0
2
OUTLINE
 The Strategic Roles of Indonesia ICT
 Indonesia ICT Numbers and Facts
 Three Dimensions of Cyber Threat
 Ca...
3
THE STRATEGIC ROLES OF ICT FOR INDONESIA
ICT is an important
infrastructure for citizens
ICT is a trigger for economic
g...
4
INDONESIA IS THE 4TH LARGEST MOBILE SUBSCRIBERS
986 Juta
893 Juta
290 Juta
249 Juta 244 Juta 236 Juta
China India USA In...
5
INDONESIA IS THE 8TH LARGEST INTERNET USERS
538 Juta
245 Juta
137 Juta
101 Juta
88 Juta
67 Juta 67 Juta
55 Juta 52 Juta ...
6
THREE DIMENSIONS OF CYBER THREAT/ATTACK
Cyber
threat/attack can
be divided into
three dimensions.
These threats
potent...
7
CASES OF CYBER WARFARE/ATTACK
STUXNET
Wikileaks
Estonia Cyber Attack 2007
Russia-Georgia
Cyber warfare 2008
And many
mor...
8
IS INDONESIA UNDER ATTACK???
Over the last three
years, Indonesia was attacked
3,9 millions in cyber space.
(Sources: M...
OBSTACLES AND CHALLENGES OF INDONESIA
NATIONAL CYBER SECURITY
Vision of Cyber
Security not
Intregated
Quantity and Quality...
101010
Indonesia National Cyber Security
Conceptual Framework (INCS)
10
Sources: Indonesia National ICT Council, Detiknas ...
11
SIX PRIORITY STRATEGIES OF INDONESIA NATIONAL
CYBER SECURITY
Strengthe-
ning Policies
and
Regulations
Establishment
of ...
PRIORITY I: STRENGTHENING POLICIES AND REGULATIONS
POLICIES & REGULATIONS RELATED TO INFORMATION
SECURITY IN INDONESIA
Telecommunication Act No. 36/1999
Information Transact...
14
POLICIES & REGULATIONS RELATED TO INFORMATION
SECURITY IN INDONESIA (2)
Criminal cases related to cyber crime in Indon...
15
POLICIES & REGULATIONS FRAMEWORK
Scope of Cyber Security Laws:
– e-Commerce;
– Trademark/Domain;
– Privasi dan keamana...
PRIORITY II: ESTABLISHMENT OF GOVERNANCE AND
ORGANIZATION
17
THE CONCEPT OF NCS ORGANIZATION STRUCTURE
The Concept of
Indonesia NCS
organization structure
consists of multi-
organ...
18
COMPARISON OF CYBER SECURITY ORGANIZATION
Level Australia UK Indonesia
Strategic Cyber Security Policy and Coordination...
19
INDONESIA NATIONAL CYBER SECURITY ORGANIZATION
STRUCTURE FRAMEWORK
Sources: Indonesia National ICT Council, DETIKNAS 20...
20
ORGANIZATION MAPPING RECOMENDATION
Protect cyberspace environment
Homeland Security
Preventive and capacity building
In...
PRIORITY III: CRITICAL INFRASTRUCTURE PROTECTION
DEFINITION OF NATIONAL ICT CRITICAL INFRASTRUCTURES
ICT Critical National Infrastructures are assets, services, objects i...
23
IMPACT LEVEL OF CYBER ATTACK
Money,
Espionage,
Skills for Employment,
Fame,
Entertainment,
Hacktivism,
Terrorism and Wa...
24
CRITICAL INFRASTRUCTURE SECTORS
Sector Lead Agency
Energi dan Sumberdaya Mineral Kementerian ESDM
ICT Kementerian Komin...
PRIORITY IV: IMPLEMENTATION OF SYSTEM AND
TECHNOLOGY
LAYERS OF CYBER
 Implementation of
cyber security
technologies and
processes
performed at each
layers.
 Cyber ​​security...
IMPLEMENTATION OF DEFENSE IN DEPTH INFORMATION
SECURITY
External
Network
DMZ
Penetration
Testing
VPN
Logging
Auditing
Vuln...
