Handwritten Text Recognition for manuscripts and early printed texts
Indonesia National Cyber Security Strategy
1.
2. 2
OUTLINE
The Strategic Roles of Indonesia ICT
Indonesia ICT Numbers and Facts
Three Dimensions of Cyber Threat
Cases of Cyber Warfare/Attack
Is Indonesia Under Attack???
Obstacles and Challenges of Indonesia National Cyber
Security
Six Priorities Strategy of Indonesia National Cyber Security
Conclusion
3. 3
THE STRATEGIC ROLES OF ICT FOR INDONESIA
ICT is an important
infrastructure for citizens
ICT is a trigger for economic
growth and productivity
ICT is a strategic sector and
Government valuable assets
4. 4
INDONESIA IS THE 4TH LARGEST MOBILE SUBSCRIBERS
986 Juta
893 Juta
290 Juta
249 Juta 244 Juta 236 Juta
China India USA Indo Brazil Rusia
Jumlah Pelanggan Telepon Seluler Dunia - 2011
1st
2nd
3rd 4th 5th 6th
China India USA Indonesia Brazil Russia
With 249 million
subscribers in
2011, Indonesia is the
4th largest mobile
market in the world.
sources: cia.gov (last updated April 2013)
5. 5
INDONESIA IS THE 8TH LARGEST INTERNET USERS
538 Juta
245 Juta
137 Juta
101 Juta
88 Juta
67 Juta 67 Juta
55 Juta 52 Juta 52 Juta
China USA India Japan Brazil Rusia Germany Indonesia UK France
Jumlah Pengguna Internet Dunia - 2011
1st
2nd
3rd
8th
4th
9th
5th 6th 7th 10th
China IndiaUSA IndonesiaBrazil RussiaJapan Germany UK France
sources: internetworldstats.com (last updated April 2013)
In 2011, the number of internet users in Indonesia is around 55 million.
Internet users in Indonesia also are highly social and active. Indonesia is the
3rd largest facebook users and the 5th largest twitter users in the world.
6. 6
THREE DIMENSIONS OF CYBER THREAT/ATTACK
Cyber
threat/attack can
be divided into
three dimensions.
These threats
potentially
destroying the
economy and
destabilize the
country's security.
Social/
Cultural
Attack
Sources: Indonesia National ICT Council, DETIKNAS 2013
7. 7
CASES OF CYBER WARFARE/ATTACK
STUXNET
Wikileaks
Estonia Cyber Attack 2007
Russia-Georgia
Cyber warfare 2008
And many
more...
8. 8
IS INDONESIA UNDER ATTACK???
Over the last three
years, Indonesia was attacked
3,9 millions in cyber space.
(Sources: Minister of ICT, April
3rd, 2013).
During January-October
2012, The most attacked
website is Government
websites/domain: go.id
(Sources: ID-SIRTII, 2012).
Sources: ID-SIRTII
Sources: Detikinet, 2013
9. OBSTACLES AND CHALLENGES OF INDONESIA
NATIONAL CYBER SECURITY
Vision of Cyber
Security not
Intregated
Quantity and Quality of
Information Security Human
Resources are Limited
ICT Critical Infrastructure
Protection Mechanisms and
Standards not exist
Cyber Law and
Policy not
Completed
Governance and Organization
of National Cyber Security not
Synergized
Weakness of
Coordination and
Cooperation between
Agency
Application, Data and
Infrastructure of
Information Security not
Integrated
Lack of
Awareness in
Information
Security
Obstacles and
Challenges
of
National Cyber
Security
Sources: Indonesia National ICT Council, DETIKNAS 2013
10. 101010
Indonesia National Cyber Security
Conceptual Framework (INCS)
10
Sources: Indonesia National ICT Council, Detiknas 2012
Availability
Integrity
Confidentiality
Sharedresponsibilities
OrganizationStructures
CapacityBuilding
InternationalCooperation
TechnicalandProcedural
Legal
Risk Management
Leadership
Partnership
Security Strategic Level
Security Operational Level
Security Tactical Level
Direct
Execute
Control
11. 11
SIX PRIORITY STRATEGIES OF INDONESIA NATIONAL
CYBER SECURITY
Strengthe-
ning Policies
and
Regulations
Establishment
of Governance
and
Organization
Critical
Infrastructur
e Protection
Implementat
ion of System
and
Technology
Capacity
Building for
Human
Resources
International
Collaboration
and
Cooperation
Security and Sovereignty in Indonesia Cyber Space
Sources: Indonesia National ICT Council, DETIKNAS 2013
13. POLICIES & REGULATIONS RELATED TO INFORMATION
SECURITY IN INDONESIA
Telecommunication Act No. 36/1999
Information Transaction Electronic Act No. 11/2008
Implementation Of Telecommunications Government Regulation No. 52/2000
Organizational structure of information security Ministerial Regulation PM
17/PER/M.KOMINFO
IP-based network security Ministerial Regulation No.
