A man looks at Aliyun cyber security services, platform provided by Alibaba, which isshown at a cyber security exhibition on Nov 24, 2014. [Photo/Asianewsphoto]
The newly established China Internet Investment Fund is expected to foster innovationand entrepreneurship within the internet sector via a market approach, analysts said onMonday.
The 100-billion-yuan ($14.6 billion) internet investment fund, co-sponsored by Cyberspace Administration of China and Ministry of Finance, was launched at theweekend.
Six strategic partners－including Industrial and Commercial Bank of China Co Ltd,CITIC Guoan Group Co Ltd, China Post Life Insurance Corp Ltd and China's three majortelecoms carriers－have funded the first 30 billion yuan.
Three State-owned banks－ICBC, China Development Bank and Agricultural Bank of China Co Ltd－will provide financial services and 150 billion yuan of credit forenterprises which have raised money from the internet investment fund.
"Based on market operations, the fund aims to cultivate and promote a new driving forcein the internet sector," said Deputy Finance Minister Yu Weiping.
Shen Meng, director of Chanson &Co, a boutique investment bank in China, said the establishment of the State-backed fund was of great significance for the development ofthe internet sector and the Internet Plus industry.
"It will bring new opportunities for all parts of the internet sector. However, it is difficultto make profits for enterprises without their own core technologies and those unable tocater to consumers' new needs."
A report published by the China Internet Network Information Center during the WorldInternet Conference in Wuzhen last year showed that China's global ranking amongcountries with a strong internet-based industry had moved up to 25 in 2016 from 36 in2012, with a score of 72.8 out of 100, surpassing the average of G20 economies for thefirst time.
Shen added that as China stepped up efforts on economic restructuring and upgrading,the government aimed to boost the development of Internet Plus by bankrolling innovation companies.
"The fund has several advantages, such as abundant money and supportive policies. However, it will take on risks for higher yields," he added.
One analyst urged caution.
"They should invest in firms and projects of real value to avoid bubbles in the innovationfield," said Li Zichuan, an analyst at Beijing-based internet consultancy Analysys.
Xiang Ligang, CEO of telecoms industry website cctime.com, said the fund also aimed tobetter manage cyberspace.
Quantum Cryptography Protocol To Beef Up Cybersecurity
The way we secure digital transactions could soon change, say researchers who are using quantum cryptography to enhance the safety of online communications.
The work, published in Nature Communications, is a collaboration between National University of Singapore’s Center for Quantum Technologies (CQT) and University of Waterloo’s Institute for Quantum Computing (IQC).
“Having quantum cryptography to hand is a realistic prospect, I think. I expect that quantum technologies will gradually become integrated with existing devices such as smartphones, allowing us to do things like identify ourselves securely or generate encryption keys,” says Stephanie Wehner, a Principal Investigator at CQT and co-author of the research.
In cryptography, the problem of providing a secure way for two mutually distrustful parties to interact is known as “two-party secure computation.” Addressing this problem requires mathematical methods of data encryption and decryption; these methods are referred to as cryptographic schemes.
To demonstrate the effectiveness of their proposed method, CQT theorists Wehner and Nelly Ng teamed up with colleagues to deploy quantum-entangled photons in such a way that one party, dubbed Alice, could share information with a second party, dubbed Bob, while meeting stringent restrictions. Specifically, Alice has two sets of information. Bob requests access to one or the other, and Alice must be able to send it to him without knowing which set he’s asked for. Bob must also learn nothing about the unrequested set. This is a protocol known as 1-2 random oblivious transfer (ROT).
Unlike protocols for ROT that use only classical physics, the security of the quantum protocol cannot be broken by computational power. Its security depends only on Alice and Bob not being able to store much quantum information for too long. This is a reasonable physical assumption, given today’s best quantum memories are able to store information for minutes at most.
“Oblivious transfer is a basic building block that you can stack together, like Lego, to make something more fantastic,” says Wehner.
Japan gets serious about cybersecurity as Olympics approach
On December 9, Prime Minister Shinzo Abe saw his website fall victim to hackers. A message on Twitter from a user called _RektFaggot_ read “Whaling IS NOT Cultural Right! Your website is #TangoDown!” A screenshot attached to the tweet showed that connections to the website were timing out worldwide.
Attacks such as this are increasing in number. The latest affront came after another painful year online for Japanese business and government.
Anonymous, a loose online collective, had hacked around 100 websites in Japan between September and the end of last year to protest whaling, according to police.
That, however, is the tip of the iceberg. Japan’s pension system was hit by a virus that had been opened by an employee in May. About 1.25 million pension records were leaked in that incident. Two airports had their websites taken down, including Narita International Airport, in October.
In recent years, hacks at organizations such as Benesse, Waseda University, Sony, and Japan Airlines have proved humiliating for companies and institutions, and have put consumer data at risk.
Part of the problem is that the sheer volume of attacks today is overwhelming for the unprepared. “In 2014, there were more than 25 billion cyberattacks in Japan, compared with 310 million in 2005,” says John Kirch, regional director for North Asia at security company Darktrace.
Kirch argues that companies and the government face huge issues because attacks often come from “insiders.”
“Everyone and every network interaction should be considered [with a degree of suspicion],” Kirch says.