28
NEXT GOVERNMENT TECHNOLOGY IMPLEMENTATION
RELATED TO NATIONAL CYBER SECURITY
Goverment Secure
Network
Government Public...
PRIORITY V: CAPACITY BUILDING FOR HUMAN RESOURCES
BUILDING INTEGRATED AND SUISTAINED HUMAN
RESOURCES DEVELOPMENT PROGRAM
Sources: Indonesia National ICT Council, DETIKNAS 2...
CAPACITY BUILDING: AWARENESS
31
Awareness
One-way
communic
ation
Two-way
interactive
communic
ation
CAPACITY BUILDING: AWARENESS - ONE-WAY
COMMUNICATION
One-way
communication
(text, multimedia)
Film, Music, Poster, dll
Wid...
CAPACITY BUILDING: AWARENESS - TWO-WAY
INTERACTIVE COMMUNICATION
Two-way interactive
communication
(hypermedia)
FGD, Inter...
PRIORITY VI: INTERNATIONAL COLLABORATION AND
COOPERATION
35
MEMBER OF INTERNATIONAL ORGANIZATION
Join, participate, and ratify with international collaboration
and cooperation.
...
36
CONCLUSIONS
Securing Indonesia Cyberspace is essential to create
conducive and sustainability environment.
Indonesia ...
www.detiknas.org
info@detiknas.org
2013
37
Thank You
Indonesia National Cyber Security Strategy
Upcoming SlideShare
Loading in...5
×

Indonesia National Cyber Security Strategy

4,563

Published on

This presentation presented in #IISF2013 10th September, Bandung, Indonesia by Dr. Zainal Hasibuan, DeTIKNas (National ICT Council)

Published in: Technology
0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,563
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
480
Comments
0
Likes
6
Embeds 0
No embeds

No notes for slide
  • Advanced Persistent Threat (APT) is an organized and long-term attack, designedspecifically to access and exfiltrate information from the target systems and impliesa more active role in gathering information than any that we have discussed previously.APT operations are more direct, and may have more in common with the CNAprocess that we will discuss in Chapter 9, closely matching some of the activities, butdiffering somewhat in intent and motivation. In APT, the steps that we might take areattack, escalate, and exfiltrate.
  • Transcript of "Indonesia National Cyber Security Strategy"

    1. 1. 2 OUTLINE  The Strategic Roles of Indonesia ICT  Indonesia ICT Numbers and Facts  Three Dimensions of Cyber Threat  Cases of Cyber Warfare/Attack  Is Indonesia Under Attack???  Obstacles and Challenges of Indonesia National Cyber Security  Six Priorities Strategy of Indonesia National Cyber Security  Conclusion
    2. 2. 3 THE STRATEGIC ROLES OF ICT FOR INDONESIA ICT is an important infrastructure for citizens ICT is a trigger for economic growth and productivity ICT is a strategic sector and Government valuable assets
    3. 3. 4 INDONESIA IS THE 4TH LARGEST MOBILE SUBSCRIBERS 986 Juta 893 Juta 290 Juta 249 Juta 244 Juta 236 Juta China India USA Indo Brazil Rusia Jumlah Pelanggan Telepon Seluler Dunia - 2011 1st 2nd 3rd 4th 5th 6th China India USA Indonesia Brazil Russia With 249 million subscribers in 2011, Indonesia is the 4th largest mobile market in the world. sources: cia.gov (last updated April 2013)
    4. 4. 5 INDONESIA IS THE 8TH LARGEST INTERNET USERS 538 Juta 245 Juta 137 Juta 101 Juta 88 Juta 67 Juta 67 Juta 55 Juta 52 Juta 52 Juta China USA India Japan Brazil Rusia Germany Indonesia UK France Jumlah Pengguna Internet Dunia - 2011 1st 2nd 3rd 8th 4th 9th 5th 6th 7th 10th China IndiaUSA IndonesiaBrazil RussiaJapan Germany UK France sources: internetworldstats.com (last updated April 2013) In 2011, the number of internet users in Indonesia is around 55 million. Internet users in Indonesia also are highly social and active. Indonesia is the 3rd largest facebook users and the 5th largest twitter users in the world.
