KEAMANAN INFORMASI DAN INTERNET (1)
Special Presenta�on on
KEAMANAN INFORMASI DAN INTERNET
Konsep – Prinsip – Strategi – Implementasi – Tata Kelola
Prof. Richardus Eko Indrajit
Execu�ve Chairman of ID‐SIRTII
eko@idsir�i.or.id
www.EkoIndrajit.com
Apa yang harus DILAKUKAN ?
Apa yang harus DILAKUKAN ?
Apa yang harus DILAKUKAN ?
Apa yang harus DILAKUKAN ?
Apa yang harus DILAKUKAN ?
Apa yang harus DILAKUKAN ?
Fenomena LAMA, Perilaku BARU
Anak pertama lahir
Anak gadis dimarahin orang tua
Suami bertengkar dengan istri
Komputer dan telpon rusak
Pegawai naik pangkat
Pergi ke toilet di tempat publik
Silaturahmi keluarga saat hari raya
dan lain sebagainya
FUNGSI VERTIKAL : pengambilan keputusan
Fungsi Strategis TI
FUNGSI HORISONTAL: transaksi
Prinsip Pemanfaatan Teknologi Informasi #1
TI sebagai penunjang kegiatan operasional atau
transaksional
– Mengirimkan uang antar bank
– Memesan karcis pesawat
– Mengambil mata kuliah per semester
– Membeli pulsa telepon
– Mengak��an peralatan elektronik
dan lain sebagainya
Prinsip Pemanfaatan Teknologi Informasi #2
TI sebagai penunjang proses pengambilan keputusan
– Menyimpan dan mengorganisasikan data
– Mengolah dan merepresentasikan data
– Membuat laporan berkala maupun ad‐hoc
– Menjalankan skenario dan simulasi kompleks
– Mengelola informasi dan pengetahuan
dan lain sebagainya
Prinsip Pemanfaatan Teknologi Informasi #3
TI sebagai penunjang ak�vitas komunikasi dan
kolaborasi
– Mengirimkan dokumen dan berkas digital
– Melakukan pembicaraan lintas batas
– Menjalankan ak�vitas kooperasi virtual
– Mengunduh data dari beragam sumber
– Mengunggah informasi ke berbagai tempat
dan lain sebagainya
Kenyataan Tak Terabaikan
Dunia nyata dan dunia cyber telah saling berkonvergensi
saling melengkapi
Ak�vitas kegiatan sehari‐hari terjadi di kedua dunia tersebut
Jumlah interaksi antar individu dan ins�tusi/organisasi
meningkat secara signifikan
Jenis teknologi semakin beragam dan manusiawi
Potensi melakukan kegiatan intelijen berbasis digital semakin
besar (e.g. sudah dijalankan)
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
Holis�c Approach on Comba�ng Cyber Crime
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
Holis�c Approach on Comba�ng Cyber Crime
Knowledge Domain: The Cyber Six
Cyber
Space
Cyber
Law
Cyber
Threat
Cyber
Crime
Cyber
A�ack
Cyber
Security
1 Cyberspace.
A reality community between
PHYSICAL WORLD and
ABSTRACTION WORLD
1.4 billion of real human
popula�on (internet users)
Trillion US$ of poten�al
commerce value
Billion business transac�ons
per hour in 24/7 mode
Internet is a VALUABLE thing indeed.
Risk is embedded within.
17
Informa�on Roles
Why informa�on?
– It consists of important data and facts (news, reports,
sta�s�cs, transac�on, logs, etc.)
– It can create percep�on to the public (market, poli�cs,
image, marke�ng, etc.)
– It represents valuable assets (money, documents,
password, secret code, etc.)
– It is a raw material of knowledge (strategy, plan,
intelligence, etc.)
What is Internet ?
A giant network of networks where people exchange
informa�on through various different digital‐based ways:
Email
Mailing List
Website
Cha�ng
Newsgroup
Blogging
E‐commerce
E‐marke�ng
E‐government
“… what is the value of internet ???“
2 Cyberthreat.
The trend has increased in
an exponential rate mode
Motives are vary from
recreational to criminal
purposes
Can caused significant
economic losses and
political suffers
Difficult to mitigate
web defacement
Threats are there to stay.
