(a customer walks in the door of the Japanese Ministry of Cybersecurity.) Customer: Good Morning. Owner/Minister: Good morning, Sir. Welcome to the Japanese National Cybersecurity Emporium, uh, Ministry. Customer: Ah, thank you, my good man. Owner/Minister: What can I do for you, Sir? C: Well, I was, uh, sitting in the public library on Meiji dori just now, skimming through '[1]Secrets and Lies', by [2]Bruce Schneier, and I suddenly came over all peckish. O: Peckish, sir? C: Esuriant. O: Eh? C: 'Ee I were all 'ungry-like! O: Ah, hungry! C: In a nutshell. And I thought to myself, 'a little dose of InfoSec will do the trick', so, I curtailed my Schneier-ing activites, sallied forth, and infiltrated your place of purveyance to negotiate the vending of some security comestibles! O: Come again? C: I want some Cybersecurity. O: Oh, I thought you were complaining about the bouzouki player! C: Oh, heaven forbid: I am one who delights in all manifestations of the Terpsichorean muse! O: Sorry? C: 'Ooo, Ah lahk a nice tune, 'yer forced to! O: So he can go on playing, can he? C: Most certainly! Now then, some Cybersecurity please, my good man. O: (lustily) Certainly, sir. What would you like? C: Well, eh, how about a little AI? O: I'm, a-fraid we're fresh out of AI, sir. C: Oh, never mind, how are you on Multifactor Authentication? O: I'm afraid we never have that at the end of the week, sir, we get it fresh on Monday. C: Tish tish. No matter. Well, stout yeoman, facial biometrics, if you please. O: Ah! It's beeeen on order, sir, for two weeks. Was expecting it this morning. C: 'T's Not my lucky day, is it? Aah, DDoS protection? O: Sorry, sir. C: User Behavioral Analytics? O: Normally, sir, yes. Today the van broke down. C: Ah. Forensics? O: Sorry. C: Access management? Monitoring? O: No. C: Any SIEM, per chance? O: No. C: Endpont Detection and Response? O: No. C: Encryption? O: No. C: IP Blacklist? O: No. C: Threat intelligence? O: No. C: Threat hunting? O: (pause) No. C: Social engineering? O: No. C: Penetration testing? O: No. C: Firewalls, ACLs, WAF, Proxies, IDS, IDP, A.V., Anti-Malware, file integrity checking, SSL? O: No. C: Incident response, perhaps? O: Ah! We have IR, yessir. C: (suprised) You do! Excellent. O: Yessir. It's ah… it's a bit runny. C: Oh, I like it runny. O: Well,.. It's very runny, actually, sir. C: No matter. Fetch hither the fromage de la IR! Mmmwah! O: I…think it's a bit runnier than you'll like it, sir. C: I don't care how f-ing runny it is. Hand it over with all speed. O: Oooooooooohhh……..! (pause) C: What now? O: The cat's eaten it. C: (pause) Has he? O: She, sir. (pause) C: MD5 hash checking? O: No. C: User accounts? O: No. C: Deep inspection? O: No. C: IR badges? O: No. C: Japanese robotic sentry? O: No sir. C: You… do have some Cybersecurity, don't you? O: (brightly) Of course, sir. It's a Cybersecurity shop, sir. We've got- C: No no… don't tell me. I'm keen to guess. O: Fair enough. C: Uuuuuh, Indicators Of Compromise. O: Yes? C: Ah, well, I'll have some of that! O: Oh! I thought you were talking to me, sir. Mister Indicature de Comprimize, that's my name. (pause) C: Pin? O: Uh, not as such. C: Uuh, passcode? O: No C: Pass phrase? O: No C: Fingerprint biometrics? O: No C: Mobile device management? O: No C: Phishing? O: No C: Hardware hacking? O: No C: Lock picking? O: Not -today-, sir, no. (pause) C: Aah, how about passwords? O: Well, we don't get much call for it around here, sir. C: Not much ca-It's the single most popular bit of Cybersecurity in the world! O: Not 'round here, sir. C: (slight pause) and what, prey tell, IS the most popular bit of Cybersecurity 'round hyah? O: NFC, sir. C: Is it? O: Oh, yes! It's staggeringly popular in this country, squire. C: Is it? O: It's our number one best seller, sir! C: I see. Uuh… NFC, eh? O: Right, sir. C: All right. Okay. 'Have you got any?' He asked, expecting the answer 'no'. O: I'll have a look, sir.. nnnnnnnnnnnnnnnno. C: It's not much of a Cybersecurity shop, is it? O: Finest in the country sir! C: (annoyed) Explain the logic underlying that conclusion, please. O: Well, it's so clean, sir! C: It's certainly uncontaminated by Cybersecurity. O: (brightly) You haven't asked me about palm biometrics, sir. C: Would it be worth it? O: Could be. C: Have you -SHUT THAT BLOODY BOUZOUKI UP! O: Told you sir… C: (slowly) Have you got any palm biometrics? O: No. C: Figures. Predictable, really I suppose. It was an act of purest optimism to have posed the question in the first place……. Tell me: O: Yessir? C: (deliberately) Have you in fact got any Cybersecurity here at all? O: Yes,sir. C: Really? (pause) O: No. Not really, sir. C: You haven't. O: Nosir. Not a scrap. I was deliberately wasting your time,sir. I've never actually worked a computer. C: Well I'm sorry, but I'm going to have to (verbally reprimanded) you. O: Right-0, sir. C: What a senseless waste of human life. Thanks and apologies to Monty Python. Also on: [3]Twitter __________________________________________________________________ My original entry is here: [4]A Security Tale in Japan (a.k.a. The Cheese Shop). It posted Sun, 18 Nov 2018 07:40:22 +0000. Filed under: business, culture, References 1. https://www.amazon.com/Secrets-Lies-Digital-Security-Networked-ebook/dp/B004UARVS0/ref=mt_kindle?_encoding=UTF8&me=&qid=1542535242 2. https://www.schneier.com/ 3. https://twitter.com/prjorgensen/status/1064061837883465728 4. https://www.prjorgensen.com/?p=2320