    5. 5. 6 THREE DIMENSIONS OF CYBER THREAT/ATTACK Cyber threat/attack can be divided into three dimensions. These threats potentially destroying the economy and destabilize the country's security. Social/ Cultural Attack Sources: Indonesia National ICT Council, DETIKNAS 2013
    6. 6. 7 CASES OF CYBER WARFARE/ATTACK STUXNET Wikileaks Estonia Cyber Attack 2007 Russia-Georgia Cyber warfare 2008 And many more...
    7. 7. 8 IS INDONESIA UNDER ATTACK??? Over the last three years, Indonesia was attacked 3,9 millions in cyber space. (Sources: Minister of ICT, April 3rd, 2013). During January-October 2012, The most attacked website is Government websites/domain: go.id (Sources: ID-SIRTII, 2012). Sources: ID-SIRTII Sources: Detikinet, 2013
    8. 8. OBSTACLES AND CHALLENGES OF INDONESIA NATIONAL CYBER SECURITY Vision of Cyber Security not Intregated Quantity and Quality of Information Security Human Resources are Limited ICT Critical Infrastructure Protection Mechanisms and Standards not exist Cyber Law and Policy not Completed Governance and Organization of National Cyber Security not Synergized Weakness of Coordination and Cooperation between Agency Application, Data and Infrastructure of Information Security not Integrated Lack of Awareness in Information Security Obstacles and Challenges of National Cyber Security Sources: Indonesia National ICT Council, DETIKNAS 2013
    9. 9. 101010 Indonesia National Cyber Security Conceptual Framework (INCS) 10 Sources: Indonesia National ICT Council, Detiknas 2012 Availability Integrity Confidentiality Sharedresponsibilities OrganizationStructures CapacityBuilding InternationalCooperation TechnicalandProcedural Legal Risk Management Leadership Partnership Security Strategic Level Security Operational Level Security Tactical Level Direct Execute Control
    10. 10. 11 SIX PRIORITY STRATEGIES OF INDONESIA NATIONAL CYBER SECURITY Strengthe- ning Policies and Regulations Establishment of Governance and Organization Critical Infrastructur e Protection Implementat ion of System and Technology Capacity Building for Human Resources International Collaboration and Cooperation Security and Sovereignty in Indonesia Cyber Space Sources: Indonesia National ICT Council, DETIKNAS 2013
    11. 11. PRIORITY I: STRENGTHENING POLICIES AND REGULATIONS
    12. 12. POLICIES & REGULATIONS RELATED TO INFORMATION SECURITY IN INDONESIA Telecommunication Act No. 36/1999 Information Transaction Electronic Act No. 11/2008 Implementation Of Telecommunications Government Regulation No. 52/2000 Organizational structure of information security Ministerial Regulation PM 17/PER/M.KOMINFO IP-based network security Ministerial Regulation No. 16/PER/M.KOMINFO/10/2010 CA Supervisory Board ad hoc team Ministerial Decree No. 197/KEP/M.KOMINFO/05/2010 Information security coordination team Ministerial Decree No. 33/KEP/M.KOMINFO/04/2010 Web server security Ministry Letter Wifi Security Ministry Letter Guidelines for the use of ISO 27001 Ministry Letter National Act:2 Government Regulation:1 Ministerial Regulation:2 Ministerial Decree:2 Ministerial Letter:3
    13. 13. 14 POLICIES & REGULATIONS RELATED TO INFORMATION SECURITY IN INDONESIA (2) Criminal cases related to cyber crime in Indonesia could also be punished with: – Criminal Procedural Law Codex (UU KUHAP), – Pornography Act (UU Antipornografi No. 44/2008), – Copyright Act (UU Hak Cipta No. 19/2002), – Consumer Protection Act (UU Perlindungan Konsumen No. 8/1999).
