+
Cyberspace. Cyberattack. Cybercrime. Cybersecurity. Cyberlaw.
TECHNICAL or SOCIAL ISSUES?
Prof. Richardus Eko Indrajit [email protected]
Chairman of ID-SIRTII Research Director Swiss German University
President of APTIKOM
+Cyberspace.
n A reality community between PHYSICAL WORLD and ABSTRACTION WORLD
n 1.4 billion of real human population (internet users)
n Trillion US$ of potential commerce value
n Billion business transactions per hour in 24/7 mode
Internet is a VALUABLE thing indeed. Risk is embedded within.
2
+Cyberattack.
n The trend has increased in an exponential rate mode
n Mostly triggered by real physical events
n Has caused some significant economic losses and political suffers
n More difficult to mitigate due to its characteristics
Threats are there to stay. Can’t do so much about it.
web defacement information leakage phishing intrusion Dos/DDoS
SMTP relay virus infection hoax malware distribution botnet open proxy
root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
3
+Cybercrime.
n Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION
n Virtually involving inter national boundaries and multi resources
n Intentionally targeting to fulfill special objective(s)
n Convergence in nature with intelligence efforts.
Crime has intentional objectives. Stay away from the bull’s eye.
4
+Cybersecurity.
Education, value, and ethics are the best defense approaches.
n Lead by ITU for international domain, while some standards are introduced by different institution (ISO, ITGI, ISACA, etc.)
n “Your security is my security” – individual behavior counts while various collaborations are needed
5
+Cyberlaw.
n Difficult to keep updated as technology trend moves
n Different stories between the rules and enforcement efforts
n Require various infrastructure, superstructure, and resources
n Can be easily “out-tracked” by law practitioners
Cyberlaw is here to protect you. At least playing role in mitigation.
6
+Technical AND Social Issues.
n It IS “technical” because internet is constructed by physical electronic and digital based devices.
n It IS “social” since people are interacted to each others in such virtual world.
n So, issues on cyberspace, cyberattack, cybercrime, cybersecurity, and cyberlaw should be solved by using technical and social approaches!
n In this respects ID-SIRTII is formed within the nation.
7
+ID-SIRTII Mission and Objectives.
“To expedite the economic growth of the country through providing the society with secure internet environment within the nation”
1. Monitoring internet traffic for incident handling purposes.
2. Managing log files to support law enforcement.
3. Educating public for security awareness.
4. Assisting institutions in managing security.
5. Providing training to constituency and stakeholders.
6. Running laboratory for simulation practices.
7. Establishing external and international collaborations.
8
+Constituents and Stakeholders.
9
ID-SIRTII
ISPs
NAPs
IXs
Law Enforcement
National Security
Communities
International CSIRTs/CERTs
Government of Indonesia
sponsor
+Coordination Structure.
10
ID-SIRTII (CC) as National CSIRT
Sector CERT Internal CERT Vendor CERT Commercial CERT
Bank CERT
Airport CERT
University CERT
GOV CERT
Military CERT
SOE CERT
SME CERT
Telkom CERT
BI CERT
Police CERT
KPK CERT
Lippo CERT
KPU CERT
Pertamina CERT
Hospital CERT UGM CERT
Cisco CERT
Microsoft CERT
Oracle CERT
SUN CERT
IBM CERT
SAP CERT
Yahoo CERT
Google CERT
A CERT
B CERT
C CERT
D CERT
E CERT
F CERT
G CERT
H CERT
Other CERTs Other CERTs Other CERTs Other CERTs
+Major Tasks.
11
INCIDENT HANDLING DOMAIN and ID-SIRTII MAIN TASKS
Reactive Services Proactive Services Security Quality Management Services
1. Monitoring traffic Alerts and Warnings Announcements Technology Watch
Intrusion Detection Services
x
2. Managing log files Artifact Handling x x
3. Educating public x x Awareness Building
4. Assisting institutions Security-Related Information
Dissemnination Vulnerability Handling
Intrusion Detection Services
Security Audit and Assessment Configuration and Maintenenace of Security Tools, Applications,
and Infrastructure
Security Consulting
5. Provide training x X Education Training
6. Running laboratory x x Risk Analysis BCP and DRP
7. Establish collaborations Incident Handling x Product Evaluation
+Incidents Definition and Samples.