Can’t do so much about it.
SMTP relay
root access
information leakage
virus infection
theft
spamming
hoax
sql injection
phishing
intrusion
malware distribution
trojan horse
malicious software
spoofing
Dos/DDoS
botnet
worms
open proxy
password cracking
blended attack
20
Interna�onal Issues
What Does FBI Say About Companies:
–
–
–
–
–
91% have detected employee abuse
70% indicate the Internet as a frequent a�ack point
64% have suffered financial losses
40% have detected a�acks from outside
36% have reported security incidents
Source: FBI Computer Crime and Security
Survey 2001
Professions Threat
Knowledge Threats
So�ware Tools Threat
Vulnerabili�es‐dBase Threat
Hacking‐dBase Threat
Underground Economy
Growing Vulnerabili�es
Incidents and Vulnerabilities Reported to CERT/CC
4500
2500
“Through 2008, 90 percent of
successful hacker attacks
will exploit well-known software
vulnerabilities.”
”
2000
- Gartner*
3500
3000
140,000
120,000
100,000
80,000
60,000
1500
1000
40,000
500
20,000
0
0
1995
1996
1997
1998
1999
Vulnerabilities
2000
2001
2002
2003
2004
Security Incidents
* Gartner CIO Alert: Follow Gartner’s Guidelines for Upda�ng Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003
** As of 2004, CERT/CC no longer tracks Security Incident sta�s�cs.
Total Security Incidents
Total Vulnerabilities
4000
160,000
Poten�al Threats
Unstructured Threats
Insiders
Recrea�onal Hackers
Ins�tu�onal Hackers
Structured Threats
Organized Crime
Industrial Espionage
Hack�vists
Na�onal Security Threats
Terrorists
Intelligence Agencies
Informa�on Warriors
3 Cybera�ack.
Too many a�acks have been
performed within the cyberspace.
Most are triggered by the cases in the
real world.
The eternal wars and ba�les have
been in towns lately.
Estonia notorious case has opened the
eyes of all people in the world.
A�ack can occur any�me and
anyplace without no�ce.
Internet and Crimes
MENINGKAT
SIGNIFIKAN !!!
ID‐SIRTII Monitoring Analysis
Case #1
Case #2
Case #3
Case #4
Case #5
A�acks Sophis�ca�on
Auto
Coordinated
Tools
Cross site scripting
” / advanced
stealth”
High
scanning techniques
packet spoofing denial of service
Intruder
Knowledge
sniffers
sweepers
GUI
Staged
distributed
attack tools
www attacks
automated probes/scans
back doors
network mgmt. diagnostics
disabling audits
hijacking
sessions
burglaries
exploiting known vulnerabilities
Attack
Sophistication
password cracking
self-replicating code
password guessing
Low
1980
1985
1990
1995
2005
Vulnerabili�es Exploit Cycle
Novice Intruders
Use Crude
Exploit Tools
Crude
Exploit Tools
Distributed
Automated
Scanning/Exploit
Tools Developed
Widespread Use
of Automated
Scanning/Exploit
Tools
Advanced
Intruders
Discover New
Vulnerability
# Of
Incidents
Time
Highest Exposure
Intruders
Begin
Using New
Types
of Exploits
File Management
Microsoft Excel
URL Management
URL
Directory Traversal Management
Directory Traversal
Mailing List Management
Email Reply
Live Camera Management
Java Applet
Surveillance Camera Management
Web Monitor
Security Camera Management
Sony
Mul�ple Camera Management
Multi Frame
4 Cybersecurity.
Lead by ITU for interna�onal
domain, while some standards
are introduced by different
ins�tu�on (ISO, ITGI, ISACA,
etc.)
Your security is my security”
– individual behavior counts
while various collabora�ons
are needed
Educa�on, value, and ethics
are the best defense approaches.