    14. 14. 15 POLICIES & REGULATIONS FRAMEWORK Scope of Cyber Security Laws: – e-Commerce; – Trademark/Domain; – Privasi dan keamanan di internet (Privacy and Security on the internet); – Hak cipta (Copyright); – Pencemaran nama baik (Defamation); – Pengaturan isi (Content Regulation); – Penyelesaian Perselisihan (Dispel Settlement). – Infrastruktur TIK Kritis Nasional (ICT Critical Infrastructure) Substantive Law Procedural Law PrescribeJurisdiction Prosecutorial Authority Enforcement Responsibility InternationalLawEnforcement Cooperation Sources: Indonesia National ICT Council, Detiknas 2012
    15. 15. PRIORITY II: ESTABLISHMENT OF GOVERNANCE AND ORGANIZATION
    16. 16. 17 THE CONCEPT OF NCS ORGANIZATION STRUCTURE The Concept of Indonesia NCS organization structure consists of multi- organization. INCS organization contains of skilled, proficient, and experienced employees with prosperous information security knowledge inside their parts of specialization. Sources: Indonesia National ICT Council, DETIKNAS 2013
    17. 17. 18 COMPARISON OF CYBER SECURITY ORGANIZATION Level Australia UK Indonesia Strategic Cyber Security Policy and Coordination Committee (Lead Agency: The Attorney-General’s Department) Function: interdepartmental committee that coordinates the development of cyber security policy for the Australian Government. Office of Cyber Security (OCS) function: to provide strategic leadership for and coherence across Government; Undefined Tactical Cyber Security Operations Centre (CSOC) (Under Directorate: Defense Signals Directorate) Function: provides the Australian Government with all-source cyber situational awareness and an enhanced ability to facilitate operational responses to cyber security events of national importance. Cyber Security Operations Centre (CSOC) Function: actively monitor the health of cyber space and co-ordinate incident response; to enable better understanding of attacks against UK networks and users; to provide better advice and information about the risks to business and the public. Undefined Operational CERT Australia GovCertUK ID-SIRTII GovCert ID-Cert
    18. 18. 19 INDONESIA NATIONAL CYBER SECURITY ORGANIZATION STRUCTURE FRAMEWORK Sources: Indonesia National ICT Council, DETIKNAS 2013
    19. 19. 20 ORGANIZATION MAPPING RECOMENDATION Protect cyberspace environment Homeland Security Preventive and capacity building Intelligence KEMKOMINFO BIN LEMSANEG KEMDIKBUD Protect militer cyberspace environment Defense KEMHAN TNI Investigation and Prosecution of criminal in cyberspace Law Enforcement POLRI KEMENKOPOLHUKAM Coordination Coordinator Coordinator-Incident Response Team KEJAKSAAN Gov-Cert ID-ACAD-CSIRT ID CERT ...... Sources:IndonesiaNationalICTCouncil,DETIKNAS2013
    20. 20. PRIORITY III: CRITICAL INFRASTRUCTURE PROTECTION
    21. 21. DEFINITION OF NATIONAL ICT CRITICAL INFRASTRUCTURES ICT Critical National Infrastructures are assets, services, objects in the form of phyical or logical that involving the livelihood of many people, national interests and/or revenue of country that are strategic, in case of threats and attacks cause more loss of lives, destabilizing political, social, cultural and national economy as well as the sovereignty of the nation. (DETIKNAS, 2013) Criteria of the National Critical ICT Infrastructure must fulfill one, some or all of the following characteristics: – Threats and attacks resulted in disaster/many lost lives. – Threats and attacks result in chaos in the national society. – Threats and attacks cause disruption of governmental operation. – Threats and attacks resulting in the loss of reputation, income and state sovereignty.
