Prof.  Richardus  Eko  Indrajit  

Chairman  of  ID-­‐SIRTII  and  APTIKOM  

 

indrajit@post.harvard.edu     www.eko-­‐indrajit.com  

About  ID-­‐SIRTII  and  APTIKOM  

; The  Na�onal  CSIRT/CERT  of   Indonesia  (quasi  government   ins�tu�on)  

; Conduc�ng  traffic  monitoring  and   log  management  of  the  country’s  

internet  infrastructure  

;  Coordina�ng  more  than  300  ISPs   all  over  the  na�on  

; Responsible  for  safeguarding   internet  infrastructure  used  by   mission  cri�cal  ins�tu�ons  

; Associa�on  of  IT  colleges  and   universi�es  in  Indonesia  

; Consist  of  750  higher-­‐learning   development  and  shared-­‐

resources/services  ini�a�ves  

Knowledge  Domain:  The  Cyber  Six  

Cyber   Space  

Cyber   Threat  

Cyber   A�ack  

Cyber   Security   Cyber  

1

 Cyberspace.  

;  A  reality  community  between   PHYSICAL  WORLD  and  

ABSTRACTION  WORLD  

; 1.4  billion  of  real  human   popula�on  (internet  users)  

;  Trillion  US$  of  poten�al   commerce  value  

; Billion  business  transac�ons   per  hour  in  24/7  mode  

Internet  is  a  VALUABLE  thing  indeed.   Risk  is  embedded  within.  

Informa�on  Roles  

;



Why  informa�on?  

–

 

It  consists  of  important  data  and  facts  (news,  reports,  

sta�s�cs,  transac�on,  logs,  etc.)  

–

 

It  can  create  percep�on  to  the  public  (market,  poli�cs,  

image,  marke�ng,  etc.)  

–

 

It  represents  valuable  assets  (money,  documents,  

password,  secret  code,  etc.)  

–

 

It  is  a  raw  material  of  knowledge  (strategy,  plan,  

What  is  Internet  ?  

;

 

A  giant  network  of  networks  where  people  exchange  

informa�on  through  various  different  digital-­‐based  ways:  

Email   Mailing  List   Website  

Cha�ng   Newsgroup   Blogging  

E-­‐commerce   E-­‐marke�ng   E-­‐government  

2

 Cyberthreat.  

n  The trend has increased in

an exponential rate mode

n  Motives are vary from

recreational to criminal purposes

n  Can caused significant

economic losses and political suffers

n  Difficult to mitigate

Threats  are  there  to  stay.   Can’t  do  so  much  about  it.  

web defacement information leakage phishing intrusion Dos/DDoS

SMTP relay virus infection hoax malware distribution botnet open proxy

root access theft sql injection trojan horse worms password cracking

spamming malicious software spoofing blended attack

Interna�onal  Issues  

;

 

What  Does  FBI  Say  About  Companies:  

–  91%  have  detected  employee  abuse  

–  70%  indicate  the  Internet  as  a  frequent  a�ack  point   –  64%  have  suffered  financial  losses  

–  40%  have  detected  a�acks  from  outside   –  36%  have  reported  security  incidents  

   

 

Source:  FBI  Computer  Crime  and  Security  

Growing  Vulnerabili�es  

*  Gartner  “_{CIO  Alert:  Follow  Gartner}’_{s  Guidelines  for  Upda�ng  Security  on  Internet  Servers,  Reduce  Risks.}”  _{J.  Pescatore,  February  2003}  

**  As  of    2004,  CERT/CC  no  longer  tracks  Security  Incident  sta�s�cs.  

Incidents and Vulnerabilities Reported to CERT/CC

0

1995 1996 1997 1998 1999 2000 2001 2002 2003 2004

To

Vulnerabilities Security Incidents “

“Through 2008, 90 percent of successful hacker attacks will exploit well-known software

vulnerabilities.””

Poten�al  Threats  

Unstructured  Threats  

w   Insiders  

w   Recrea�onal  Hackers   w   Ins�tu�onal  Hackers  

Structured  Threats  

w  Organized  Crime   w  Industrial  Espionage   w  Hack�vists  

Na�onal  Security  Threats  

w  _Terrorists  

3

 Cybera�ack.  