Risk Management Aspect
Threats
Exploi
t
Vulnerabilities
Protect
against
Controls
Expose
Reduce
Risk
Assets
Met
by
Have
Security
Requirements
Asset
Values
Impact on
Organisation
Strategies for Protec�on
Protecting Interactions
Protecting Information
Protecting Infrastructure
Physical Security Checklist
Informa�on Security Checklist
Mandatory Requirements
Cri�cal infrastructures are those physical and cyber‐
based systems essen�al to the minimum opera�ons of
the economy and government. These systems are so
vital, that their incapacity or destruc�on would have a
debilita�ng impact on the defense or economic
security of the na�on.”
Agriculture & Food, Banking & Finance, Chemical,
Defense Industrial Base, Drinking Water and
Wastewater Treatment Systems, Emergency Services,
Energy, Informa�on Technology, Postal & Shipping,
Public Health & Healthcare, Telecommunica�ons,
Transporta�on Systems
Informa�on Security Disciplines
Physical security
Procedural security
Personnel security
Compromising emana�ons security
Opera�ng system security
Communica�ons security
a failure in any of these areas can undermine the
security of a system
Best Prac�ce Standard
BS7799/ISO17799
1
Information
Security Policy
10
Security
Organisation
Compliance
2
9
Bus. Continuity
Planning
8
Integrity
Confiden�ality
Asset
Classification
Controls
3
Informa�on
System
Development &
Maint.
7
Access
Controls
Personnel
Security
Availability
Communication
& Operations
Mgmt
Physical
Security
6
5
4
These Two Guys …..
versus
5 Cybercrime.
Globally defined as INTERCEPTION,
INTERRUPTION, MODIFICATION, and
FABRICATION
Virtually involving inter national
boundaries and multi resources
Intentionally targeting to fulfill
special objective(s)
Convergence in nature with
intelligence efforts.
Crime has inten�onal objec�ves.
Stay away from the bull’s eye.
Type of A�acks
Malicious Ac�vi�es
Mo�ves of Ac�vi�es
1.
2.
3.
4.
Thrill Seekers
Organized Crime
Terrorist Groups
Na�on‐States
6 Cyberlaw.
Difficult to keep updated as
technology trend moves
Different stories between the
rules and enforcement efforts
Require various infrastructure,
superstructure, and resources
Can be easily out-tracked” by
law practitioners
Cyberlaw is here to protect you.
At least playing role in mi�ga�on.
The Crime Scenes
IT as a Tool
IT as a Storage Device
IT as a Target
First Cyber Law in Indonesia.
Range of penalty:
Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million)
6 to 12 years in prison (jail)
starting from
25 March 2008
Picture: Indonesia Parliament in Session
Main Challenge.
ILLEGAL
… the distribution of
illegal materials within
the internet …”
ILLEGAL
“… the existence of
source with illegal
materials that can be
accessed through
the internet …”
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
Holis�c Approach on Comba�ng Cyber Crime
The Background
It all starts from the hacking incident to the Na�onal Elec�on System in 2004:
WHO should response to the NATIONAL LEVEL ICT incident ?
HACKED !!!
