Prof. Richardus Eko Indrajit
Execu�ve Chairman of ID‐SIRTII
eko@idsir�i.or.id
indrajit@post.harvard.edu
Memberdayakan Sistem Teknologi Informasi untuk Mewujudkan Keamanan Informasi dalam Rangka Pelaksanaan Tugas Pokok TNI
Konsep – Prinsip – Strategi – Implementasi – Tata Kelola
Internet and Crimes
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
Knowledge Domain: The Cyber Six
Cyber Space
Cyber Threat
Cyber A�ack
Cyber Security Cyber
1
Cyberspace.A reality community between
PHYSICAL WORLD and ABSTRACTION WORLD
1.4 billion of real human
popula�on (internet users)
Trillion US$ of poten�al
commerce value
Billion business transac�ons
per hour in 24/7 mode
Internet is a VALUABLE thing indeed. Risk is embedded within.
Informa�on Roles
Why informa�on?
– It consists of important data and facts (news, reports,
sta�s�cs, transac�on, logs, etc.)
– It can create percep�on to the public (market, poli�cs,
image, marke�ng, etc.)
– It represents valuable assets (money, documents,
password, secret code, etc.)
– It is a raw material of knowledge (strategy, plan,
What is Internet ?
A giant network of networks where people exchange
informa�on through various different digital‐based ways:
Email Mailing List Website
Cha�ng Newsgroup Blogging
E‐commerce E‐marke�ng E‐government
“
2
Cyberthreat. The trend has increased in
an exponential rate mode
Motives are vary from
recreational to criminal purposes
Can caused significant
economic losses and political suffers
Difficult to mitigate
Threats are there to stay. Can’t do so much about it.
web defacement information leakage phishing intrusion Dos/DDoS SMTP relay virus infection hoax malware distribution botnet open proxy root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
Interna�onal Issues
What Does FBI Say About Companies:
– 91% have detected employee abuse
– 70% indicate the Internet as a frequent a�ack point
– 64% have suffered financial losses
– 40% have detected a�acks from outside
– 36% have reported security incidents
Source: FBI Computer Crime and Security
Growing Vulnerabili�es
* Gartner “CIO Alert: Follow Gartner’s Guidelines for Upda�ng Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003
** As of 2004, CERT/CC no longer tracks Security Incident sta�s�cs.
Incidents and Vulnerabilities Reported to CERT/CC
0
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
T
Vulnerabilities Security Incidents
“
“Through 2008, 90 percent of
successful hacker attacks will exploit well-known software
vulnerabilities.””
Poten�al Threats
Unstructured Threats
Insiders
Recrea�onal Hackers
Ins�tu�onal Hackers
Structured Threats
Organized Crime
Industrial Espionage
Hack�vists
Na�onal Security Threats
Terrorists
Intelligence Agencies
3
Cybera�ack.Too many a�acks have been
performed within the cyberspace.
Most are triggered by the cases in the
real world.
The eternal wars and ba�les have
been in towns lately.
Estonia notorious case has opened the
eyes of all people in the world.
A�acks Sophis�ca�on
High
Low
1980 1985 1990 1995 2005
Intruder Knowledge
Attack
Sophistication
Cross site scripting
password guessing
self-replicating code password cracking
exploiting known vulnerabilities disabling audits
back doors
hijacking sessions sweepers
sniffers packet spoofing
GUI automated probes/scans denial of service
www attacks
Tools
“
“stealth”” / advanced scanning techniques
burglaries
network mgmt. diagnostics
distributed attack tools
Staged Auto
Vulnerabili�es Exploit Cycle
Advanced Intruders Discover New Vulnerability
Crude Exploit Tools Distributed
Novice Intruders Use Crude Exploit Tools
Automated
Scanning/Exploit Tools Developed
Widespread Use of Automated Scanning/Exploit Tools
Intruders Begin Using New Types of Exploits
Highest Exposure
Time # Of
File Management
URL Management
Directory Traversal Management
Mailing List Management
Live Camera Management
Surveillance Camera Management
Security Camera Management
Mul�ple Camera Management
4
Cybersecurity.Educa�on, value, and ethics are the best defense approaches.