16/PER/M.KOMINFO/10/2010
CA Supervisory Board ad hoc team Ministerial Decree No.
197/KEP/M.KOMINFO/05/2010
Information security coordination team Ministerial Decree No.
33/KEP/M.KOMINFO/04/2010
Web server security Ministry Letter
Wifi Security Ministry Letter
Guidelines for the use of ISO 27001 Ministry Letter
National Act:2
Government Regulation:1
Ministerial Regulation:2
Ministerial Decree:2
Ministerial Letter:3
14. 14
POLICIES & REGULATIONS RELATED TO INFORMATION
SECURITY IN INDONESIA (2)
Criminal cases related to cyber crime in Indonesia could also
be punished with:
– Criminal Procedural Law Codex (UU KUHAP),
– Pornography Act (UU Antipornografi No. 44/2008),
– Copyright Act (UU Hak Cipta No. 19/2002),
– Consumer Protection Act (UU Perlindungan Konsumen No.
8/1999).
15. 15
POLICIES & REGULATIONS FRAMEWORK
Scope of Cyber Security Laws:
– e-Commerce;
– Trademark/Domain;
– Privasi dan keamanan di internet
(Privacy and Security on the
internet);
– Hak cipta (Copyright);
– Pencemaran nama baik
(Defamation);
– Pengaturan isi (Content Regulation);
– Penyelesaian Perselisihan (Dispel
Settlement).
– Infrastruktur TIK Kritis Nasional (ICT
Critical Infrastructure)
Substantive Law
Procedural Law
PrescribeJurisdiction
Prosecutorial Authority
Enforcement Responsibility
InternationalLawEnforcement
Cooperation
Sources: Indonesia National ICT Council, Detiknas 2012
17. 17
THE CONCEPT OF NCS ORGANIZATION STRUCTURE
The Concept of
Indonesia NCS
organization structure
consists of multi-
organization.
INCS organization
contains of
skilled, proficient, and
experienced
employees with
prosperous
information security
knowledge inside their
parts of specialization.
Sources: Indonesia National ICT Council, DETIKNAS 2013
18. 18
COMPARISON OF CYBER SECURITY ORGANIZATION
Level Australia UK Indonesia
Strategic Cyber Security Policy and Coordination Committee
(Lead Agency: The Attorney-General’s Department)
Function: interdepartmental committee that
coordinates the development of cyber security policy
for the
Australian Government.
Office of Cyber Security (OCS)
function: to provide strategic leadership for
and coherence across Government;
Undefined
Tactical Cyber Security Operations Centre (CSOC) (Under
Directorate: Defense Signals
Directorate)
Function: provides the Australian Government with
all-source cyber
situational awareness and an enhanced ability to
facilitate operational responses to cyber security
events of national importance.
Cyber Security Operations Centre (CSOC)
Function: actively monitor the health of cyber
space and co-ordinate incident response; to
enable better understanding of attacks against
UK networks and users; to provide better
advice and information about the risks to
business and the
public.
Undefined
Operational CERT
Australia
GovCertUK ID-SIRTII
GovCert
ID-Cert
19. 19
INDONESIA NATIONAL CYBER SECURITY ORGANIZATION
STRUCTURE FRAMEWORK
Sources: Indonesia National ICT Council, DETIKNAS 2013
20. 20
ORGANIZATION MAPPING RECOMENDATION
Protect cyberspace environment
Homeland Security
Preventive and capacity building
Intelligence
KEMKOMINFO BIN LEMSANEG KEMDIKBUD
Protect militer cyberspace
environment
Defense
KEMHAN TNI
Investigation and Prosecution of
criminal in cyberspace
Law Enforcement
POLRI
KEMENKOPOLHUKAM
Coordination
Coordinator
Coordinator-Incident Response Team
KEJAKSAAN
Gov-Cert ID-ACAD-CSIRT ID CERT ......
Sources:IndonesiaNationalICTCouncil,DETIKNAS2013
22. DEFINITION OF NATIONAL ICT CRITICAL INFRASTRUCTURES
ICT Critical National Infrastructures are assets, services, objects in
the form of phyical or logical that involving the livelihood of many
people, national interests and/or revenue of country that are
strategic, in case of threats and attacks cause more loss of
lives, destabilizing political, social, cultural and national economy
as well as the sovereignty of the nation. (DETIKNAS, 2013)
Criteria of the National Critical ICT Infrastructure must fulfill
one, some or all of the following characteristics:
– Threats and attacks resulted in disaster/many lost lives.
