+
Cyber-6 Cyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw.
Prof. Dr. Ir. Richardus Eko Indrajit MSc, MBA, MA/Msi, MPhil, ACPM, CWM, ICWM, CEH Website: http://eko-indrajit.info Email: [email protected] Chairman of ID-SIRTII and APTIKOM
+Knowledge Domain
Cyber Space
Cyber Threat
Cyber Attack
Cyber Security
Cyber Crime
Cyber Law
+
Cyber Space
+Cyberspace.
n A reality community between PHYSICAL WORLD and ABSTRACTION WORLD
n 1.4 billion of real human population (internet users)
n Trillion US$ of potential commerce value
n Billion business transactions per hour in 24/7 mode
Internet is a VALUABLE thing indeed. Risk is embedded within.
4
+Information Roles
n Why information? n It consists of important data and facts (news,
reports, statistics, transaction, logs, etc.) n It can create perception to the public (market,
politics, image, marketing, etc.) n It represents valuable assets (money, documents,
password, secret code, etc.) n It is a raw material of knowledge (strategy, plan,
intelligence, etc.)
1/25/14 The Brief Profile of ID-SIRTII
5
+What is Internet ?
n A giant network of networks where people exchange information through various different digital-based ways:
1/25/14 The Brief Profile of ID-SIRTII
6
Email Mailing List Website
Chatting Newsgroup Blogging
E-commerce E-marketing E-government
““… what is the value of internet ???””
+
Cyber Threat
+Cyberthreat.
n The trend has increased in an exponential rate mode
n Motives are vary from recreational to criminal purposes
n Can caused significant economic losses and political suffers
n Difficult to mitigate
Threats are there to stay. Can’t do so much about it.
web defacement information leakage phishing intrusion Dos/DDoS
SMTP relay virus infection hoax malware distribution botnet open proxy
root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
8
+International Issues
n What Does FBI Say About Companies: n 91% have detected employee abuse
n 70% indicate the Internet as a frequent attack point
n 64% have suffered financial losses
n 40% have detected attacks from outside
n 36% have reported security incidents
Source: FBI Computer Crime and Security Survey 2001
1/25/14 The Brief Profile of ID-SIRTII
9
+Underground Economy
1/25/14 The Brief Profile of ID-SIRTII
10
+Growing Vulnerabilities
1/25/14 The Brief Profile of ID-SIRTII
11
* Gartner “CIO Alert: Follow Gartner’s Guidelines for Updating Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003
** As of 2004, CERT/CC no longer tracks Security Incident statistics.
Incidents and Vulnerabilities Reported to CERT/CC
0500
10001500200025003000350040004500
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
Tota
l Vul
nera
bilit
ies
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
160,000
Tota
l Sec
urity
Inci
dent
s
Vulnerabilities Security Incidents
““Through 2008, 90 percent of successful hacker attacks will exploit well-known
software vulnerabilities.”” - Gartner*
+Potential Threats
Unstructured Threats w Insiders w Recreational Hackers w Institutional Hackers
Structured Threats w Organized Crime w Industrial Espionage w Hacktivists
National Security Threats w Terrorists w Intelligence Agencies w Information Warriors
1/25/14 The Brief Profile of ID-SIRTII
12
+
Cyber Attack
+Cyberattack.
n Too many attacks have been performed within the cyberspace.
n Most are triggered by the cases in the real world.
n The eternal wars and battles have been in towns lately.
n Estonia notorious case has opened the eyes of all people in the world.
Attack can occur anytime and anyplace without notice.
+
+
+
+
+
+Attacks Sophistication
1/25/14 The Brief Profile of ID-SIRTII
20
High
Low
1980 1985 1990 1995 2005
Intruder Knowledge
Attack Sophistication
Cross site scripting
password guessing
self-replicating code
password cracking
exploiting known vulnerabilities
disabling audits
back doors
hijacking sessions
sweepers
sniffers
packet spoofing
GUI automated probes/scans
denial of service
www attacks
Tools ““stealth”” / advanced scanning techniques
burglaries
network mgmt. diagnostics
distributed attack tools
Staged
Auto Coordinated
+Vulnerabilities Exploit Cycle
1/25/14 The Brief Profile of ID-SIRTII
21
Advanced Intruders Discover New Vulnerability
Crude Exploit Tools
Distributed
Novice Intruders Use Crude
Exploit Tools
Automated Scanning/Exploit Tools Developed
Widespread Use of Automated Scanning/Exploit Tools
Intruders Begin Using New Types of Exploits
Highest Exposure Time
# Of Incidents
+
Cyber Security
+Cybersecurity.
