This action might not be possible to undo. Are you sure you want to continue?
The Strategic Roles of Indonesia ICT Indonesia ICT Numbers and Facts Three Dimensions of Cyber Threat Cases of Cyber Warfare/Attack Is Indonesia Under Attack??? Obstacles and Challenges of Indonesia National Cyber Security Six Priorities Strategy of Indonesia National Cyber Security Conclusion
THE STRATEGIC ROLES OF ICT FOR INDONESIA
ICT is an important infrastructure for citizens
ICT is a trigger for economic growth and productivity
ICT is a strategic sector and Government valuable assets
INDONESIA IS THE 4TH LARGEST MOBILE SUBSCRIBERS Jumlah Pelanggan Telepon Seluler Dunia .2011 1st 986 Juta 2nd 893 Juta With 249 million subscribers in 2011. Indonesia is the 4th largest mobile market in the world. 3rd 290 Juta 4th 249 Juta 5th 244 Juta 6th 236 Juta China India USA Indo Brazil Rusia China India USA Indonesia Brazil Russia sources: cia.gov (last updated April 2013) 4 .
Indonesia is the 3rd largest facebook users and the 5th largest twitter users in the world.INDONESIA IS THE 8TH LARGEST INTERNET USERS Jumlah Pengguna Internet Dunia . Internet users in Indonesia also are highly social and active.com (last updated April 2013) 5 . the number of internet users in Indonesia is around 55 million. 2nd 245 Juta 3rd 137 Juta 4th 101 Juta 5th 88 Juta 6th 67 Juta 7th 67 Juta 8th 55 Juta 9th 52 Juta 10th 52 Juta China USA India Japan Brazil Rusia Germany Indonesia UK France China USA India Japan Brazil Russia Germany Indonesia UK France sources: internetworldstats.2011 1st 538 Juta In 2011.
DETIKNAS 2013 . 6 Social/ Cultural Attack Sources: Indonesia National ICT Council. These threats potentially destroying the economy and destabilize the country's security.THREE DIMENSIONS OF CYBER THREAT/ATTACK Cyber threat/attack can be divided into three dimensions.
.CASES OF CYBER WARFARE/ATTACK Russia-Georgia Cyber warfare 2008 Wikileaks And many more.. 7 STUXNET Estonia Cyber Attack 2007 .
IS INDONESIA UNDER ATTACK??? Over the last three years. The most attacked website is Government websites/domain: go. Indonesia was attacked 3. During January-October 2012. Sources: ID-SIRTII Sources: Detikinet. (Sources: Minister of ICT. April 3rd.id (Sources: ID-SIRTII.9 millions in cyber space. 2013). 2012). 2013 8 .
DETIKNAS 2013 .OBSTACLES AND CHALLENGES OF INDONESIA NATIONAL CYBER SECURITY Lack of Awareness in Information Security Vision of Cyber Security not Intregated Cyber Law and Policy not Completed Quantity and Quality of Information Security Human Resources are Limited Obstacles and Challenges of National Cyber Security Governance and Organization of National Cyber Security not Synergized Application. Data and Infrastructure of Information Security not Integrated ICT Critical Infrastructure Protection Mechanisms and Standards not exist Weakness of Coordination and Cooperation between Agency Sources: Indonesia National ICT Council.
Indonesia National Cyber Security Conceptual Framework (INCS) Leadership International Cooperation Technical and Procedural Organization Structures Shared responsibilities Security Strategic Level Capacity Building Availability Integrity Confidentiality Partnership Security Tactical Level Control Security Operational Level Risk Management Execute Legal Direct Sources: Indonesia National ICT Council. Detiknas 2012 10 10 10 .
DETIKNAS 2013 11 .SIX PRIORITY STRATEGIES OF INDONESIA NATIONAL CYBER SECURITY Security and Sovereignty in Indonesia Cyber Space Strengthening Policies and Regulations Establishment of Governance and Organization Critical Infrastructur e Protection Implementat ion of System and Technology Capacity Building for Human Resources International Collaboration and Cooperation Sources: Indonesia National ICT Council.
PRIORITY I: STRENGTHENING POLICIES AND REGULATIONS .
KOMINFO/10/2010 CA Supervisory Board ad hoc team Ministerial Decree No.KOMINFO/05/2010 Information security coordination team Ministerial Decree No. 197/KEP/M. 52/2000 Organizational structure of information security Ministerial Regulation PM 17/PER/M.KOMINFO/04/2010 Web server security Ministry Letter Wifi Security Ministry Letter Guidelines for the use of ISO 27001 Ministry Letter .POLICIES & REGULATIONS RELATED TO INFORMATION SECURITY IN INDONESIA Telecommunication Act No. 33/KEP/M.KOMINFO National Act:2 Government Regulation:1 Ministerial Regulation:2 Ministerial Decree:2 Ministerial Letter:3 IP-based network security Ministerial Regulation No. 16/PER/M. 36/1999 Information Transaction Electronic Act No. 11/2008 Implementation Of Telecommunications Government Regulation No.
