Cyberspace, Cyberattack, Cybercrime, Cybersecurity, Cyberlaw. TECHNICAL or SOCIAL ISSUES?

+

Cyberspace. Cyberattack. Cybercrime. Cybersecurity. Cyberlaw.

TECHNICAL or SOCIAL ISSUES?

Prof. Richardus Eko Indrajit [email protected]

 Chairman of ID-SIRTII  Research Director Swiss German University

 President of APTIKOM

+Cyberspace.

n  A reality community between PHYSICAL WORLD and ABSTRACTION WORLD

n  1.4 billion of real human population (internet users)

n  Trillion US$ of potential commerce value

n  Billion business transactions per hour in 24/7 mode

Internet is a VALUABLE thing indeed. Risk is embedded within.

2

+Cyberattack.

n  The trend has increased in an exponential rate mode

n  Mostly triggered by real physical events

n  Has caused some significant economic losses and political suffers

n  More difficult to mitigate due to its characteristics

Threats are there to stay. Can’t do so much about it.

web defacement information leakage phishing intrusion Dos/DDoS

SMTP relay virus infection hoax malware distribution botnet open proxy

root access theft sql injection trojan horse worms password cracking

spamming malicious software spoofing blended attack

3

+Cybercrime.

n  Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION

n  Virtually involving inter national boundaries and multi resources

n  Intentionally targeting to fulfill special objective(s)

n  Convergence in nature with intelligence efforts.

Crime has intentional objectives. Stay away from the bull’s eye.

4

+Cybersecurity.

Education, value, and ethics are the best defense approaches.

n  Lead by ITU for international domain, while some standards are introduced by different institution (ISO, ITGI, ISACA, etc.)

n  “Your security is my security” – individual behavior counts while various collaborations are needed

5

+Cyberlaw.

n  Difficult to keep updated as technology trend moves

n  Different stories between the rules and enforcement efforts

n  Require various infrastructure, superstructure, and resources

n  Can be easily “out-tracked” by law practitioners

Cyberlaw is here to protect you. At least playing role in mitigation.

6

+Technical AND Social Issues.

n  It IS “technical” because internet is constructed by physical electronic and digital based devices.

n  It IS “social” since people are interacted to each others in such virtual world.

n  So, issues on cyberspace, cyberattack, cybercrime, cybersecurity, and cyberlaw should be solved by using technical and social approaches!

n  In this respects ID-SIRTII is formed within the nation.

7

+ID-SIRTII Mission and Objectives.

“To expedite the economic growth of the country through providing the society with secure internet environment within the nation”

1. Monitoring internet traffic for incident handling purposes.

2. Managing log files to support law enforcement.

3. Educating public for security awareness.

4. Assisting institutions in managing security.

5. Providing training to constituency and stakeholders.

6. Running laboratory for simulation practices.

7. Establishing external and international collaborations.

8

+Constituents and Stakeholders.

9

ID-SIRTII

ISPs

NAPs

IXs

Law Enforcement

National Security

Communities

International CSIRTs/CERTs

Government of Indonesia

sponsor

+Coordination Structure.

10

ID-SIRTII (CC) as National CSIRT

Sector CERT Internal CERT Vendor CERT Commercial CERT

Bank CERT

Airport CERT

University CERT

GOV CERT

Military CERT

SOE CERT

SME CERT

Telkom CERT

BI CERT

Police CERT

KPK CERT

Lippo CERT

KPU CERT

Pertamina CERT

Hospital CERT UGM CERT

Cisco CERT

Microsoft CERT

Oracle CERT

SUN CERT

IBM CERT

SAP CERT

Yahoo CERT

Google CERT

A CERT

B CERT

C CERT

D CERT

E CERT

F CERT

G CERT

H CERT

Other CERTs Other CERTs Other CERTs Other CERTs

+Major Tasks.

11

INCIDENT HANDLING DOMAIN and ID-SIRTII MAIN TASKS

Reactive Services Proactive Services Security Quality Management Services

1. Monitoring traffic Alerts and Warnings Announcements Technology Watch

Intrusion Detection Services

x

2. Managing log files Artifact Handling x x

3. Educating public x x Awareness Building

4. Assisting institutions Security-Related Information

Dissemnination Vulnerability Handling

Intrusion Detection Services

Security Audit and Assessment Configuration and Maintenenace of Security Tools, Applications,

and Infrastructure

Security Consulting

5. Provide training x X Education Training

6. Running laboratory x x Risk Analysis BCP and DRP

7. Establish collaborations Incident Handling x Product Evaluation

+Incidents Definition and Samples.