Lead by ITU for interna�onal
domain, while some standards are introduced by different ins�tu�on (ISO, ITGI, ISACA, etc.)
“Your security is my security”
Risk Management Aspect
Risk
Vulnerabilities Threats
Controls
Security
Requirements
Asset Values
Assets Protect
against
Strategies for Protec�on
Protecting Information
Mandatory Requirements
“Cri�cal infrastructures are those physical and cyber‐
based systems essen�al to the minimum opera�ons of the economy and government. These systems are so vital, that their incapacity or destruc�on would have a debilita�ng impact on the defense or economic
security of the na�on.”
Agriculture & Food, Banking & Finance, Chemical, Defense Industrial Base, Drinking Water and
Informa�on Security Disciplines
Physical security
Procedural security
Personnel security
Compromising emana�ons security
Opera�ng system security
Communica�ons security
a failure in any of these areas can undermine the
Best Prac�ce Standard
BS7799/ISO17799
Access Controls
Asset Classification
Controls Information
Security Policy
Security Organisation
Personnel Security
Physical Security Communication
& Operations Mgmt System
Development & Maint. Bus. Continuity
Planning
Compliance
Informa�on
Integrity Confiden�ality
These Two Guys …..
5
Cybercrime. Globally defined as INTERCEPTION,
INTERRUPTION, MODIFICATION, and FABRICATION
Virtually involving inter national
boundaries and multi resources
Intentionally targeting to fulfill
special objective(s)
Convergence in nature with
intelligence efforts.
Mo�ves of Ac�vi�es
1. Thrill Seekers
2. Organized Crime
3. Terrorist Groups
6
Cyberlaw. Difficult to keep updated as
technology trend moves
Different stories between the
rules and enforcement efforts
Require various infrastructure,
superstructure, and resources
Can be easily “out-tracked” by
law practitioners
The Crime Scenes
IT as a Tool
First Cyber Law in Indonesia.
Range of penalty:
Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million)
6 to 12 years in prison (jail)
starting from
25 March 2008
Main Challenge.
ILLEGAL
“… the distribution of
illegal materials within the internet …”
ILLEGAL
“… the existence of
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
The Background
It all starts from the hacking incident to the Na�onal Elec�on System in 2004:
WHO should response to the NATIONAL LEVEL ICT incident ?
HACKED !!!
The Founda�on
Established on May 2006 as
the National CSIRT/CC of Indonesia
National Police ISP
Association
Department of Justice General Attorney
ICT Professional Association Ministry of ICT
Minister of ICT Decree No.26/PER/M.KOMINFO/2007
regarding Indonesian Security Incident Response Team on Internet Infrastructure
National Constitution UU No.36/1999
regarding National Telecommunication Industry
Government Regulation No.52/2000
regarding Telecommunication Practices
The Mission
The Major Tasks
Monitoring internet traffic for incident management
Managing traffic log files for law enforcement
Advising cri�cal infrastructure ins�tu�ons
Educa�ng public on informa�on security aspect
Conduc�ng training and development effort
Running simula�on laboratory and R&D center
The Cons�tuents
The CERTs Topology
ID-SIRTII (CC) as National CSIRT
Sector CERT Internal CERT Vendors CERT Community CERT
Bank CERT Airport CERT University CERT
GOV CERT Military CERT
SOE CERT SME CERT
Telkom CERT
SGU CERT
Police CERT
KPK CERT
CIMB CERT
KPU CERT
Pertamina CERT
Hospital CERT Kominfo CERT
Cisco CERT
Microsoft CERT
Oracle CERT
SUN CERT
IBM CERT
SAP CERT
Yahoo CERT
Google CERT
A CERT
B CERT
C CERT
D CERT
Lemsaneg CERT
PANDI CERT
Security FIRST
Central Bank CERT
The People
Deputy of Operation and Security
Deputy of Data Center, Applications & Database
Deputy of Research and Development
Deputy of Education and Public Affairs
Deputy of External Collaborations
Chairman
Vice Chairman General Secretary
Inspection Board
Advisory Board Ministry of ICT
Directorate of Post & Telecommunication
The Technology
The Holis�c View
SECURE INTERNET INFRASTRUCTURE
ENVIRONMENT
People Process Technology
Log File Management
System Traffic Monitoring
System Preventive
and Reactive
Quality Mngt. System Advisory
Board
Executive Board
MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD
STAKEHOLDERS COLLABORATION AND SUPPORT
NATIONAL REGULATION AND GOVERNANCE
Interna�onal Link and Partners
MyCERT
SingCERT
ThaiCERT
BrCERT
VietnamCERT
BangCERT
JPCERT/CC
KrCERT/CC
APCERT
FIRST/USA
BhutanCERT
CamCERT
MMCERT
MongCERT
ChinaCERT
KirzhistanCERT
IndiaCERT
UzbekCERT
AzerbaijanCERT
PhCERT
SrilankaCERT
Kiriba�CERT
AusCERT
The Headquarter
Ravindo Tower 17th Floor Kebon Sirih Kav. 75
Work Philosophy
Why does a car have BRAKES ???