The National Tabulation System
The Founda�on
The Founders
National Constitution UU No.36/1999
regarding National Telecommunication Industry
Ministry
of ICT
Government Regulation No.52/2000
ICT Professional
Association
regarding Telecommunication Practices
ISP
Association
Established on May 2006 as
the National CSIRT/CC of Indonesia
Minister of ICT Decree No.26/PER/M.KOMINFO/2007
regarding Indonesian Security Incident Response Team on Internet Infrastructure
National
Police
General
Attorney
Department
of Justice
The Mission
To provide the society with a secure internet environment
The Major Tasks
Monitoring internet traffic for incident management
Managing traffic log files for law enforcement
Advising cri�cal infrastructure ins�tu�ons
Educa�ng public on informa�on security aspect
Conduc�ng training and development effort
Running simula�on laboratory and R&D center
Genera�ng external and interna�onal collabora�ons
The Main Ac�vi�es
Core Process
Cons�tuents
Monitor
Internet
Traffic
Analyse
Incidents
Response and
Handle Incidents
Deliver
Required
Log Files
Manage
Log Files
Report on
Incident
Handling
Management
Process and
Research
Vital
Sta�s�cs
Suppor�ng Ac�vi�es
Educate Public for Security Awareness
Assist Ins�tu�ons in Managing Security
Provide Training to Cons�tuency and Stakeholders
Run Laboratory for Simula�on Prac�ces
Establish External and Interna�onal Collabora�ons
Customers
The Cons�tuents
ISPs
NAPs
IXs
sponsor
Government
of Indonesia
Law
Enforcement
ID-SIRTII
Na�onal
Security
Communi�es
Interna�onal
CSIRTs/CERTs
The CERTs Topology
ID-SIRTII (CC)
as National CSIRT
Sector CERT
Internal CERT
Vendors CERT
Community CERT
Bank CERT
Telkom CERT
Cisco CERT
A CERT
Airport CERT
SGU CERT
Microsoft CERT
B CERT
University CERT
Police CERT
Oracle CERT
C CERT
GOV CERT
KPK CERT
SUN CERT
D CERT
Military CERT
CIMB CERT
IBM CERT
Lemsaneg CERT
SOE CERT
KPU CERT
SAP CERT
PANDI CERT
SME CERT
Pertamina CERT
Yahoo CERT
Security FIRST
Hospital CERT
Kominfo CERT
Google CERT
Central Bank
CERT
Other CERTs
Other CERTs
Other CERTs
ID-CERT
The People
Ministry of ICT
Directorate of
Post & Telecommunication
Inspection Board
Advisory Board
Chairman
Vice Chairman
General Secretary
Deputy of Operation
and Security
Deputy of Research
and Development
Deputy of Data Center,
Applications & Database
Deputy of Education
and Public Affairs
Deputy of External
Collaborations
with 25 Staff Employees
The Technology
Covering 80% of total internet traffic within the country …
The Holis�c View
SECURE INTERNET
INFRASTRUCTURE
ENVIRONMENT
MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD
People
Process
Technology
Advisory
Board
Preventive
and
Reactive
Traffic
Monitoring
System
Executive
Board
Quality
Mngt.
System
Log File
Management
System
STAKEHOLDERS COLLABORATION AND SUPPORT
NATIONAL REGULATION AND GOVERNANCE
STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT
Interna�onal Link and Partners
MyCERT
SingCERT
ThaiCERT
BrCERT
VietnamCERT
BangCERT
JPCERT/CC
KrCERT/CC
APCERT
FIRST/USA
BhutanCERT
CamCERT
MMCERT
MongCERT
ChinaCERT
KirzhistanCERT
IndiaCERT
UzbekCERT
AzerbaijanCERT
PhCERT
SrilankaCERT
Kiriba�CERT
AusCERT
OIC‐CERT
The Headquarter
Ravindo Tower
17th Floor
Kebon Sirih Kav. 75
Jakarta 10340,
Indonesia
Work Philosophy
Why does a car have BRAKES ???
The car have BRAKES so that it can go FAST … !!!
Why should we have regulation?
Why should we establish institution?
Why should we collaborate with others?
Why should we agree upon mechanism?
Why should we develop procedures?
Why should we have standard?
Why should we protect our safety?
Why should we manage risks?
Why should we form response team?