Education, value, and ethics are the best defense approaches.
n Lead by ITU for international domain, while some standards are introduced by different institution (ISO, ITGI, ISACA, etc.)
n “Your security is my security” – individual behavior counts while various collaborations are needed
23
+Risk Management Aspect
1/25/14 The Brief Profile of ID-SIRTII
24
Risk
Vulnerabilities Threats
Controls
Security Requirements
Asset Values
Assets
Protect against
Exploit
Reduce
Expose
Have Met by
Impact on Organisation
+Strategies for Protection
1/25/14 The Brief Profile of ID-SIRTII
25
Protecting Information
Protecting Infrastructure
Protecting Interactions
+Mandatory Requirements
“Critical infrastructures are those physical and cyber-based systems essential to the minimum operations of the economy and government. These systems are so vital, that their incapacity or destruction would have a debilitating impact on the defense or economic security of the nation.”
Agriculture & Food, Banking & Finance, Chemical, Defense Industrial Base, Drinking Water and Wastewater Treatment Systems, Emergency Services, Energy, Information Technology, Postal & Shipping, Public Health & Healthcare, Telecommunications, Transportation Systems
1/25/14 The Brief Profile of ID-SIRTII
26
+Information Security Disciplines
Physical security
Procedural security
Personnel security
Compromising emanations security
Operating system security
Communications security
a failure in any of these areas can undermine the security of a system
1/25/14 The Brief Profile of ID-SIRTII
27
+Best Practice Standard
1/25/14 The Brief Profile of ID-SIRTII
28
BS7799/ISO17799
Access Controls
Asset Classification
Controls
Information Security Policy
Security Organisation
Personnel Security
Physical Security Communication
& Operations Mgmt
System Development &
Maint.
Bus. Continuity Planning
Compliance
Information
Integrity Confidentiality
Availability
1
2
3
4
5
6
7
8
9
10
+
Cyber Crime
+Cybercrime.
n Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION
n Virtually involving inter national boundaries and multi resources
n Intentionally targeting to fulfill special objective(s)
n Convergence in nature with intelligence efforts.
Crime has intentional objectives. Stay away from the bull’s eye.
30
+The Crime Scenes
1/25/14 The Brief Profile of ID-SIRTII
31
IT as a Tool
IT as a Storage Device IT as a Target
+Type of Attacks
1/25/14 The Brief Profile of ID-SIRTII
32
+Malicious Activities
1/25/14 The Brief Profile of ID-SIRTII
33
+Motives of Activities
1. Thrill Seekers
2. Organized Crime
3. Terrorist Groups
4. Nation-States
1/25/14 The Brief Profile of ID-SIRTII
34
+
Cyber Law Cyberspace. Cyberthreat.Cyberattack. Cybersecurity. Cybercrime. Cyberlaw.
+Cyberlaw.
n Difficult to keep updated as technology trend moves
n Different stories between the rules and enforcement efforts
n Require various infrastructure, superstructure, and resources
n Can be easily “out-tracked” by law practitioners
Cyberlaw is here to protect you. At least playing role in mitigation.
36
+The Crime Scenes
1/25/14 The Brief Profile of ID-SIRTII
37
IT as a Tool
IT as a Storage Device IT as a Target
+First Cyber Law in Indonesia.
38
Range of penalty: Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million) 6 to 12 years in prison (jail)
starting from 25 March 2008
Picture: Indonesia Parliament in Session
+Main Challenge.
39
ILLEGAL “… the distribution of illegal materials within the internet …”
ILLEGAL “… the existence of source with illegal materials that can be accessed through the internet …”
+
ID-SIRTII Indonesia Security Incident Response Team on Internet Infrastructure
+ID-SIRTII Mission and Objectives.
““To expedite the economic growth of the country through providing the society with secure internet environment within the nation””
1. Monitoring internet traffic for incident handling purposes.
2. Managing log files to support law enforcement.
3. Educating public for security awareness.
4. Assisting institutions in managing security.
5. Providing training to constituency and stakeholders.
6. Running laboratory for simulation practices.
7. Establishing external and international collaborations.
41
+Constituents and Stakeholders.
42
ID-SIRTII
ISPs
NAPs
IXs
Law Enforcement
National Security
Communities
International CSIRTs/CERTs
Government of Indonesia
sponsor
+Coordination Structure.