12

web defacement information leakage phishing intrusion Dos/DDoS

SMTP relay virus infection hoax malware distribution botnet open proxy

root access theft sql injection trojan horse worms password cracking

spamming malicious software spoofing blended attack

“one or more intrusion events that you suspect are involved in a possible violation of your security policies”

“an event that has caused or has the potential to cause damage to an organization's business systems, facilities, or personnel”

“any occurrence or series of occurrences having the same origin that results in the discharge or substantial threat”

“an undesired event that could have resulted in harm to people, damage to property, loss to process, or harm to the

environment.”

+Priorities on Handling Incidents.

13

TYPE OF INCIDENT AND ITS PRIORITY

Public Safety and National Defense

(Very Priority)

Economic Welfare

(High Priority)

Political Matters

(Medium Priority)

Social and Culture Threats

(Low Priority)

1. Interception

Many to One

One to Many

Many to Many

Automated Tool (KM-Based Website)

2. Interruption

Many to One

One to Many

Many to Many

Automated Tool (KM-

Based Website)

3. Modification

Many to One

One to Many

Many to Many

Automated Tool (KM-

Based Website)

4. Fabrication

Many to One

One to Many

Many to Many

Automated Tool (KM-

Based Website)

+Priorities on Handling Incidents.

14

TYPE OF INCIDENT AND ITS PRIORITY

Public Safety and National Defense

(Very Priority)

Economic Welfare

(High Priority)

Political Matters

(Medium Priority)

Social and Culture Threats

(Low Priority)

1. Interception

Many to One

One to Many

Many to Many

Automated Tool (KM-Based Website)

2. Interruption

Many to One

One to Many

Many to Many

Automated Tool (KM-

Based Website)

3. Modification

Many to One

One to Many

Many to Many

Automated Tool (KM-

Based Website)

4. Fabrication

Many to One

One to Many

Many to Many

Automated Tool (KM-

Based Website)

+Core Chain of Processes.

15

Monitor Internet Traffic

Manage Log Files

Response and Handle Incidents

Establish External and International Collaborations

Run Laboratory for Simulation Practices

Provide Training to Constituency and Stakeholders

Assist Institutions in Managing Security

Educate Public for Security Awareness

Deliver Required Log Files

Analyse Incidents

Report on Incident Handling

Management Process and

Research Vital

Statistics

Supporting Activities

Core Process

+Legal Framework.

16

Undang-Undang No.36/1999 regarding National Telecommunication Industry

Peraturan Pemerintah No.52/2000 regarding Telecommunication Practices

Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006 regarding Security on IP-Based Telecommunication Network Management

Peraturan Menteri No.26/PER/M.KOMINFO/2007 regarding Indonesian Security Incident Response Team on Internet Infrastructure

New Cyberlaw on Information and Electronic Transaction

+Holistic Framework.

17

SECURE INTERNET INFRASTRUCTURE

ENVIRONMENT

People

Process

Technology

Log File Management

System

Traffic Monitoring

System

Incident Indication Analysis

Incident Response.

Management

Advisory Board

Executive Board

MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD

STAKEHOLDERS COLLABORATION AND SUPPORT

NATIONAL REGULATION AND GOVERNANCE

STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT

+First Cyber Law in Indonesia.

18

Range of penalty:   Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million)   6 to 12 years in prison (jail)

starting from 25 March 2008

Picture: Indonesia Parliament in Session

+Main Challenge.

19

ILLEGAL “… the distribution of illegal materials within the internet …”

ILLEGAL “… the existence of source with illegal materials that can be accessed through the internet …”

+Challenges to ID-SIRTII Activities.

n  Prevention n  “Securing” internet-based transactions n  Reducing the possibilities of successful attacks n  Working together with ISP to inhibit the distribution of illegal

materials

n  Reaction n  Preserving digital evidence for law enforcement purposes n  Providing technical advisory for further mitigation process

n  Quality Management n  Increasing public awareness level n  Ensuring security level in critical infrastructure institutions

20

+Work Philosophy.

Why does a car have BREAKS ??? The car have BREAKS so that it can go FAST … !!!

Why should we have regulation? Why should we establish institution? Why should we collaborate with others? Why should we agree upon mechanism? Why should we develop procedures? Why should we have standard? Why should we protect our safety? Why should we manage risks? Why should we form response team?

+

Q&A and Discussion.

THANK YOU.

Richardus Eko Indrajit [email protected]

Chairman of ID-SIRTII