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
Holis�c Approach on Comba�ng Cyber Crime
Two Way Rela�onship
Real
World
Cyber
Space
Physical War””
“Virtual War””
Two Way Rela�onship
Real
World
relate
relate
real interaction
real transaction
real resources
real people
flow of information
flow of product/services
flow of money
Cyber
Space
Two Way Rela�onship
Ethics
Law
Real
World
Cyber
Space
Rule of Conduct
Mechanism
Cyber Law
Ruling
Cyber Space interaction with Real World Penalty”
”
Classic Defini�on of War
WAR is here to stay…
“Can Cyber Law alone
become the weapon
for modern defense
against 21st century
Cyber Warfare & Cyber
Crime?“
Two Way Rela�onship
Real
World
impact
impact
Cyber
Space
Two Way Rela�onship
blackmail
threaten
destroy
attack
mess up
ruin
Real
World
penetrate
crime
destroy
terminate
Poli�cal
Incidents
Interna�onal
Events
Published
Books
Cyber
Space
disrupt
Training
Materials
Pirated
Tools
Community of
Interests
Two Way Rela�onship
justify
suspect
sue
investigate
Real
World
Personal
Blogs
Ci�zen
Journalism
inspect
sabotage
condemn
examine
spy
gossip
Anonymous
Interac�on
Cyber
Space
perceive
Phishing and
Forgery
Campaign and
Provoca�on
Communi�es
Reviews
The Paradox of Increasing Internet Value
internet
users
+
+
transac�on
value
+
interac�on
frequency
+
communi�es
spectrum
usage
objec�ves
=
The Internet Value
it means…
threats
a�acks
crimes
Internet Security Issues Domain
Internet is formed
through connec�ng
a set of digital‐
based physical
technology that
follows a good
number of
standards and
protocols
All technical
components
(hardware and
so�ware) interact
to each other
within a complex
dependent…
TECHNICAL
ISSUES
INTERNET
SECURITY
BUSINESS
ISSUES
SOCIAL
ISSUES
What are interac�ng in the net are real people, not just a
bunch of intellectual machines” – by the end of the day,
human mind, characters, behaviors, and values ma�er
It is not an “isolated world” that does not have any
rela�onship with the real physical world
It is a part of
business system as
transac�ons and
interac�ons are
being conducted
accordingly
As technology
mimic, enable,
drive, and
transform the
business, internet
dependency is high
For the ac�vi�es
that rely on �me
and space – where
resources and
processes can be
digitalized ‐ the
network is the
business
Technical Trend Perspec�ve
the phenomena…
malicious
code
vulnerabili�es
spam and
spyware
phishing and
iden�fy the�
�me to
exploita�on
the efforts…
Intrusion Preven�on
So�ware Patches
Firewalls
Malware Blocking
Encryp�on and PKI
An�spyware
Network Access Control
An�Virus
Applica�on and Device Control
Web and Email Security
Business Trend Perspec�ve
the context…
Risk Management
Prac�ces
Cost Benefit
Analysis
Regulatory
Compliance
Governance
Requirements
Digital Asset
Management
Standard and
Policy
Enforcement
the strategy…
Archiving and Reten�on Management
IT Audit
Business Con�ngency Plan
Chief Security Officer
Security Management
Technology Compliance
Disaster Recovery Center
ISO Compliance
Standard Cer�fica�on
Storage and Backup Management
Backup and Recovery
Applica�on and Device Control
Social Trend Perspec�ve
the characteris�cs…
Computer
Savvy Society
Digital System
Everywhere
Free World,
Open Market
the choices…
policy vs. design
enforcement vs. culture
Internet as
New Fron�er
pressure vs. educa�on
reward vs. punishment
standard vs. self control
regula�on vs. ethical behavior
Borderless
Geography
top‐down vs. bo�om‐up
preven�on vs. reac�on
The Core Rela�onships
People
(Social Aspects)
Context/Content
Applica�ons
(Business Aspects)
Technology
(Technical Aspects)
Converging Trend
BUSINESS
TECHNICAL
ISSUES
ISSUES
SOCIAL
ISSUES
Internetworking Dependency
Since the strength of a chain
depends on the weakest link,
then YOUR SECURITY is MY SECURITY…
Things to Do
1.
2.
3.
4.
5.
6.
7.
8.
Iden�fy your valuable assets
Define your security perimeter
Recognize all related par�es involved
Conduct risk analysis and mi�ga�on strategy
Ensure standard security system intact
Ins�tu�onalize the procedures and mechanism
Share the experiences among others
Con�nue improving security quality
Key ac�vi�es: use the THEORY OF CONSTRAINTS !
(Find the weakest link, and help them to
increase their security performance and
capabili�es…)
What should we do?
Monitoring the dynamic environment happening in real world
and cyber world?
Building effec�ve procedures and mechanism among
ins�tu�ons responsible for these two worlds?
Forming interna�onal framework for collabora�on and
coopera�on to combat cyber crimes?
Finding the most fast and effec�ve methodology to educate
society on cyber security?