43
ID-SIRTII (CC) as National CSIRT
Sector CERT Internal CERT Vendor CERT Commercial CERT
Bank CERT
Airport CERT
University CERT
GOV CERT
Military CERT
SOE CERT
SME CERT
Telkom CERT
BI CERT
Police CERT
KPK CERT
Lippo CERT
KPU CERT
Pertamina CERT
Hospital CERT UGM CERT
Cisco CERT
Microsoft CERT
Oracle CERT
SUN CERT
IBM CERT
SAP CERT
Yahoo CERT
Google CERT
A CERT
B CERT
C CERT
D CERT
E CERT
F CERT
G CERT
H CERT
Other CERTs Other CERTs Other CERTs Other CERTs
+Major Tasks.
44
INCIDENT HANDLING DOMAIN and ID-SIRTII MAIN TASKS
Reactive Services Proactive Services Security Quality Management Services
1. Monitoring traffic Alerts and Warnings Announcements Technology Watch
Intrusion Detection Services
x
2. Managing log files Artifact Handling x x
3. Educating public x x Awareness Building
4. Assisting institutions Security-Related Information
Dissemnination Vulnerability Handling
Intrusion Detection Services
Security Audit and Assessment Configuration and Maintenenace of Security Tools, Applications,
and Infrastructure
Security Consulting
5. Provide training x X Education Training
6. Running laboratory x x Risk Analysis BCP and DRP
7. Establish collaborations Incident Handling x Product Evaluation
+Incidents Definition and Samples.
45
web defacement information leakage phishing intrusion Dos/DDoS
SMTP relay virus infection hoax malware distribution botnet open proxy
root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
““one or more intrusion events that you suspect are involved in a possible violation of your security policies””
““an event that has caused or has the potential to cause damage to an organization's business systems, facilities, or personnel””
““any occurrence or series of occurrences having the same origin that results in the discharge or substantial threat””
““an undesired event that could have resulted in harm to people, damage to property, loss to process, or harm to the
environment.””
+Priorities on Handling Incidents.
46
TYPE OF INCIDENT AND ITS PRIORITY
Public Safety and National Defense
(Very Priority)
Economic Welfare
(High Priority)
Political Matters
(Medium Priority)
Social and Culture Threats
(Low Priority)
1. Interception
Many to One
One to Many
Many to Many
Automated Tool (KM-Based Website)
2. Interruption
Many to One
One to Many
Many to Many
Automated Tool (KM-
Based Website)
3. Modification
Many to One
One to Many
Many to Many
Automated Tool (KM-
Based Website)
4. Fabrication
Many to One
One to Many
Many to Many
Automated Tool (KM-
Based Website)
+Core Chain of Processes.
47
Monitor Internet Traffic
Manage Log Files
Response and Handle Incidents
Establish External and International Collaborations
Run Laboratory for Simulation Practices
Provide Training to Constituency and Stakeholders
Assist Institutions in Managing Security
Educate Public for Security Awareness
Deliver Required Log Files
Analyse Incidents
Report on Incident Handling
Management Process and
Research Vital
Statistics
Supporting Activities
Core Process
+Legal Framework.
48
Undang-Undang No.36/1999 regarding National Telecommunication Industry
Peraturan Pemerintah No.52/2000 regarding Telecommunication Practices
Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006 regarding Security on IP-Based Telecommunication Network Management
Peraturan Menteri No.26/PER/M.KOMINFO/2007 regarding Indonesian Security Incident Response Team on Internet Infrastructure
New Cyberlaw on Information and Electronic Transaction
+Holistic Framework.
49
SECURE INTERNET INFRASTRUCTURE
ENVIRONMENT
People
Process
Technology
Log File Management
System
Traffic Monitoring
System
Incident Indication Analysis
Incident Response.
Management
Advisory Board
Executive Board
MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD
STAKEHOLDERS COLLABORATION AND SUPPORT
NATIONAL REGULATION AND GOVERNANCE
STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT
+Challenges to ID-SIRTII Activities.
n Prevention n “Securing” internet-based transactions n Reducing the possibilities of successful attacks n Working together with ISP to inhibit the distribution of illegal
materials
n Reaction n Preserving digital evidence for law enforcement purposes n Providing technical advisory for further mitigation process
n Quality Management n Increasing public awareness level n Ensuring security level in critical infrastructure institutions
50
+Work Philosophy.
Why does a car have BRAKES ??? The car have BRAKES so that it can go FAST … !!!
Why should we have regulation? Why should we establish institution? Why should we collaborate with others? Why should we agree upon mechanism? Why should we develop procedures? Why should we have standard? Why should we protect our safety? Why should we manage risks? Why should we form response team?
+
Welcome to the New World.
Congratulation!
Richardus Eko Indrajit [email protected]
Chairman of ID-SIRTII and APTIKOM