料
• 論文
– Arquilla, J., & Ronfeldt, D. (1993). Cyberwar is coming! Comparative Strategy, 12(2), 141–165.
– Rid, T. (2011). Cyber war will not take place. Journal of strategic studies, 34(March 2013), 37–
41.
– Baseley-walker, B. (2012). Transparency and confidence-building measures in cyberspace
– Gartzke, E. (2012). The Myth of Cyberwar - Bringing War on the Internet Back Down to Earth.
– 東京財団政策研究. (2011). アジア太平洋の地域安全保障アーキテクチャ.
• 書籍
– Clarke, R., & Knake, R. (2010). Cyber War: The next threat to national security and what to do
about it
– 土屋大洋. (2011). ネットワーク・ヘゲモニー ―「帝国」の情報戦略
– 伊東 寛.(2012). 「第5の戦場」 サイバー戦の脅威
• その他
– NATO CCDCOE.(2012). National Cyber Security Framework Manual
http://www.ccdcoe.org/369.html
– Introduction to a Preliminary Report on The Harvard, MIT and U. of Toronto Cyber Norms
Workshop 2.0
http://citizenlab.org/cybernorms2012/introduction.pdf
– コラム 「サイバー攻撃に係わる法的問題(3)-各論点をめぐる議論の状況-」
http://www.mod.go.jp/msdf/navcol/SSG/topics-column/col-047.html
42