Developing and adop�ng mul�‐lateral cyber law conven�on?
Ac�ng like intelligence agencies? Interpol? Detec�ves?
CSIRTs/CERTs? ASEAN? United Na�ons?
Lessons Learned
As the value of internet increase, so does the risk of having it
in our life.
Hackers and crackers help each others, why shouldn’t we
collaborate?
Enough talking and planning, start execu�ng your risk
management strategy…
Beware …
Thank You
Prof. Richardus Eko Indrajit
Chairman of ID‐SIRTII and APTIKOM
indrajit@post.harvard.edu
www.eko‐indrajit.com
KEAMANAN INFORMASI DAN INTERNET
Konsep – Prinsip – Strategi – Implementasi – Tata Kelola
Prof. Richardus Eko Indrajit
Execu�ve Chairman of ID‐SIRTII
eko@idsir�i.or.id
www.EkoIndrajit.com
Apa yang harus DILAKUKAN ?
Apa yang harus DILAKUKAN ?
Apa yang harus DILAKUKAN ?
Apa yang harus DILAKUKAN ?
Apa yang harus DILAKUKAN ?
Apa yang harus DILAKUKAN ?
Fenomena LAMA, Perilaku BARU
Anak pertama lahir
Anak gadis dimarahin orang tua
Suami bertengkar dengan istri
Komputer dan telpon rusak
Pegawai naik pangkat
Pergi ke toilet di tempat publik
Silaturahmi keluarga saat hari raya
dan lain sebagainya
FUNGSI VERTIKAL : pengambilan keputusan
Fungsi Strategis TI
FUNGSI HORISONTAL: transaksi
Prinsip Pemanfaatan Teknologi Informasi #1
TI sebagai penunjang kegiatan operasional atau
transaksional
– Mengirimkan uang antar bank
– Memesan karcis pesawat
– Mengambil mata kuliah per semester
– Membeli pulsa telepon
– Mengak��an peralatan elektronik
dan lain sebagainya
Prinsip Pemanfaatan Teknologi Informasi #2
TI sebagai penunjang proses pengambilan keputusan
– Menyimpan dan mengorganisasikan data
– Mengolah dan merepresentasikan data
– Membuat laporan berkala maupun ad‐hoc
– Menjalankan skenario dan simulasi kompleks
– Mengelola informasi dan pengetahuan
dan lain sebagainya
Prinsip Pemanfaatan Teknologi Informasi #3
TI sebagai penunjang ak�vitas komunikasi dan
kolaborasi
– Mengirimkan dokumen dan berkas digital
– Melakukan pembicaraan lintas batas
– Menjalankan ak�vitas kooperasi virtual
– Mengunduh data dari beragam sumber
– Mengunggah informasi ke berbagai tempat
dan lain sebagainya
Kenyataan Tak Terabaikan
Dunia nyata dan dunia cyber telah saling berkonvergensi
saling melengkapi
Ak�vitas kegiatan sehari‐hari terjadi di kedua dunia tersebut
Jumlah interaksi antar individu dan ins�tusi/organisasi
meningkat secara signifikan
Jenis teknologi semakin beragam dan manusiawi
Potensi melakukan kegiatan intelijen berbasis digital semakin
besar (e.g. sudah dijalankan)
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
Holis�c Approach on Comba�ng Cyber Crime
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
Holis�c Approach on Comba�ng Cyber Crime
Knowledge Domain: The Cyber Six
Cyber
Space
Cyber
Law
Cyber
Threat
Cyber
Crime
Cyber
A�ack
Cyber
Security
1 Cyberspace.
A reality community between
PHYSICAL WORLD and
ABSTRACTION WORLD
1.4 billion of real human
popula�on (internet users)
Trillion US$ of poten�al
commerce value
Billion business transac�ons
per hour in 24/7 mode
Internet is a VALUABLE thing indeed.
Risk is embedded within.
17
Informa�on Roles
Why informa�on?
– It consists of important data and facts (news, reports,
sta�s�cs, transac�on, logs, etc.)
– It can create percep�on to the public (market, poli�cs,
image, marke�ng, etc.)
