Managing High-Volume Cyber Attacks Through Effective Strategies in Indonesia

Managing High-Volume Cyber Attacks Through Effective Strategies in Indonesia

Yudhistira Nugraha I Head of Risk Management

Directorate of Information Security

Ministry of Communication and Information Technology of Republic Indonesia

Presentation Outline

Increasing Risk in Indonesia

Cyber Security Ecosystem

Introduction of GSIRT

Discussion

Presentation Outline

24 x & National CERTs in the World

3

APCERT-CC

4

The government should

immediately create a

National Cyber

Security Policy to

be used as a reference

of all sectors in

addressing cyber

security issue.

Indonesia Security

Incident Response Team

on Internet Infrastructure

(ID-SIRTII) recorded that

approximately one

million cyber attacks are

directed to Indonesia

everyday. The country’s

low security system has

led to high levels of

attack.

Indonesia Faces 1 Million Cyber Attacks Daily

5

• Real incident reported such as phishing, identity theft, data (information

resources) stealing, critical information resources hostages, information

leakage, insider attack (i.e. virus spread)

• Cases: cyber war, fraud, defamation, hoax, gambling, trafficking, child

predator, pornography, prostitution, money laundering & terrorism,

underground economy - UU ITE 11 / 2008

• Malicious code, common vulnerabilities/zero day attack -pirate software

are widely used (not updated), political (for instance ID vs. MY)

• Content blocking policy (Blacklist Policy)

Increasing Risk in Indonesia

6

• Web defacing rally (vandalism) are the most favorite action

• Incident caused by political issues mostly comes from MY for instance

• 1,1 million events (possible attack) daily, mostly CN & US IP’s

• Cyber fraud, phishing, email and SMS fraud, malware, local SPAM

increase last 2 years

• Social network attack, messaging service attack, targeted attack

Recent Risk Report in Indonesia

Presentation Outline

Increasing Risk in Indonesia

Cyber Security Ecosystem

Introduction of GSIRT

Discussion

Presentation Outline

9

NATIONAL

CYBER SECURITY

INSTITUTION

Central and Local

Government

Law

Enforcement

International

CSIRTs/CERTs

National

Security

Communities

The Cyber Security Ecosystem

Other ActsEIT Act(UU ITE No 11/2008)

• Penal Code

• Criminal Procedures

• Pornography

• Data Protection

• Consumers Protection

• Taxation

• etc.

Trustworthiness

Certification

Privacy

E-Transaction

Domain Name

Cyberlaw(Law protection for electronic-base activities from cyber crime and misuse)

Government Regulation, 82/2012(Electronic System Provider and Electronic

Transaction)

Ministerial

CirculationMinisterial

Regulation

Telecommunication Act, No. 36/1999 &

Information and Transaction Electronic Act,

No.11/ 2008

Ele

ctr

on

ic S

ys

tem

Go

ve

rna

nc

e a

nd

Ris

k M

an

ag

em

en

t

Ele

ctr

on

ic

Sig

natu

re

Tru

stw

ort

hin

ess

Cert

ific

ation B

ody

Ele

ctr

on

ic A

ge

nt,

Ce

rtific

atio

n,

Syste

m, T

ransaction

Se

rvic

es P

rovid

er

Sp

am

&

Do

main

Nam

e

Th

rou

gh

De

ve

lop

me

nt o

f

Info

rma

tio

n S

ecu

rity

Aw

are

ne

ss

Monitoring,

Com

plia

nce a

nd

Enfo

rcem

ent

Awareness Program through continuous Human Resource Training

Cyber Security Legal Framework

Presentation Outline

Increasing Risk in Indonesia

Cyber Security Ecosystem

Introduction of GSIRT

Discussion

Presentation Outline

GOV-CSIRT is part of the Directorate of Information Security, Ministry of Communication and Information Technology and

consist of a general manager and 2 teams for monitoring, evaluation and incident response .

Cyber Security Institutions

Security Incident Services

Mission

Activities

Services

Memberships

Partherships

Point of Contact

Operational Framework

Gov-CSIRT, the aim is: to increase

the level of information security in

government organisations

through collaboration,

sharing of knowledge and dealing with ICT related incidents and large scale emergencies

GO

VC

SIR

T.I

D

is t

he C

om

pu

ter

Secu

rity

In

cid

en

t

Resp

on

se T

eam

fo

r th

e I

nd

on

esia

n

go

vern

men

t.

