Interview: Diagnosing and Curing Internet Deceases

With Yurie Ito, Executive Director of the CyberGreen Institute

“The world needs to take a public health approach to cybersecurity”

Yurie Ito is Director of the Global Coordination at Japan’s National Computer Emergency Team (JPCERT/CC) and leads the CyberGreen Initiative to mitigate cyber diseases and improving Internet healthiness through measurement and global collaboration. CyberGreen enables a global community of organizations who gather and measure cyber risk conditions such as computer infections and vulnerable network nodes. Based on these metrics and mitigation practices, CERTs, ISPs and web hosters are able to clean systems and mitigate vulnerabilities. During the GFCE Annual Meeting in June, Cybergreen will be proposed as a GFCE initiative.

Written by: Mr. Anne Blanksma Çeta, Senior Advisor at the Secretariat of the Global Forum on Cyber Expertise

Q: How did the CyberGreen initiative come about?

“During my days as Director of Global Coordination JPCERT/CC and while serving as Chair of the Asia-Pacific CERTs (APCERT) Forum, I became convinced the world must take a public health approach to Cybersecurity.

Our traditional law enforcement and security perspectives are necessary, but even more importantly is that we should view the Internet as a community with health concerns just as in the physical world. When viewed as such, clear responsibility lies with all the stakeholders, not just CSIRTs, but also with service providers, vendors, policy and budget makers, employers and users to take steps to ensure the cyber health.

Based on this vision, CyberGreen seeks to provide an international trusted and neutral body to collect and share cross comparative measurements and best practices on mitigation. This also improves decision making about the allocation of international and national resources to identify and treat the parts of the Internet most at risk.”

Q: You are diagnosing and curing cyber diseases?

“We are not only focused on just curing the symptoms of diseases. We analyze the root cause of cyber diseases and address the systemic level of underlining environmental problems. The Internet has become an infested swamp, fenced off with firewalls that do little to prevent users from visiting malicious sites and exposing their devices to infection and compromise. If policymakers want to do a better job of making the Internet healthier in terms of safety and resiliency, they need a better understanding of what the dangers are and where they are hiding.

As with any infectious disease, malware will continue to spread through contact unless concerted steps are taken to drain the root cause of untreated swamps and deny malicious actors freedom of movement.”

Q: How does it work?

“CyberGreen’s experts have worked hard to develop metrics that are technical in nature but give non-technical decision makers accurate, easy-to-understand metrics that measure the health of the Internet ecosystem. Primarily, we measure levels of infection and the existence of various types of vulnerable nodes that enable malicious activity. During our initial phase of operation, we began the task of defining those metrics as well as finding sources around the world from which to aggregate risk data necessary to populate them.

A good example is the way the Internet community fought the Gameover Zeus Botnet (GOZ) in 2014 and 2015. Through an international collaborative effort, hundreds of thousands of computers were cleaned of infection to prevent further spread of GOZ. CyberGreen’s ability to measure and track the spread of root cause conditions, and to measure progress as we mitigate will facilitate operational cleanup of systems. Policy development and capacity building will also have the insight to focus on the reduction of systemic risk conditions. The risk condition data are from proven sources, with 10+ years remediation history such as from the Shadowserver Foundation.” 

(Data provided by The Shadowserver Foundation)

Q: Why is it important?

“The key is transparency. Evidential data, cross-comparable robust metrics and measurement reveals the sources of systemic risk conditions, and foster improvement.

We need a common understanding of cyber health and risks through a widely accepted way of measuring national, service provider, and enterprise cyber health and risks. A common understanding and insight will enable global policy development and capacity building focused on the reduction of systemic risk conditions.”

Q: Why do you want to go global with this initiative?

“Worldwide cyber health varies by region and enterprise – some are doing well, but there are many vulnerable and compromised computer and network devices. However, we don’t know how much risk we are exposed to, either globally, by country, or by service provider.

You cannot protect yourself by just securing your internal systems. Your customers, peers and business partners are all connected globally, and they might be compromised and used to launch attacks without their knowledge. Therefore this mitigation initiative needs to be global. 

We need to build international norms and social responsibility around cyber ecosystem health improvement. The mission and mindset to improve Internet health needs to become the measure of a cyber sophistication and stewardship for individuals, organizations and nations.”