Prof. Richardus Eko Indrajit
Execu�ve Chairman of ID‐SIRTII
eko@idsir�i.or.id www.EkoIndrajit.com
KEAMANAN INFORMASI DAN INTERNET
Konsep – Prinsip – Strategi – Implementasi – Tata Kelola
Fenomena LAMA, Perilaku BARU
Anak pertama lahir
Anak gadis dimarahin orang tua
Suami bertengkar dengan istri
Komputer dan telpon rusak
Pegawai naik pangkat
Pergi ke toilet di tempat publik
Silaturahmi keluarga saat hari raya
Fungsi Strategis TI
FUNGSI HORISONTAL: transaksi
Prinsip Pemanfaatan Teknologi Informasi #1
TI sebagai penunjang kegiatan operasional atau
transaksional
– Mengirimkan uang antar bank – Memesan karcis pesawat
– Mengambil mata kuliah per semester – Membeli pulsa telepon
– Mengak��an peralatan elektronik
Prinsip Pemanfaatan Teknologi Informasi #2
TI sebagai penunjang proses pengambilan keputusan
– Menyimpan dan mengorganisasikan data – Mengolah dan merepresentasikan data – Membuat laporan berkala maupun ad‐hoc – Menjalankan skenario dan simulasi kompleks – Mengelola informasi dan pengetahuan
Prinsip Pemanfaatan Teknologi Informasi #3
TI sebagai penunjang ak�vitas komunikasi dan
kolaborasi
– Mengirimkan dokumen dan berkas digital – Melakukan pembicaraan lintas batas
– Menjalankan ak�vitas kooperasi virtual – Mengunduh data dari beragam sumber
– Mengunggah informasi ke berbagai tempat
Kenyataan Tak Terabaikan
Dunia nyata dan dunia cyber telah saling berkonvergensi saling melengkapi
Ak�vitas kegiatan sehari‐hari terjadi di kedua dunia tersebut
Jumlah interaksi antar individu dan ins�tusi/organisasi meningkat secara signifikan
Jenis teknologi semakin beragam dan manusiawi
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
1
Cyberspace.
A reality community between PHYSICAL WORLD and
ABSTRACTION WORLD
1.4 billion of real human popula�on (internet users)
Trillion US$ of poten�al commerce value
Billion business transac�ons per hour in 24/7 mode
Internet is a VALUABLE thing indeed. Risk is embedded within.
Informa�on Roles
Why informa�on?
– It consists of important data and facts (news, reports,
sta�s�cs, transac�on, logs, etc.)
– It can create percep�on to the public (market, poli�cs,
image, marke�ng, etc.)
– It represents valuable assets (money, documents,
password, secret code, etc.)
– It is a raw material of knowledge (strategy, plan,
What is Internet ?
A giant network of networks where people exchange
informa�on through various different digital‐based ways:
Email Mailing List Website
Cha�ng Newsgroup Blogging
E‐commerce E‐marke�ng E‐government
“
2
Cyberthreat.
The trend has increased in an exponential rate mode
Motives are vary from recreational to criminal purposes
Can caused significant economic losses and political suffers
Difficult to mitigate
Threats are there to stay. Can’t do so much about it.
web defacement information leakage phishing intrusion Dos/DDoS SMTP relay virus infection hoax malware distribution botnet open proxy root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
Interna�onal Issues
What Does FBI Say About Companies:
– 91% have detected employee abuse
– 70% indicate the Internet as a frequent a�ack point – 64% have suffered financial losses
– 40% have detected a�acks from outside – 36% have reported security incidents
Source: FBI Computer Crime and Security
Growing Vulnerabili�es
* Gartner CIO Alert: Follow Gartner’s Guidelines for Upda�ng Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003
** As of 2004, CERT/CC no longer tracks Security Incident sta�s�cs.
Incidents and Vulnerabilities Reported to CERT/CC
0
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
T
Vulnerabilities Security Incidents
“
“Through 2008, 90 percent of
successful hacker attacks will exploit well-known software
vulnerabilities.””
Poten�al Threats
Unstructured Threats
Insiders
Recrea�onal Hackers
Ins�tu�onal Hackers
Structured Threats
Organized Crime
Industrial Espionage
Hack�vists
Na�onal Security Threats
Terrorists
Intelligence Agencies
3
Cybera�ack.
Too many a�acks have been
performed within the cyberspace.
Most are triggered by the cases in the real world.
The eternal wars and ba�les have been in towns lately.
Estonia notorious case has opened the eyes of all people in the world.
