Upload
doxuyen
View
229
Download
0
Embed Size (px)
Citation preview
1Indosat IR - New Template v23 1220.pptx
Indonesia National Cyber Security :Toward a Holistic Approach
5th Asia Pasific Regulator’s RoundtableKuala Lumpur, 24 – 25 August 2015
Dr. Muhammad Imam Nashiruddin, MTThe Indonesian Telecommunication Regulatory Authority (BRTI)
2
CYBER WARFARE/ATTACK
STUXNET
Wikileaks
Estonia Cyber Attack 2007
Russia-GeorgiaCyber warfare 2008
And manymore...
3
THREE DIMENSIONS OF CYBER THREAT/ATTACK
Cyberthreat/attack canbe divided intothree dimensions.These threats
potentiallydestroying theeconomy anddestabilize thecountry's security.
Social/CulturalAttack
Sources: Indonesia National ICT Council, DETIKNAS 2013
4
GENERAL ITU NATO
Cybersecurity is the body oftechnologies, processes andpractices designed to protectnetworks, computers, programsand data from attack, damage orunauthorized access. In acomputing context, the termsecurity implies cybersecurity.Ensuring cybersecurity requirescoordinated efforts throughoutan information system.
Elements of cybersecurityinclude:• Application security• Information security• Network security• Disaster recovery / businesscontinuity planning• End-user education.
“Cybersecurity is the collection oftools, policies, security concepts,security safeguards, guidelines, riskmanagement approaches, actions,training, best practices, assuranceand technologies that can be used toprotect the cyber environment andorganization and user’s assets.
The Global Cybersecurity Agenda:1) Legal Measures => cybercrimelegislation2) Technical and Procedural Measures=>End users and businesses (directapproach); and Service providers andsoftware companies3) Organizational Structures => highlydeveloped organizational structures,avoid overlapping,4) Capacity Building & User’s education=>public campaigns + opencommunication of the latest cybercrimethreats5) International Cooperation => MutualLegal Assistance of the LEA’s
National Cyber Security (NCS): Defined ‘The focusedapplication of specific governmental levers and informationassurance principles to public, private and relevantinternational ICT systems, and their associated content,where these systems directly pertain to national security.’The 5 Mandates (Different interpretations of NCS & commonactivities)• Military Cyber• Counter Cyber Crime• Intelligence and Counter-Intelligence• Critical Infrastructure Protection and National CrisisManagement• Cyber Diplomacy and Internet Governance+ 3 ‘Cross Mandates’:
• coordination,• Information exchange and data protection,• research & development and education
The 3 Dimensions: Different stakeholder groups in NCS• Governmental (central, state, local) – ‘coordination’• National (CIP/contactors, security companies, civilsociety) – ‘co-operation’• International (legal, political and industry frameworks) –‘collaboration’The 5 Dilemmas:• Balancing the cost and benefits of NCS• Stimulate the Economy vs. Improve National Security• Infrastructure Modernisation vs. Critical InfrastructureProtection• Private Sector vs. Public Sector• Data Protection vs. Information Sharing• Freedom of Expression vs. Political Stability
CYBER SECURITY
LAYERS OF CYBER SECURITY Implementation of
cyber securitytechnologies andprocessesperformed at eachlayers.
Cyber security atevery layer is calleddefense in depth.
Defense in Depthstrategy is to achievethe main objectivesof security, namelyAvailability, Integrity,Confidentiality (AICTriad).
Data
Application
Host
Internal Network
External Network
6
7
IS INDONESIA UNDER ATTACK???Over the last three years,
Indonesia was attacked 3,9millions in cyber space.(Sources: Minister of ICT, April3rd, 2013).During January-October 2012,
The most attacked website isGovernment websites/domain:go.id (Sources: ID-SIRTII,2012).