;  Too  many  a�acks  have  been  

performed  within  the  cyberspace.  

;  Most  are  triggered  by  the  cases  in  the   real  world.  

; The  eternal  wars  and  ba�les  have   been  in  towns  lately.  

;  Estonia  notorious  case  has  opened  the   eyes  of  all  people  in  the  world.  

A�acks  Sophis�ca�on  

Cross site scripting

password guessing

self-replicating code password cracking

exploiting known vulnerabilities disabling audits

back doors

hijacking sessions sweepers

sniffers packet spoofing

GUI automated probes/scans denial of service

www attacks

Tools

“

“stealth”” / advanced scanning techniques

burglaries

network mgmt. diagnostics

distributed attack tools

Staged Auto

Vulnerabili�es  Exploit  Cycle  

Advanced Intruders Discover New Vulnerability

Crude Exploit Tools Distributed

Novice Intruders Use Crude Exploit Tools

Automated

Scanning/Exploit Tools Developed

Widespread Use of Automated Scanning/Exploit Tools

Intruders Begin Using New Types of Exploits

Highest Exposure

Time   #  Of  

4

 Cybersecurity.  

Educa�on,  value,  and  ethics     are  the  best  defense  approaches.  

;  Lead  by  ITU  for  interna�onal   domain,  while  some  standards   are  introduced  by  different   ins�tu�on  (ISO,  ITGI,  ISACA,   etc.)  

; “Your  security  is  my  security”  

Strategies  for  Protec�on  

Protecting Information

Mandatory  Requirements  

;



“

Cri�cal  infrastructures  are  those  physical  and  cyber-­‐

based  systems  essen�al  to  the  minimum  opera�ons  of  

the  economy  and  government.    These  systems  are  so  

vital,  that  their  incapacity  or  destruc�on  would  have  a  

debilita�ng  impact  on  the  defense  or  economic  

security  of  the  na�on.

”

 

;



Agriculture  &  Food,  Banking  &  Finance,  Chemical,  

Defense  Industrial  Base,  Drinking  Water  and  

Informa�on  Security  Disciplines  

;



Physical  security  

;



Procedural  security  

;



Personnel  security  

;



Compromising  emana�ons  security  

;



Opera�ng  system  security  

;



Communica�ons  security  

 





 a  failure  in  any  of  these  areas  can  undermine  the  

Best  Prac�ce  Standard  

Information

Security Policy Communication

& Operations Mgmt System

Development & Maint. Bus. Continuity

Planning

Compliance

Informa�on  

Integrity   Confiden�ality  

Availability  

5

 Cybercrime.  

n  Globally defined as INTERCEPTION,

INTERRUPTION, MODIFICATION, and FABRICATION

n  Virtually involving inter national

boundaries and multi resources

n  Intentionally targeting to fulfill

special objective(s)

n  Convergence in nature with

intelligence efforts.

Mo�ves  of  Ac�vi�es  

6

 Cyberlaw.  

n  Difficult to keep updated as

technology trend moves

n  Different stories between the

rules and enforcement efforts

n  Require various infrastructure,

superstructure, and resources

n  Can be easily “out-tracked” by

law practitioners

The  Crime  Scenes  

IT as a Tool

First  Cyber  Law  in  Indonesia.  

Range of penalty:

;  Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million) ;  6 to 12 years in prison (jail)

starting from

25 March 2008

Main  Challenge.  

ILLEGAL

“… the distribution of illegal materials within the internet …”

ILLEGAL

ID-­‐SIRTII  Mission  and  Objec�ves.  

“

“To expedite the economic growth of the country through providing the society with secure internet environment within the nation””

1. Monitoring internet traffic for incident handling purposes.

2. Managing log files to support law enforcement.

3. Educating public for security awareness.

4. Assisting institutions in managing security.

5. Providing training to constituency and stakeholders.

6. Running laboratory for simulation practices.

Cons�tuents  and  Stakeholders.  

ID-SIRTII ISPs

NAPs

IXs

Law Enforcement

National Security Communities

International CSIRTs/CERTs

Government of Indonesia

Coordina�on  Structure.  