19/2002). Copyright Act (UU Hak Cipta No. Consumer Protection Act (UU Perlindungan Konsumen No.POLICIES & REGULATIONS RELATED TO INFORMATION SECURITY IN INDONESIA (2) Criminal cases related to cyber crime in Indonesia could also be punished with: – – – – Criminal Procedural Law Codex (UU KUHAP). 8/1999). 14 . 44/2008). Pornography Act (UU Antipornografi No.
POLICIES & REGULATIONS FRAMEWORK – e-Commerce. – Trademark/Domain. – Penyelesaian Perselisihan (Dispel Settlement). – Pencemaran nama baik (Defamation). – Infrastruktur TIK Kritis Nasional (ICT Critical Infrastructure) International Law Enforcement Cooperation 15 Scope of Cyber Security Laws: Prescribe Jurisdiction Enforcement Responsibility Substantive Law Procedural Law Prosecutorial Authority Sources: Indonesia National ICT Council. Detiknas 2012 . – Hak cipta (Copyright). – Pengaturan isi (Content Regulation). – Privasi dan keamanan di internet (Privacy and Security on the internet).
PRIORITY II: ESTABLISHMENT OF GOVERNANCE AND ORGANIZATION .
proficient. INCS organization contains of skilled. and experienced employees with prosperous information security knowledge inside their parts of specialization. Sources: Indonesia National ICT Council.THE CONCEPT OF NCS ORGANIZATION STRUCTURE The Concept of Indonesia NCS organization structure consists of multiorganization. DETIKNAS 2013 17 .
COMPARISON OF CYBER SECURITY ORGANIZATION Level Strategic Australia Cyber Security Policy and Coordination Committee (Lead Agency: The Attorney-General’s Department) Function: interdepartmental committee that coordinates the development of cyber security policy for the Australian Government. GovCertUK Undefined ID-SIRTII GovCert ID-Cert 18 . to enable better understanding of attacks against UK networks and users. Indonesia Undefined Cyber Security Operations Centre (CSOC) Function: actively monitor the health of cyber space and co-ordinate incident response. Tactical Cyber Security Operations Centre (CSOC) (Under Directorate: Defense Signals Directorate) Function: provides the Australian Government with all-source cyber situational awareness and an enhanced ability to facilitate operational responses to cyber security events of national importance. to provide better advice and information about the risks to business and the public. Operational CERT Australia UK Office of Cyber Security (OCS) function: to provide strategic leadership for and coherence across Government.
DETIKNAS 2013 19 .INDONESIA NATIONAL CYBER SECURITY ORGANIZATION STRUCTURE FRAMEWORK Sources: Indonesia National ICT Council.
ORGANIZATION MAPPING RECOMENDATION Coordinator Coordination KEMENKOPOLHUKAM Sources: Indonesia National ICT Council.. DETIKNAS 2013 Homeland Security Protect cyberspace environment Intelligence Preventive and capacity building Defense Protect militer cyberspace environment Law Enforcement Investigation and Prosecution of criminal in cyberspace KEMKOMINFO BIN LEMSANEG KEMDIKBUD KEMHAN TNI POLRI KEJAKSAAN Coordinator-Incident Response Team Gov-Cert ID-ACAD-CSIRT ID CERT .. 20 ....
PRIORITY III: CRITICAL INFRASTRUCTURE PROTECTION .
objects in the form of phyical or logical that involving the livelihood of many people. Threats and attacks result in chaos in the national society. (DETIKNAS. in case of threats and attacks cause more loss of lives. destabilizing political. .DEFINITION OF NATIONAL ICT CRITICAL INFRASTRUCTURES ICT Critical National Infrastructures are assets. social. national interests and/or revenue of country that are strategic. income and state sovereignty. services. cultural and national economy as well as the sovereignty of the nation. Threats and attacks resulting in the loss of reputation. Threats and attacks cause disruption of governmental operation. 2013) Criteria of the National Critical ICT Infrastructure must fulfill one. some or all of the following characteristics: – – – – Threats and attacks resulted in disaster/many lost lives.