Internet and Crimes
A�acks Sophis�ca�on
High
Low
1980 1985 1990 1995 2005
Intruder Knowledge
Attack
Sophistication
Cross site scripting
password guessing
self-replicating code password cracking
exploiting known vulnerabilities disabling audits
back doors
hijacking sessions sweepers
sniffers packet spoofing
GUI automated probes/scans denial of service
www attacks
Tools
stealth”” / advanced
scanning techniques
burglaries
network mgmt. diagnostics
distributed attack tools
Staged Auto
Vulnerabili�es Exploit Cycle
Advanced Intruders Discover New Vulnerability
Crude Exploit Tools Distributed
Novice Intruders Use Crude Exploit Tools
Automated
Scanning/Exploit Tools Developed
Widespread Use of Automated Scanning/Exploit Tools
Intruders Begin Using New Types of Exploits
Highest Exposure
Time # Of
File Management
URL Management
Directory Traversal Management
Mailing List Management
Live Camera Management
Surveillance Camera Management
Security Camera Management
Mul�ple Camera Management
4
Cybersecurity.
Educa�on, value, and ethics are the best defense approaches. Lead by ITU for interna�onal
domain, while some standards are introduced by different ins�tu�on (ISO, ITGI, ISACA, etc.)
Your security is my security”
Risk Management Aspect
Risk
Vulnerabilities Threats
Controls
Security
Requirements
Asset Values
Assets Protect
against
Strategies for Protec�on
Protecting Information
Mandatory Requirements
Cri�cal infrastructures are those physical and cyber‐
based systems essen�al to the minimum opera�ons of
the economy and government. These systems are so
vital, that their incapacity or destruc�on would have a
debilita�ng impact on the defense or economic
security of the na�on.
”
Agriculture & Food, Banking & Finance, Chemical,
Defense Industrial Base, Drinking Water and
Informa�on Security Disciplines
Physical security
Procedural security
Personnel security
Compromising emana�ons security
Opera�ng system security
Communica�ons security
Best Prac�ce Standard
BS7799/ISO17799
Access Controls
Asset Classification
Controls Information
Security Policy
Security Organisation
Personnel Security
Physical Security Communication
& Operations Mgmt System
Development & Maint. Bus. Continuity
Planning
Compliance
Informa�on
Integrity Confiden�ality
These Two Guys …..
5
Cybercrime.
Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION
Virtually involving inter national boundaries and multi resources
Intentionally targeting to fulfill special objective(s)
Convergence in nature with intelligence efforts.
Mo�ves of Ac�vi�es
6
Cyberlaw.
Difficult to keep updated as technology trend moves
Different stories between the rules and enforcement efforts
Require various infrastructure, superstructure, and resources
Can be easily out-tracked” by
law practitioners
The Crime Scenes
IT as a Tool
First Cyber Law in Indonesia.
Range of penalty:
Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million)
6 to 12 years in prison (jail)
starting from
25 March 2008
Main Challenge.
ILLEGAL
… the distribution of
illegal materials within the internet …”
ILLEGAL
“… the existence of
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
The Background
It all starts from the hacking incident to the Na�onal Elec�on System in 2004:
WHO should response to the NATIONAL LEVEL ICT incident ?
HACKED !!!
The Founda�on
Established on
May 2006
as
the National CSIRT/CC of Indonesia
National Police ISP
Association
Department of Justice General Attorney
ICT Professional Association Ministry of ICT
Minister of ICT Decree No.26/PER/M.KOMINFO/2007
regarding Indonesian Security Incident Response Team on Internet Infrastructure National Constitution UU No.36/1999
regarding National Telecommunication Industry
Government Regulation No.52/2000 regarding Telecommunication Practices
The Mission
The Major Tasks
Monitoring internet traffic for incident management
Managing traffic log files for law enforcement
Advising cri�cal infrastructure ins�tu�ons
Educa�ng public on informa�on security aspect
Conduc�ng training and development effort
Running simula�on laboratory and R&D center
The Cons�tuents
The CERTs Topology
ID-SIRTII (CC)
as National CSIRT
Sector CERT Internal CERT Vendors CERT Community CERT
Bank CERT
Airport CERT
University CERT
GOV CERT
Military CERT
SOE CERT
SME CERT
Telkom CERT
SGU CERT
Police CERT
KPK CERT
CIMB CERT
KPU CERT
Pertamina CERT
Hospital CERT Kominfo CERT
Cisco CERT
Microsoft CERT
Oracle CERT
SUN CERT
IBM CERT
SAP CERT
Yahoo CERT
Google CERT
A CERT
B CERT
C CERT
D CERT
Lemsaneg CERT PANDI CERT Security FIRST
Central Bank CERT
The People
Deputy of Operation and Security
Deputy of Data Center, Applications & Database
Deputy of Research and Development
Deputy of Education and Public Affairs
Deputy of External Collaborations
Chairman
Vice Chairman General Secretary Inspection Board
Advisory Board Ministry of ICT
Directorate of Post & Telecommunication
The Technology
The Holis�c View
SECURE INTERNET INFRASTRUCTURE
ENVIRONMENT
People Process Technology
Log File Management
System Traffic Monitoring
System Preventive
and Reactive
Quality Mngt. System Advisory
Board
Executive Board
MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD
STAKEHOLDERS COLLABORATION AND SUPPORT
NATIONAL REGULATION AND GOVERNANCE
Interna�onal Link and Partners
MyCERT
SingCERT
ThaiCERT
BrCERT
VietnamCERT
BangCERT
JPCERT/CC
KrCERT/CC
APCERT
FIRST/USA
BhutanCERT
CamCERT
MMCERT
MongCERT
ChinaCERT
KirzhistanCERT
IndiaCERT
UzbekCERT
AzerbaijanCERT
PhCERT
SrilankaCERT
Kiriba�CERT
AusCERT
The Headquarter
Ravindo Tower 17th Floor Kebon Sirih Kav. 75
Work Philosophy
Why does a car have BRAKES ???