– Threats and attacks result in chaos in the national society.
– Threats and attacks cause disruption of governmental operation.
– Threats and attacks resulting in the loss of reputation, income and
state sovereignty.
23. 23
IMPACT LEVEL OF CYBER ATTACK
Money,
Espionage,
Skills for Employment,
Fame,
Entertainment,
Hacktivism,
Terrorism and War
APT/Nation State
Insider
Terrorism
Criminals
Hacker Groups
Hacker
Noob/Script Kiddy
Actor(s)Motivation
Low
Medium
High
Impact Level
• may result in the highly costly loss of major tangible assets or
resources;
• may significantly violate, harm, or impede an organization’s
mission, reputation, or interest;
• may result in human death or serious injury.
• may result in the costly loss of tangible assets or resources;
• may violate, harm, or impede an organization’s
mission, reputation, or interest;
• may result in human injury.
• may result in the loss of some tangible assets or resources
• may noticeably affect an organization’s
mission, reputation, or interest.
Sources: Indonesia National ICT Council, DETIKNAS 2013
24. 24
CRITICAL INFRASTRUCTURE SECTORS
Sector Lead Agency
Energi dan Sumberdaya Mineral Kementerian ESDM
ICT Kementerian Kominfo
Transportasi Kementerian Perhubungan
Kesehatan Kementerian Kesehatan
Pemerintahan Sekretariat Negara/Sekretariat
Kabinet
Keuangan dan Bank Kementerian Keuangan
Agrikultur Kementerian Pertanian
Pertahanan dan Industri Strategis Kementerian Pertahanan,
Kementerian BUMN
Administrasi dan Pelayanan Publik Kementerian Dalam Negeri,
Kementerian Hukum & HAM
Penegak Hukum POLRI, Kejaksaan RI, KPK
Sosial, Budaya dan Agama Kementerian Agama dan
Kementerian Sosial
Sources:IndonesiaNationalICTCouncil,DETIKNAS2013
26. LAYERS OF CYBER
Implementation of
cyber security
technologies and
processes
performed at each
layers.
Cyber security at
every layer is called
defense in depth.
Defense in Depth
strategy is to achieve
the main objectives
of security, namely
Availability, Integrity,
Confidentiality (AIC
Triad).
Data
Application
Host
Internal Network
External Network
28. 28
NEXT GOVERNMENT TECHNOLOGY IMPLEMENTATION
RELATED TO NATIONAL CYBER SECURITY
Goverment Secure
Network
Government Public
Key Infrastructure
Government
Integrated Data
Center
32. CAPACITY BUILDING: AWARENESS - ONE-WAY
COMMUNICATION
One-way
communication
(text, multimedia)
Film, Music, Poster, dll
Wide range, tends to
bore, relatively cheap
cost and affordable
Methods Object Effectively
33. CAPACITY BUILDING: AWARENESS - TWO-WAY
INTERACTIVE COMMUNICATION
Two-way interactive
communication
(hypermedia)
FGD, Interactive
Workshops, Video
Games, e-learning.
Limited range, to be
effective in changing
the culture of
behavior, cost of
expensive
Methods Object Effectively
35. 35
MEMBER OF INTERNATIONAL ORGANIZATION
Join, participate, and ratify with international collaboration
and cooperation.
Currently Indonesia become full member of:
– Asia Pacific and APCERT FIRST (Forum for Incident
Response and Security Team) of the world.
– Organisation of the Islamic Conference-CERT (OIC-CERT)
36. 36
CONCLUSIONS
Securing Indonesia Cyberspace is essential to create
conducive and sustainability environment.
Indonesia Cyberspace has to be secured and sovereigned.
Indonesia needs a national cyber security strategy in order to
focus on the development cyber security program.
National Cyber Security is a very complex
problem, collaboration and cooperation with all stakeholders
are needed.
Organization of Indonesia National Cyber Security (I-NCS)
need to be established.
Advanced Persistent Threat (APT) is an organized and long-term attack, designedspecifically to access and exfiltrate information from the target systems and impliesa more active role in gathering information than any that we have discussed previously.APT operations are more direct, and may have more in common with the CNAprocess that we will discuss in Chapter 9, closely matching some of the activities, butdiffering somewhat in intent and motivation. In APT, the steps that we might take areattack, escalate, and exfiltrate.