Sources: ID-SIRTII
Sources: Detikinet, 2013
8
9
OBSTACLES AND CHALLENGES OF INDONESIANATIONAL CYBER SECURITY
Vision of CyberSecurity notIntregated
Quantity and Quality ofInformation Security Human
Resources are Limited
ICT Critical InfrastructureProtection Mechanisms and
Standards not exist
Cyber Law andPolicy not
Completed
Governance and Organizationof National Cyber Security not
Synergized
Weakness ofCoordination and
Cooperation betweenAgency
Application, Data andInfrastructure of
Information Security notIntegrated
Lack ofAwareness inInformation
Security
Obstacles andChallenges
ofNational Cyber
Security
Obstacles andChallenges
ofNational Cyber
Security
Sources: Indonesia National ICT Council, DETIKNAS 2013
11
Indonesia National Cyber SecurityConceptual Framework (INCS)
Sources: Indonesia National ICT Council, Detiknas 2012
Avai
labi
lity
Inte
grity
Conf
iden
tialit
y
Shar
ed re
spon
sibi
litie
s
Org
aniza
tion
Stru
ctur
es
Capa
city
Bui
ldin
g
Inte
rnat
iona
l Coo
pera
tion
Tech
nica
l and
Pro
cedu
ral
Lega
l
Risk Management
Leadership
Part
ners
hip
Security Strategic Level
Security Operational Level
Security Tactical Level
Direct
Execute
Cont
rol
12
6 STRATEGIC PRIORITY OF INDONESIA NATIONAL CYBERSECURITY
Strengthe-ning Policies
andRegulations
Establishmentof Governance
andOrganization
CriticalInfrastructure Protection
Implementation of System
andTechnology
CapacityBuilding for
HumanResources
InternationalCollaboration
andCooperation
Security and Sovereignty in Indonesia Cyber Space
Sources: Indonesia National ICT Council, DETIKNAS 2013
13
THE CONCEPT OF NCS ORGANIZATION STRUCTURE
The Concept ofIndonesia NCSorganization structureconsists of multi-organization.
INCS organizationcontains of skilled,proficient, andexperiencedemployees withprosperousinformation securityknowledge inside theirparts of specialization.
Sources: Indonesia National ICT Council, DETIKNAS 2013
14
COMPARISON OF CYBER SECURITY ORGANIZATION
Level Australia UK Indonesia
Strategic Cyber Security Policy and Coordination Committee(Lead Agency: The Attorney-General’s Department)
Function: interdepartmental committee thatcoordinates the development of cyber security policyfor theAustralian Government.
Office of Cyber Security (OCS)
function: to provide strategic leadership forand coherence across Government;
BCN -BadanCyberNasional(Office ofNationalCyberSecurity)
Tactical Cyber Security Operations Centre (CSOC) (UnderDirectorate: Defense SignalsDirectorate)
Function: provides the Australian Government withall-source cybersituational awareness and an enhanced ability tofacilitate operational responses to cyber securityevents of national importance.
Cyber Security Operations Centre (CSOC)
Function: actively monitor the health of cyberspace and co-ordinate incident response; toenable better understanding of attacks againstUK networks and users; to provide betteradvice and information about the risks tobusiness and thepublic.
CyberSecurityOperationsCentre(TBD)
Operational CERTAustralia
GovCertUK ID-SIRTIIGovCertID-Cert
15
INDONESIA NATIONAL CYBER SECURITY ORGANIZATIONSTRUCTURE FRAMEWORK
Sources: Indonesia National ICT Council, DETIKNAS 2013
16
ORGANIZATION MAPPING RECOMENDATION
Protect cyberspace environmentProtect cyberspace environment
Homeland Security
Preventive and capacity buildingPreventive and capacity building
Intelligence
KEMKOMINFO BIN LEMSANEG KEMDIKBUD
Protect militer cyberspaceenvironment
Protect militer cyberspaceenvironment
Defense
KEMHAN TNI
Investigation and Prosecution ofcriminal in cyberspace
Investigation and Prosecution ofcriminal in cyberspace
Law Enforcement
POLRI
KEMENKOPOLHUKAM
CoordinationCoordination
Coordinator
Coordinator-Incident Response Team
KEJAKSAAN
Gov-Cert ID-ACAD-CSIRT ID CERT ......Sour
ces:
Indo
nesia
Nat
iona
l ICT
Cou
ncil,
DET
IKNA
S 20
13
17
?CyberThreat
CyberDefence
CyberResilience
CyberAttack
CyberCrime
CyberSecurity
18
19
FRAMEWORK & ROADMAP BADAN CYBER NASIONAL (BCN) 2015 – 2019
20
P E R A N , T U G A S & F U N G S I
SATGAS Dalam MelaksanakanOperasi Terpadu Bekerjasama& Berkoordinasi Dengan FCN
Visi & Misi BCNMelindungi Kepentingan Nasional
( IPOLEKSOSBUDHANKAM )di Ruang Cyber (Cyberspace)
DampakPerkembangan SituasiGlobal, Regional & NasionalTerhadap Kepentingan Nasional di Ruang Cyber
Menimbulkan Kerentanan Informasi Nasional& Ketidakamanan Cyber Nasional
21
CONCLUSIONS
Securing Indonesia Cyberspace is essential to createconducive and sustainability environment.Indonesia has a national cyber security strategy in order to
focus on the development cyber security program.National Cyber Security is a very complex problem,
collaboration and cooperation with all stakeholders areneeded.
22Indosat IR - New Template v23 1220.pptx
Twenty years from now you will be more disappointed by the things you didn'tdo than by the ones you did do. So sail away from the safe harbour. Catch thetrade winds in your sails. Explore. Dream. Discover.
- Mark Twain