Modern cybersecurity thus faces problems on multiple levels. Threats can come from anywhere; the increasing number of connected devices augments risk; and the number of attacks is rising. Japan needs to work on legislation, train workers, and look to the latest technology to ensure security.
A primary concern for Japan is the lack of people trained to do the work needed to secure networks. According to a government estimate, the nation would need 350,000 fully trained staff to assure secure networks. There are 265,000 people working in cybersecurity today, and 160,000 of them need additional training.
“In the short-term, Japan needs to depend on and trust its partners to help with this shortage,” says Ed Adams, CEO of Security Innovation, a Massachusetts-based company.
“[We] had so many high profile Japanese customers that we realized Japanese organizations were starting to take cybersecurity seriously,” says Maureen Robinson, Security Innovation’s marketing director. “And, given the Japanese culture—[when they are committed they do it right]—we decided that investment [in the country] made sense.”
Having worked with companies such as Sony Corporation, Rakuten, Inc., Bank of Tokyo-Mitsubishi UFJ, Renesas Electronics Corporation, and Honda Motor Co., Ltd., Security Innovation in 2014 made 44 of its courses available in Japanese. Since then, its presence in the country has increased.
“Our main activity in Japan is selling our online secure software engineering training product,” says Adams. “We do this via a partnership with NRI Secure [part of the Nomura family of companies.]”
Security Innovation is also involved in providing cybersecurity to the Japanese government. With the Olympic and Paralympic Games coming up in 2020, Japan is likely to face increasing attacks from hackers looking for the glory of a high-profile hit during a prestigious event.
Additionally, many of the plans for making Tokyo into a smarter city will also increase the areas in which there are potential vulnerabilities.
“Tokyo plans to deploy RoboTaxis for the 2020 Games; these cars need to be secure and accurate in terms of delivering passengers to the desired destination,” Adams says.Other organizations in the private sector are also looking to Japan. “The U.S. Department of Commerce is organizing a Cybersecurity Business Development Mission to Japan, [South] Korea, and Taiwan that will visit Japan on May 16 and 17, with about 20 companies participating,” says Erick Kish, a commercial attaché at the U.S. Embassy in Tokyo.
Beyond working with private companies, Japan is also moving on legislation to ensure the government can better manage security threats.
Last year, the nation unveiled a new cybersecurity strategy. The paper, updated after the pension records were lost in a hack, increases the government’s power to monitor for threats and tackle them if necessary. The Government Security Operation Coordination team now oversees cybersecurity for all government bodies.
Recommendations in the paper, which was approved by the cabinet, include developing a strategy for sharing and communicating relevant information more clearly.
In the event of an attack, “the Government will extensively share obtained information on the occurred incident, including attackers’ methods, with the governmental bodies, critical information infrastructure operators, and other relevant parties, to prevent the damage from becoming more serious,” according to the paper.
Admiral Dennis C. Blair, who served as director of US National Intelligence from 2009 to 2010, believes Japan’s cybercrime strategy will take time to become effective. “Both the strategy and the organizations are new, and will require strong implementation and dynamic adjustment, since [technology] is evolving rapidly.”
Training can help address these issues. For Security Innovation, changing some preconceived cultural notions in Japan would help tackle cybersecurity problems.“The premise of almost every Japanese national is that all people in Japan are good. Hence, there is no need for security,” Adams says.
Robinson adds that the changes brought about by the Internet require changing the cybersecurity culture of the country.
“There are no ‘borders,’ so the concept of protecting yourself via isolation and strict border and immigration laws doesn’t really apply anymore. Japan is less likely to be attacked with planes and guns than with cybersecurity volleys,” she says.Technological advances over the past few years also mean that businesses and other organizations today have more options for protecting themselves than ever before. Darktrace, for example, does not protect companies in a conventional manner.
“As the world becomes more connected, the potential for data and network breach is causing companies to realize that they have maybe already been hacked,” Kirch says. “For instance, when Japan Airlines was hacked, the hacker had been traveling around the company’s network for about a month before the attack was discovered.”
To solve this problem, Darktrace uses a method it calls “Enterprise Immune System.” Instead of looking for known issues, its system learns the routines of devices, users, and networks, while looking out for anomalies.
“We use advanced filtering, categorization, and mathematics to connect the dots and take different types of activity that may be a small trace of possible wrong behavior and look for other incidents. Then you can make a judgment call on whether there is a trendline, and if this is a growing threat. If it is, you can identify the device in question, which may have malware, or the perpetrator.”
For years, a game of cat and mouse has been playing out between hackers and cybersecurity companies. New technologies, however, are giving organizations an increasing amount of firepower to tackle threats.Kirch believes this may be a tipping point in favor of businesses. “A lot of people have the mindset…‘I’ve been lucky so far, so I am probably going to be lucky next year, too.’ I think it is time for organizations to be able to find a way to analyze what’s going on…to understand the normal behavior of every network, device, and person.”
Blair says that, however, will take time. “I believe that over time companies will learn what measures they must take to manage the risk of cybercrime, and that cooperation among cybersecurity companies, law enforcement organizations, and the companies victimized by cyberattacks will increase. When these two positive trends reach a critical point, cybercrime can be first contained, and then reduced. However I believe we are at least a decade from that point.”