IMPACT LEVEL OF CYBER ATTACK Motivation Actor(s) APT/Nation State Insider Money. DETIKNAS 2013 23 . harm. reputation. Terrorism and War Terrorism Criminals Medium Hacker Groups Hacker Low • may result in the costly loss of tangible assets or resources. High Impact Level • may result in the highly costly loss of major tangible assets or resources. or impede an organization’s mission. Entertainment. Noob/Script Kiddy • may result in the loss of some tangible assets or resources • may noticeably affect an organization’s mission. or impede an organization’s mission. • may result in human injury. or interest. Skills for Employment. reputation. Hacktivism. harm. • may result in human death or serious injury. • may violate. Espionage. or interest. reputation. or interest. • may significantly violate. Sources: Indonesia National ICT Council. Fame.
Kejaksaan RI. Budaya dan Agama Kementerian Pertanian Kementerian Pertahanan.CRITICAL INFRASTRUCTURE SECTORS Sector Lead Agency Energi dan Sumberdaya Mineral ICT Transportasi Kesehatan Sources: Indonesia National ICT Council. KPK Kementerian Agama dan Kementerian Sosial 24 . Kementerian Hukum & HAM POLRI. Kementerian BUMN Kementerian Dalam Negeri. DETIKNAS 2013 Kementerian ESDM Kementerian Kominfo Kementerian Perhubungan Kementerian Kesehatan Sekretariat Negara/Sekretariat Kabinet Kementerian Keuangan Pemerintahan Keuangan dan Bank Agrikultur Pertahanan dan Industri Strategis Administrasi dan Pelayanan Publik Penegak Hukum Sosial.
PRIORITY IV: IMPLEMENTATION OF SYSTEM AND TECHNOLOGY .
. Defense in Depth strategy is to achieve the main objectives of security. Confidentiality (AIC Triad). namely Availability. Integrity.LAYERS OF CYBER Data Application Host Internal Network External Network Implementation of cyber security technologies and processes performed at each layers. Cyber security at every layer is called defense in depth.
IMPLEMENTATION OF DEFENSE IN DEPTH INFORMATION SECURITY DMZ VPN Logging Auditing Penetration Testing Vulnerability Analysis Firewalls Proxy Logging Stateful Packet Inspection Auditing Penetration Testing Vulnerability Analysis IDS IPS Logging Auditing Penetration Testing Vulnerability Analysis Authentication Antivirus IDS IPS Password Hashing Logging Auditing Penetration Testing Vulnerability Analysis SSO Content Filtering Data Validation Auditing Penetration Testing Vulnerability Analysis Encryption Access Controls Backup Penetration Testing Vulnerability Analysis External Network Network Perimeter Internal Network Host Application Data Sources: Jason Andress. 2011 (modified) .
NEXT GOVERNMENT TECHNOLOGY IMPLEMENTATION RELATED TO NATIONAL CYBER SECURITY Government Integrated Data Center Goverment Secure Network Government Public Key Infrastructure 28 .
PRIORITY V: CAPACITY BUILDING FOR HUMAN RESOURCES .
DETIKNAS 2013 .BUILDING INTEGRATED AND SUISTAINED HUMAN RESOURCES DEVELOPMENT PROGRAM Sources: Indonesia National ICT Council.
CAPACITY BUILDING: AWARENESS One-way communic ation Awareness Two-way interactive communic ation 31 .
dll Object Wide range. relatively cheap cost and affordable Effectively . tends to bore. Music.CAPACITY BUILDING: AWARENESS . Poster. multimedia) Methods Film.ONE-WAY COMMUNICATION One-way communication (text.
CAPACITY BUILDING: AWARENESS . e-learning. Video Games.TWO-WAY INTERACTIVE COMMUNICATION Two-way interactive communication (hypermedia) Methods FGD. cost of expensive Effectively . Object Limited range. Interactive Workshops. to be effective in changing the culture of behavior.
PRIORITY VI: INTERNATIONAL COLLABORATION AND COOPERATION .
Currently Indonesia become full member of: – Asia Pacific and APCERT FIRST (Forum for Incident Response and Security Team) of the world. participate.MEMBER OF INTERNATIONAL ORGANIZATION Join. and ratify with international collaboration and cooperation. – Organisation of the Islamic Conference-CERT (OIC-CERT) 35 .
National Cyber Security is a very complex problem. Indonesia needs a national cyber security strategy in order to focus on the development cyber security program. Indonesia Cyberspace has to be secured and sovereigned. 36 . Organization of Indonesia National Cyber Security (I-NCS) need to be established.CONCLUSIONS Securing Indonesia Cyberspace is essential to create conducive and sustainability environment. collaboration and cooperation with all stakeholders are needed.
Thank You www.org firstname.lastname@example.org 2013 37 .detiknas.