12
web defacement information leakage phishing intrusion Dos/DDoS
SMTP relay virus infection hoax malware distribution botnet open proxy
root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
“one or more intrusion events that you suspect are involved in a possible violation of your security policies”
“an event that has caused or has the potential to cause damage to an organization's business systems, facilities, or personnel”
“any occurrence or series of occurrences having the same origin that results in the discharge or substantial threat”
“an undesired event that could have resulted in harm to people, damage to property, loss to process, or harm to the
environment.”
+Priorities on Handling Incidents.
13
TYPE OF INCIDENT AND ITS PRIORITY
Public Safety and National Defense
(Very Priority)
Economic Welfare
(High Priority)
Political Matters
(Medium Priority)
Social and Culture Threats
(Low Priority)
1. Interception
Many to One
One to Many
Many to Many
Automated Tool (KM-Based Website)
2. Interruption
Many to One
One to Many
Many to Many
Automated Tool (KM-
Based Website)
3. Modification
Many to One
One to Many
Many to Many
Automated Tool (KM-
Based Website)
4. Fabrication
Many to One
One to Many
Many to Many
Automated Tool (KM-
Based Website)
+Priorities on Handling Incidents.
14
TYPE OF INCIDENT AND ITS PRIORITY
Public Safety and National Defense
(Very Priority)
Economic Welfare
(High Priority)
Political Matters
(Medium Priority)
Social and Culture Threats
(Low Priority)
1. Interception
Many to One
One to Many
Many to Many
Automated Tool (KM-Based Website)
2. Interruption
Many to One
One to Many
Many to Many
Automated Tool (KM-
Based Website)
3. Modification
Many to One
One to Many
Many to Many
Automated Tool (KM-
Based Website)
4. Fabrication
Many to One
One to Many
Many to Many
Automated Tool (KM-
Based Website)
+Core Chain of Processes.
15
Monitor Internet Traffic
Manage Log Files
Response and Handle Incidents
Establish External and International Collaborations
Run Laboratory for Simulation Practices
Provide Training to Constituency and Stakeholders
Assist Institutions in Managing Security
Educate Public for Security Awareness
Deliver Required Log Files
Analyse Incidents
Report on Incident Handling
Management Process and
Research Vital
Statistics
Supporting Activities
Core Process
+Legal Framework.
16
Undang-Undang No.36/1999 regarding National Telecommunication Industry
Peraturan Pemerintah No.52/2000 regarding Telecommunication Practices
Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006 regarding Security on IP-Based Telecommunication Network Management
Peraturan Menteri No.26/PER/M.KOMINFO/2007 regarding Indonesian Security Incident Response Team on Internet Infrastructure
New Cyberlaw on Information and Electronic Transaction
+Holistic Framework.
17
SECURE INTERNET INFRASTRUCTURE
ENVIRONMENT
People
Process
Technology
Log File Management
System
Traffic Monitoring
System
Incident Indication Analysis
Incident Response.
Management
Advisory Board
Executive Board
MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD
STAKEHOLDERS COLLABORATION AND SUPPORT
NATIONAL REGULATION AND GOVERNANCE
STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT
+First Cyber Law in Indonesia.
18
Range of penalty: Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million) 6 to 12 years in prison (jail)
starting from 25 March 2008
Picture: Indonesia Parliament in Session
+Main Challenge.
19
ILLEGAL “… the distribution of illegal materials within the internet …”
ILLEGAL “… the existence of source with illegal materials that can be accessed through the internet …”
+Challenges to ID-SIRTII Activities.
n Prevention n “Securing” internet-based transactions n Reducing the possibilities of successful attacks n Working together with ISP to inhibit the distribution of illegal
materials
n Reaction n Preserving digital evidence for law enforcement purposes n Providing technical advisory for further mitigation process
n Quality Management n Increasing public awareness level n Ensuring security level in critical infrastructure institutions
20
+Work Philosophy.
Why does a car have BREAKS ??? The car have BREAKS so that it can go FAST … !!!
Why should we have regulation? Why should we establish institution? Why should we collaborate with others? Why should we agree upon mechanism? Why should we develop procedures? Why should we have standard? Why should we protect our safety? Why should we manage risks? Why should we form response team?