ID-SIRTII (CC)

as National CSIRT

Sector CERT Internal CERT Vendor CERT Commercial CERT

Bank CERT

Airport CERT

University CERT

GOV CERT

Military CERT

SOE CERT

SME CERT

Telkom CERT

BI CERT

Police CERT

KPK CERT

Lippo CERT

KPU CERT

Pertamina CERT

Hospital CERT UGM CERT

Cisco CERT

Microsoft CERT

Oracle CERT

SUN CERT

IBM CERT

SAP CERT

Yahoo CERT

Google CERT

A CERT

Major  Tasks.  

INCIDENT HANDLING DOMAIN and ID-SIRTII MAIN TASKS

Reactive Services Proactive Services Security Quality

Management Services

1. Monitoring traffic Alerts and Warnings Announcements

Technology Watch

Intrusion Detection Services

x

2. Managing log files Artifact Handling x x

3. Educating public x x Awareness Building

4. Assisting institutions Security-Related Information

Dissemnination

Vulnerability Handling

Intrusion Detection Services

Security Audit and Assessment

Configuration and Maintenenace of Security Tools, Applications,

and Infrastructure

Security Consulting

5. Provide training x X Education Training

6. Running laboratory x x Risk Analysis

BCP and DRP

Incidents  Defini�on  and  Samples.  

web defacement information leakage phishing intrusion Dos/DDoS SMTP relay virus infection hoax malware distribution botnet open proxy root access theft sql injection trojan horse worms password cracking

spamming malicious software spoofing blended attack

““one or more intrusion events that you suspect are involved in a possible violation of your security policies””

““an event that has caused or has the potential to cause damage to an organization's business systems, facilities, or personnel””

““any occurrence or series of occurrences having the same origin that results in the discharge or substantial threat””

““an undesired event that could have resulted in harm to people, damage to property, loss to process, or harm to the

Priori�es  on  Handling  Incidents.  

TYPE OF INCIDENT AND ITS PRIORITY

Public Safety and National Defense

(Very Priority)

Economic Welfare

(High Priority)

Political Matters

(Medium Priority)

Social and Culture Threats

(Low Priority)

1. Interception Many to One One to Many Many to Many Automated Tool (KM-Based Website)

2. Interruption Many to One One to Many Many to Many Automated Tool (KM-Based Website)

3. Modification Many to One One to Many Many to Many Automated Tool (KM-Based Website)

Core  Chain  of  Processes.  

Response and Handle Incidents

Establish External and International Collaborations Run Laboratory for Simulation Practices Provide Training to Constituency and Stakeholders

Assist Institutions in Managing Security Educate Public for Security Awareness

Deliver Process and

Research Vital Statistics

Legal  Framework.  

Undang-Undang No.36/1999

regarding National Telecommunication Industry

Peraturan Pemerintah No.52/2000

regarding Telecommunication Practices

Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006

regarding Security on IP-Based Telecommunication Network Management

Peraturan Menteri No.26/PER/M.KOMINFO/2007

regarding Indonesian Security Incident Response Team on Internet Infrastructure

Challenges  to  ID-­‐SIRTII  Ac�vi�es.  

;

 

Preven�on  

–  “Securing”  internet-­‐based  transac�ons  

–  Reducing  the  possibili�es  of  successful  a�acks  

–  Working  together  with  ISP  to  inhibit  the  distribu�on  of  illegal  

materials  

;

 

Reac�on  

–  Preserving  digital  evidence  for  law  enforcement  purposes   –  Providing  technical  advisory  for  further  mi�ga�on  process  

;

 

Quality  Management  

–  Increasing  public  awareness  level  

Work  Philosophy.  

Why does a car have BRAKES ???

The car have BRAKES so that it can go FAST … !!!

Holis�c  Framework.  

