Professional Documents
Culture Documents
Indonesia Cyber Security Strategy 2020
Indonesia Cyber Security Strategy 2020
2
THE STRATEGIC ROLES OF ICT FOR INDONESIA
ICT is an important ICT is a trigger for economic ICT is a strategic sector and
infrastructure for citizens growth and productivity Government valuable assets
3
INDONESIA IS THE 4TH LARGEST MOBILE SUBSCRIBERS
Jumlah Pelanggan Telepon Seluler Dunia - 2011
1st
986 Juta 2nd With 249 million
893 Juta subscribers in 2011,
Indonesia is the 4th
largest mobile market in
the world.
3rd 4th
290 Juta
5th 6th
249 Juta 244 Juta 236 Juta
4
INDONESIA IS THE 8TH LARGEST INTERNET USERS
Jumlah Pengguna Internet Dunia - 2011
1st
538 Juta
In 2011, the number of internet users in Indonesia is around 55 million.
Internet users in Indonesia also are highly social and active. Indonesia is the
3rd largest facebook users and the 5th largest twitter users in the world.
2nd
245 Juta
3rd
137 Juta 4th 5th
101 Juta
88 Juta
6th 7th 8th 9th 10th
67 Juta 67 Juta
55 Juta 52 Juta 52 Juta
5
THREE DIMENSIONS OF CYBER THREAT/ATTACK
Cyber
threat/attack can
be divided into
three dimensions.
Social/
These threats
Cultural
Attack potentially
destroying the
economy and
destabilize the
country's security.
Sources: Indonesia National ICT Council, DETIKNAS 2013
6
CASES OF CYBER WARFARE/ATTACK
Russia-Georgia
Cyber warfare 2008 Wikileaks
And many
STUXNET more...
Estonia Cyber Attack 2007
7
IS INDONESIA UNDER ATTACK???
Over the last three years,
Indonesia was attacked 3,9
millions in cyber space.
(Sources: Minister of ICT, April
3rd, 2013).
During January-October 2012, Sources: ID-SIRTII
8
OBSTACLES AND CHALLENGES OF INDONESIA
NATIONAL CYBER SECURITY
Vision of Cyber
Security not
Intregated
Lack of
Awareness in Cyber Law and
Information Policy not
Security Completed
Obstacles and
Quantity and Quality of
Challenges Governance and Organization
of National Cyber Security not
Information Security Human
Resources are Limited
of Synergized
National Cyber
Security
Application, Data and Weakness of
Infrastructure of Coordination and
Information Security not Cooperation between
Integrated ICT Critical Infrastructure Agency
Protection Mechanisms and
Standards not exist
Shared responsibilities
International Cooperation
Technical and Procedural
Organization Structures
Capacity Building
Confidentiality
Availability
Direct
Integrity
Partnership
Legal
Security Tactical Level
Control
11
PRIORITY I: STRENGTHENING POLICIES AND REGULATIONS
POLICIES & REGULATIONS RELATED TO INFORMATION
SECURITY IN INDONESIA
Telecommunication Act No. 36/1999
Information Transaction Electronic Act No. 11/2008
Implementation Of Telecommunications Government Regulation No. 52/2000
Organizational structure of information security Ministerial Regulation PM
17/PER/M.KOMINFO
National Act:2 IP-based network security Ministerial Regulation No.
Government Regulation:1 16/PER/M.KOMINFO/10/2010
Ministerial Regulation:2
Ministerial Decree:2 CA Supervisory Board ad hoc team Ministerial Decree No.
Ministerial Letter:3 197/KEP/M.KOMINFO/05/2010
Information security coordination team Ministerial Decree No.
33/KEP/M.KOMINFO/04/2010
Web server security Ministry Letter
Wifi Security Ministry Letter
Guidelines for the use of ISO 27001 Ministry Letter
POLICIES & REGULATIONS RELATED TO INFORMATION
SECURITY IN INDONESIA (2)
Criminal cases related to cyber crime in Indonesia could also
be punished with:
– Criminal Procedural Law Codex (UU KUHAP),
– Pornography Act (UU Antipornografi No. 44/2008),
– Copyright Act (UU Hak Cipta No. 19/2002),
– Consumer Protection Act (UU Perlindungan Konsumen No.
8/1999).
14
POLICIES & REGULATIONS FRAMEWORK
Scope of Cyber Security Laws: Enforcement Responsibility
Prescribe Jurisdiction
– Trademark/Domain; Substantive Law
Cooperation
– Privasi dan keamanan di internet
(Privacy and Security on the
internet);
– Hak cipta (Copyright); Procedural Law
– Pencemaran nama baik
(Defamation); Prosecutorial Authority
– Pengaturan isi (Content Regulation); Sources: Indonesia National ICT Council, Detiknas 2012
15
PRIORITY II: ESTABLISHMENT OF GOVERNANCE AND
ORGANIZATION
THE CONCEPT OF NCS ORGANIZATION STRUCTURE
The Concept of
Indonesia NCS
organization structure
consists of multi-
organization.