The car have BRAKES so that it can go FAST … !!!
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
Two Way Rela�onship
Cyber Space
Real World
“
Two Way Rela�onship
relate relate
Cyber Space
Real World
real interaction real transaction
real resources real people
flow of information flow of product/services
Two Way Rela�onship
Cyber Space
Real World
Ethics Law
Rule of Conduct Mechanism
Cyber Law
“
Classic Defini�on of War
WAR is here to stay…
“
“Can Cyber Law alone
become the weapon for modern defense against 21st century
impact
Two Way Rela�onship
Cyber Space impact
Two Way Rela�onship
threaten
attack
crime
blackmail
destroy
penetrate
destroy
disrupt terminate
Two Way Rela�onship
investigate
suspect
sabotage
inspect
examine
spy
gossip justify
The Paradox of Increasing Internet Value
internet
users transac�on value interac�on frequency communi�es spectrum usage objec�ves
+ + + + =
The Internet Value
threats
it means…
Internet Security Issues Domain
INTERNET SECURITY
T
ECHNICALISSUES
B
USINESS ISSUESS
OCIALISSUES Internet is formed
through connec�ng
All technical components
As technology mimic, enable, drive, and transform the business, internet dependency is high
For the ac�vi�es that rely on �me and space – where resources and processes can be digitalized ‐ the
network is the business
What are interac�ng in the net are real people, not just a bunch of “intellectual machines” – by the end of the day,
human mind, characters, behaviors, and values ma�er
It is not an “isolated world” that does not have any
Technical Trend Perspec�ve
malicious
code vulnerabili�es spam and spyware phishing and iden�fy the� �me to exploita�on
Social Trend Perspec�ve
policy vs. design enforcement vs. culture
regula�on vs. ethical behavior
preven�on vs. reac�on
top‐down vs. bo�om‐up
pressure vs. educa�on
The Core Rela�onships
People
(Social Aspects)
Technology
(Technical Aspects)
Context/Content Applica�ons
Converging Trend
T
ECHNICALISSUES
B
USINESS ISSUESS
OCIALInternetworking Dependency
Since the strength of a chain
depends on the weakest link,
Things to Do
1. Iden�fy your valuable assets
2. Define your security perimeter
3. Recognize all related par�es involved
4. Conduct risk analysis and mi�ga�on strategy
5. Ensure standard security system intact
6. Ins�tu�onalize the procedures and mechanism
7. Share the experiences among others
8. Con�nue improving security quality
Key ac�vi�es: use the THEORY OF CONSTRAINTS !
(Find the weakest link, and help them to
What should we do?
Monitoring the dynamic environment happening in real world
and cyber world?
Building effec�ve procedures and mechanism among
ins�tu�ons responsible for these two worlds?
Forming interna�onal framework for collabora�on and
coopera�on to combat cyber crimes?
Finding the most fast and effec�ve methodology to educate
society on cyber security?
Developing and adop�ng mul�‐lateral cyber law conven�on?
Ac�ng like intelligence agencies? Interpol? Detec�ves?
Lessons Learned
As the value of internet increase, so does the risk of having it
in our life.
Hackers and crackers help each others, why shouldn’t we
collaborate?
Enough talking and planning, start execu�ng your risk
Prof. Richardus Eko Indrajit
Chairman of ID‐SIRTII and APTIKOM
indrajit@post.harvard.edu www.eko‐indrajit.com