SECURE INTERNET INFRASTRUCTURE

ENVIRONMENT

People Process Technology

Log File

STAKEHOLDERS COLLABORATION AND SUPPORT

NATIONAL REGULATION AND GOVERNANCE

Two  Way  Rela�onship  

Cyber  

Space  

Real  

World  

“

Two  Way  Rela�onship  

relate   relate  

Cyber  

Space  

Real  

World  

real interaction real transaction

real resources real people

flow of information flow of product/services

Two  Way  Rela�onship  

Cyber  

Space  

Real  

World  

Ethics Law

Rule of Conduct Mechanism

Cyber Law

“

Classic  Defini�on  of  War  

WAR is here to stay…

““Can Cyber Law alone

become the weapon for modern defense

against 21st _century

Cyber Warfare & Cyber

impact  

Two  Way  Rela�onship  

Cyber  

Space  

impact  

Two  Way  Rela�onship  

Incidents  

 

Interna�onal   Events   Published  

Books   Materials  

  Interests  

Two  Way  Rela�onship  

Journalism  

 

Anonymous   Interac�on  

  Provoca�on  

 

The  Paradox  of  Increasing  Internet  Value  

internet    

users   transac�on  value   interac�on  frequency   communi�es  spectrum   usage  objec�ves  

+  

+  

+  

+  

=  

The  Internet  Value  

threats  

it  means…  

Internet  Security  Issues  Domain  

through  connec�ng   a  set  of  digital-­‐ protocols   ;   All  technical   components   (hardware  and   so�ware)  interact   to  each  other   within  a  complex   dependent…  

Technical  Trend  Perspec�ve  

malicious  

code   vulnerabili�es   spam  and  spyware   phishing  and  iden�fy  the�   �me  to  exploita�on  

the  phenomena…  

the  efforts…  

Firewalls  

An�spyware  

An�Virus  

So�ware  Patches  

Web  and  Email  Security  

Malware  Blocking  

Network  Access  Control  

Intrusion  Preven�on  

Applica�on  and  Device  Control  

Business  Trend  Perspec�ve  

Regulatory   Compliance  

         

Governance   Requirements  

  Management  

  Enforcement  

the  strategy…  

IT  Audit    

Technology  Compliance  

Disaster  Recovery  Center  

Security  Management  

Backup  and  Recovery  

ISO  Compliance  

Storage  and  Backup  Management   Business  Con�ngency  Plan  

Applica�on  and  Device  Control  

Archiving  and  Reten�on  Management  

Chief  Security  Officer  

Social  Trend  Perspec�ve  

the  characteris�cs…  

the  choices…   Everywhere  

  Borderless   Geography  

The  Core  Rela�onships  

People  

(Social  Aspects)  

Technology  

(Technical  Aspects)  

Context/Content  

Applica�ons  

Converging  Trend  

T

ECHNICAL  

ISSUES  

B

USINESS  

ISSUES  

Internetworking  Dependency  

Since  the  

strength  

of  a  chain    

   depends  on  the  

weakest  

link,  

 

Things  to  Do  

1. Iden�fy  your  valuable  assets   2. Define  your  security  perimeter    

3. Recognize  all  related  par�es  involved  

4.  Conduct  risk  analysis  and  mi�ga�on  strategy   5.  Ensure  standard  security  system  intact  

6.  Ins�tu�onalize  the  procedures  and  mechanism   7. Share  the  experiences  among  others  

8. Con�nue  improving  security  quality  

Key  ac�vi�es:  use  the  THEORY  OF  CONSTRAINTS  !   (Find  the  weakest  link,  and  help  them  to  

What  should  we  do?  

;

 

Monitoring  the  dynamic  environment  happening  in  real  world  

and  cyber  world?    

;



Building  effec�ve  procedures  and  mechanism  among  

ins�tu�ons  responsible  for  these  two  worlds?  

;



Forming  interna�onal  framework  for  collabora�on  and  

coopera�on  to  combat  cyber  crimes?  

;

 

Finding  the  most  fast  and  effec�ve  methodology  to  educate  

society  on  cyber  security?  

;



Developing  and  adop�ng  mul�-­‐lateral  cyber  law  conven�on?  

Lessons  Learned  

;

 

As  the  value  of  internet  increase,  so  does  the  risk  of  having  it  

in  our  life.  

;



Hackers  and  crackers  help  each  others,  why  shouldn

’

t  we  

collaborate?  

Prof.  Richardus  Eko  Indrajit  

Chairman  of  ID-­‐SIRTII  and  APTIKOM  

 

indrajit@post.harvard.edu     www.eko-­‐indrajit.com