INCS organization
contains of skilled,
proficient, and
experienced
employees with
prosperous
information security
knowledge inside their
parts of specialization.
Sources: Indonesia National ICT Council, DETIKNAS 2013
17
COMPARISON OF CYBER SECURITY ORGANIZATION
Level Australia UK Indonesia
Strategic Cyber Security Policy and Coordination Committee Office of Cyber Security (OCS) Undefined
(Lead Agency: The Attorney-General’s Department)
function: to provide strategic leadership for
Function: interdepartmental committee that and coherence across Government;
coordinates the development of cyber security policy
for the
Australian Government.
Tactical Cyber Security Operations Centre (CSOC) (Under Cyber Security Operations Centre (CSOC) Undefined
Directorate: Defense Signals
Directorate) Function: actively monitor the health of cyber
space and co-ordinate incident response; to
Function: provides the Australian Government with enable better understanding of attacks against
all-source cyber UK networks and users; to provide better
situational awareness and an enhanced ability to advice and information about the risks to
facilitate operational responses to cyber security business and the
events of national importance. public.
18
INDONESIA NATIONAL CYBER SECURITY ORGANIZATION
STRUCTURE FRAMEWORK
KEMENKOPOLHUKAM
Sources: Indonesia National ICT Council, DETIKNAS 2013
20
PRIORITY III: CRITICAL INFRASTRUCTURE PROTECTION
DEFINITION OF NATIONAL ICT CRITICAL INFRASTRUCTURES
APT/Nation State • may result in the highly costly loss of major tangible assets or
resources;
High • may significantly violate, harm, or impede an organization’s
Insider
mission, reputation, or interest;
• may result in human death or serious injury.
Money, Terrorism
Espionage,
Skills for Employment,
• may result in the costly loss of tangible assets or resources;
Fame, Criminals
Medium • may violate, harm, or impede an organization’s mission,
Entertainment,
reputation, or interest;
Hacktivism,
Hacker Groups • may result in human injury.
Terrorism and War
Hacker
• may result in the loss of some tangible assets or resources
Low • may noticeably affect an organization’s mission, reputation,
Noob/Script Kiddy or interest.
23
CRITICAL INFRASTRUCTURE SECTORS
Sector Lead Agency
Energi dan Sumberdaya Mineral Kementerian ESDM
ICT Kementerian Kominfo
Transportasi Kementerian Perhubungan
Kesehatan Kementerian Kesehatan
Sources: Indonesia National ICT Council, DETIKNAS 2013
VPN
Firewalls
Logging
Proxy IDS
Auditing
Logging IPS Authentication
Penetration
Stateful Packet Logging Antivirus SSO
Testing
Inspection
Vulnerability Auditing IDS Content Filtering Encryption
Auditing
Analysis Penetration IPS Data Validation Access Controls
Penetration Testing
Testing Password Hashing Auditing Backup
Vulnerability
Vulnerability Analysis Logging Penetration Penetration
Analysis Testing Testing
Auditing
Vulnerability Vulnerability
Penetration Analysis Analysis
Testing
Vulnerability
Analysis
Government
Integrated Data
Center
Goverment Secure
Network
Government Public
Key Infrastructure
28
PRIORITY V: CAPACITY BUILDING FOR HUMAN RESOURCES
BUILDING INTEGRATED AND SUISTAINED HUMAN
RESOURCES DEVELOPMENT PROGRAM
Two-way
One-way interactive
communic Awareness communic
ation ation
31
CAPACITY BUILDING: AWARENESS - ONE-WAY
COMMUNICATION
Limited range, to be
Two-way interactive FGD, Interactive effective in changing
communication Workshops, Video the culture of
(hypermedia) Games, e-learning. behavior, cost of
expensive
Methods Object Effectively
PRIORITY VI: INTERNATIONAL COLLABORATION AND
COOPERATION
MEMBER OF INTERNATIONAL ORGANIZATION
Join, participate, and ratify with international collaboration
and cooperation.
Currently Indonesia become full member of:
– Asia Pacific and APCERT FIRST (Forum for Incident
Response and Security Team) of the world.
– Organisation of the Islamic Conference-CERT (OIC-CERT)
35
CONCLUSIONS
Securing Indonesia Cyberspace is essential to create
conducive and sustainability environment.
Indonesia Cyberspace has to be secured and sovereigned.
Indonesia needs a national cyber security strategy in order to
focus on the development cyber security program.
National Cyber Security is a very complex problem,
collaboration and cooperation with all stakeholders are
needed.
Organization of Indonesia National Cyber Security (I-NCS)
need to be established.
36
Thank You
www.detiknas.org
info@detiknas.org
2013
37