The car have BRAKES so that it can go FAST … !!!
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
Two Way Rela�onship
Cyber Space
Real World
Two Way Rela�onship
relate relate
Cyber Space
Real World
real interaction real transaction
real resources real people
flow of information flow of product/services
Two Way Rela�onship
Cyber Space
Real World
Ethics Law
Rule of Conduct Mechanism
Cyber Law
Classic Defini�on of War
WAR is here to stay…
“
“Can Cyber Law alone
become the weapon for modern defense against 21st century
impact
Two Way Rela�onship
Cyber Space
impact
Two Way Rela�onship
threatenattack
crime
blackmail
destroy
penetrate
destroy
disrupt terminate
Two Way Rela�onship
investigate
suspect
sabotage
inspect
examine spy
gossip justify
The Paradox of Increasing Internet Value
internet
users transac�on value interac�on frequency communi�es spectrum usage objec�ves
+
+
+
+
=
The Internet Value
threats
it means…
Internet Security Issues Domain
INTERNET SECURITY
T
ECHNICALISSUES
B
USINESS ISSUESS
OCIAL ISSUESInternet is formed through connec�ng
All technical components
As technology
mimic, enable, drive, and transform the business, internet dependency is high
For the ac�vi�es that rely on �me and space – where resources and processes can be digitalized ‐ the
network is the business
What are interac�ng in the net are real people, not just a
bunch of intellectual machines” – by the end of the day,
human mind, characters, behaviors, and values ma�er
It is not an “isolated world” that does not have any
Technical Trend Perspec�ve
malicious
code vulnerabili�es spam and spyware phishing and iden�fy the� �me to exploita�on
Social Trend Perspec�ve
policy vs. design enforcement vs. culture
regula�on vs. ethical behavior
preven�on vs. reac�on
top‐down vs. bo�om‐up
pressure vs. educa�on
The Core Rela�onships
People
(Social Aspects)
Technology
(Technical Aspects)
Context/Content Applica�ons
Converging Trend
T
ECHNICALISSUES
B
USINESS ISSUESInternetworking Dependency
Since the
strength
of a chain
depends on the
weakest
link,
Things to Do
1. Iden�fy your valuable assets 2. Define your security perimeter
3. Recognize all related par�es involved
4. Conduct risk analysis and mi�ga�on strategy 5. Ensure standard security system intact
6. Ins�tu�onalize the procedures and mechanism 7. Share the experiences among others
8. Con�nue improving security quality
Key ac�vi�es: use the THEORY OF CONSTRAINTS ! (Find the weakest link, and help them to
increase their security performance and
What should we do?
Monitoring the dynamic environment happening in real world and cyber world?
Building effec�ve procedures and mechanism among
ins�tu�ons responsible for these two worlds?
Forming interna�onal framework for collabora�on and coopera�on to combat cyber crimes?
Finding the most fast and effec�ve methodology to educate society on cyber security?
Developing and adop�ng mul�‐lateral cyber law conven�on?
Lessons Learned
As the value of internet increase, so does the risk of having it in our life.
Hackers and crackers help each others, why shouldn’t we
collaborate?
Prof. Richardus Eko Indrajit
Chairman of ID‐SIRTII and APTIKOM
[email protected] www.eko‐indrajit.com