GovCSIRT.ID(Computer Security Incident Response Team for Indonesia Government)

Mission

Activities

Services

Memberships

Partherships

Point of Contact

Operational Framework

Constantlymonitors the activities and news on the

internet.The knowledge

that is the basis of our service provision is

acquired through this monitoring

and the activities in our networks.

GO

VC

SIR

T.I

D

is t

he C

om

pu

ter

Secu

rity

In

cid

en

t

Resp

on

se T

eam

fo

r th

e I

nd

on

esia

n

go

vern

men

t.

GovCSIRT.ID(Computer Security Incident Response Team for Indonesia Government)

Mission

Activities

Services

Memberships

Partherships

Point of Contact

Operational Framework

Supportinggovernment

organizations in preventing and dealing with ICT

security incidentsThere is an increasing

demand for our expertise. Some examples of our service provision

are: ICT Risk Alert, publications on current issues,

incident response

GO

VC

SIR

T.I

D

is t

he C

om

pu

ter

Secu

rity

In

cid

en

t

Resp

on

se T

eam

fo

r th

e I

nd

on

esia

n

go

vern

men

t.

GovCSIRT.ID(Computer Security Incident Response Team for Indonesia Government)

Mission

Activities

Services

Memberships

Partherships

Point of Contact

Operational Framework

Membership of Gov-CSIRT is open to any government organization with a

100% public assignment (publicly

funded).

Central Government/Agenci

es (161)

Provincial Government (33)

Local Government (497)

GO

VC

SIR

T.I

D

is t

he C

om

pu

ter

Secu

rity

In

cid

en

t

Resp

on

se T

eam

fo

r th

e I

nd

on

esia

n

go

vern

men

t.

GovCSIRT.ID(Computer Security Incident Response Team for Indonesia Government)

Mission

Activities

Services

Memberships

Partherships

Point of Contact

Operational Framework

In the national context, GOV-CSIRTworks together with

National Police, National

Infrastructure , Telecom Operators,

Internet service providers and other incident response

teams in IndonesiaGOV-CSIRT is

continuing to be part of an extensive network of affiliated

organizations, mainly other (GovCERTs).

GO

VC

SIR

T.I

D

is t

he C

om

pu

ter

Secu

rity

In

cid

en

t

Resp

on

se T

eam

fo

r th

e I

nd

on

esia

n

go

vern

men

t.

GovCSIRT.ID(Computer Security Incident Response Team for Indonesia Government)

Mission

Activities

Services

Memberships

Partherships

Point of Contact

Operational Framework

The Gov-CSIRT point of contact arrangements have been established

to provide a framework for sharing information about serious and time

critical computer threats, vulnerabilities

or incidents for the constituency.

At all times, urgent incident related can be shared with Gov-CSIRT

via e‐mail to [email protected]

fo.go.id. Other questions or

information can be sent to

[email protected].

GO

VC

SIR

T.I

D

is t

he C

om

pu

ter

Secu

rity

In

cid

en

t

Resp

on

se T

eam

fo

r th

e I

nd

on

esia

n

go

vern

men

t.

GovCSIRT.ID(Computer Security Incident Response Team for Indonesia Government)

Mission

Activities

Services

Memberships

Partherships

Point of Contact

Operational Framework

An operational framework of our

organisation according to the

RFC standard (RFC2350)

Please refer to http://insting.ko

minfo.go.id/tentang-idgovcert/rfc-

2350/

GO

VC

SIR

T.I

D

is t

he C

om

pu

ter

Secu

rity

In

cid

en

t

Resp

on

se T

eam

fo

r th

e I

nd

on

esia

n

go

vern

men

t.

GovCSIRT.ID(Computer Security Incident Response Team for Indonesia Government)

DISCUSSION

THANK YOU

Yudhistira Nugraha I Head of Risk ManagementEmail : [email protected]

Ministry of Communication and Information Technology of Republic Indonesia