    22. 22. 23 IMPACT LEVEL OF CYBER ATTACK Money, Espionage, Skills for Employment, Fame, Entertainment, Hacktivism, Terrorism and War APT/Nation State Insider Terrorism Criminals Hacker Groups Hacker Noob/Script Kiddy Actor(s)Motivation Low Medium High Impact Level • may result in the highly costly loss of major tangible assets or resources; • may significantly violate, harm, or impede an organization’s mission, reputation, or interest; • may result in human death or serious injury. • may result in the costly loss of tangible assets or resources; • may violate, harm, or impede an organization’s mission, reputation, or interest; • may result in human injury. • may result in the loss of some tangible assets or resources • may noticeably affect an organization’s mission, reputation, or interest. Sources: Indonesia National ICT Council, DETIKNAS 2013
    23. 23. 24 CRITICAL INFRASTRUCTURE SECTORS Sector Lead Agency Energi dan Sumberdaya Mineral Kementerian ESDM ICT Kementerian Kominfo Transportasi Kementerian Perhubungan Kesehatan Kementerian Kesehatan Pemerintahan Sekretariat Negara/Sekretariat Kabinet Keuangan dan Bank Kementerian Keuangan Agrikultur Kementerian Pertanian Pertahanan dan Industri Strategis Kementerian Pertahanan, Kementerian BUMN Administrasi dan Pelayanan Publik Kementerian Dalam Negeri, Kementerian Hukum & HAM Penegak Hukum POLRI, Kejaksaan RI, KPK Sosial, Budaya dan Agama Kementerian Agama dan Kementerian Sosial Sources:IndonesiaNationalICTCouncil,DETIKNAS2013
    24. 24. PRIORITY IV: IMPLEMENTATION OF SYSTEM AND TECHNOLOGY
    25. 25. LAYERS OF CYBER  Implementation of cyber security technologies and processes performed at each layers.  Cyber ​​security at every layer is called defense in depth.  Defense in Depth strategy is to achieve the main objectives of security, namely Availability, Integrity, Confidentiality (AIC Triad). Data Application Host Internal Network External Network
    26. 26. IMPLEMENTATION OF DEFENSE IN DEPTH INFORMATION SECURITY External Network DMZ Penetration Testing VPN Logging Auditing Vulnerability Analysis Network Perimeter Firewalls Penetration Testing Proxy Logging Auditing Vulnerability Analysis Stateful Packet Inspection Internal Network IDS Penetration Testing IPS Logging Auditing Vulnerability Analysis Host Authentication Password Hashing Antivirus IDS IPS Logging Auditing Penetration Testing Vulnerability Analysis Application SSO Content Filtering Auditing Penetration Testing Data Validation Vulnerability Analysis Data Encryption Access Controls Penetration Testing Backup Vulnerability Analysis Sources: Jason Andress, 2011 (modified)
    27. 27. 28 NEXT GOVERNMENT TECHNOLOGY IMPLEMENTATION RELATED TO NATIONAL CYBER SECURITY Goverment Secure Network Government Public Key Infrastructure Government Integrated Data Center
    28. 28. PRIORITY V: CAPACITY BUILDING FOR HUMAN RESOURCES
    29. 29. BUILDING INTEGRATED AND SUISTAINED HUMAN RESOURCES DEVELOPMENT PROGRAM Sources: Indonesia National ICT Council, DETIKNAS 2013
    30. 30. CAPACITY BUILDING: AWARENESS 31 Awareness One-way communic ation Two-way interactive communic ation
    31. 31. CAPACITY BUILDING: AWARENESS - ONE-WAY COMMUNICATION One-way communication (text, multimedia) Film, Music, Poster, dll Wide range, tends to bore, relatively cheap cost and affordable Methods Object Effectively
    32. 32. CAPACITY BUILDING: AWARENESS - TWO-WAY INTERACTIVE COMMUNICATION Two-way interactive communication (hypermedia) FGD, Interactive Workshops, Video Games, e-learning. Limited range, to be effective in changing the culture of behavior, cost of expensive Methods Object Effectively
    33. 33. PRIORITY VI: INTERNATIONAL COLLABORATION AND COOPERATION
    34. 34. 35 MEMBER OF INTERNATIONAL ORGANIZATION Join, participate, and ratify with international collaboration and cooperation. Currently Indonesia become full member of: – Asia Pacific and APCERT FIRST (Forum for Incident Response and Security Team) of the world. – Organisation of the Islamic Conference-CERT (OIC-CERT)
    35. 35. 36 CONCLUSIONS Securing Indonesia Cyberspace is essential to create conducive and sustainability environment. Indonesia Cyberspace has to be secured and sovereigned. Indonesia needs a national cyber security strategy in order to focus on the development cyber security program. National Cyber Security is a very complex problem, collaboration and cooperation with all stakeholders are needed. Organization of Indonesia National Cyber Security (I-NCS) need to be established.
    36. 36. www.detiknas.org info@detiknas.org 2013 37 Thank You
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×