– It represents valuable assets (money, documents,
password, secret code, etc.)
– It is a raw material of knowledge (strategy, plan,
intelligence, etc.)
What is Internet ?
A giant network of networks where people exchange
informa�on through various different digital‐based ways:
Mailing List
Website
Cha�ng
Newsgroup
Blogging
E‐commerce
E‐marke�ng
E‐government
“… what is the value of internet ???“
2 Cyberthreat.
The trend has increased in
an exponential rate mode
Motives are vary from
recreational to criminal
purposes
Can caused significant
economic losses and
political suffers
Difficult to mitigate
web defacement
Threats are there to stay.
Can’t do so much about it.
SMTP relay
root access
information leakage
virus infection
theft
spamming
hoax
sql injection
phishing
intrusion
malware distribution
trojan horse
malicious software
spoofing
Dos/DDoS
botnet
worms
open proxy
password cracking
blended attack
20
Interna�onal Issues
What Does FBI Say About Companies:
–
–
–
–
–
91% have detected employee abuse
70% indicate the Internet as a frequent a�ack point
64% have suffered financial losses
40% have detected a�acks from outside
36% have reported security incidents
Source: FBI Computer Crime and Security
Survey 2001
Professions Threat
Knowledge Threats
So�ware Tools Threat
Vulnerabili�es‐dBase Threat
Hacking‐dBase Threat
Underground Economy
Growing Vulnerabili�es
Incidents and Vulnerabilities Reported to CERT/CC
4500
2500
“Through 2008, 90 percent of
successful hacker attacks
will exploit well-known software
vulnerabilities.”
”
2000
- Gartner*
3500
3000
140,000
120,000
100,000
80,000
60,000
1500
1000
40,000
500
20,000
0
0
1995
1996
1997
1998
1999
Vulnerabilities
2000
2001
2002
2003
2004
Security Incidents
* Gartner CIO Alert: Follow Gartner’s Guidelines for Upda�ng Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003
** As of 2004, CERT/CC no longer tracks Security Incident sta�s�cs.
Total Security Incidents
Total Vulnerabilities
4000
160,000
Poten�al Threats
Unstructured Threats
Insiders
Recrea�onal Hackers
Ins�tu�onal Hackers
Structured Threats
Organized Crime
Industrial Espionage
Hack�vists
Na�onal Security Threats
Terrorists
Intelligence Agencies
Informa�on Warriors
3 Cybera�ack.
Too many a�acks have been
performed within the cyberspace.
Most are triggered by the cases in the
real world.
The eternal wars and ba�les have
been in towns lately.
Estonia notorious case has opened the
eyes of all people in the world.
A�ack can occur any�me and
anyplace without no�ce.
Internet and Crimes
MENINGKAT
SIGNIFIKAN !!!
ID‐SIRTII Monitoring Analysis
Case #1
Case #2
Case #3
Case #4
Case #5
A�acks Sophis�ca�on
Auto
Coordinated
Tools
Cross site scripting
” / advanced
stealth”
High
scanning techniques
packet spoofing denial of service
Intruder
Knowledge
sniffers
sweepers
GUI
Staged
distributed
attack tools
www attacks
automated probes/scans
back doors
network mgmt. diagnostics
disabling audits
hijacking
sessions
burglaries
exploiting known vulnerabilities
Attack
Sophistication
password cracking
self-replicating code
password guessing
Low
1980
1985
1990
1995
2005
Vulnerabili�es Exploit Cycle
Novice Intruders
Use Crude
Exploit Tools
Crude
Exploit Tools
Distributed
Automated
Scanning/Exploit
Tools Developed
Widespread Use
of Automated
Scanning/Exploit
Tools
Advanced
Intruders
Discover New
Vulnerability
# Of
Incidents
Time
Highest Exposure
Intruders
Begin
Using New
Types
of Exploits
File Management
Microsoft Excel
URL Management
URL
Directory Traversal Management
Directory Traversal
Mailing List Management
Email Reply
Live Camera Management
Java Applet
Surveillance Camera Management
Web Monitor
Security Camera Management
Sony
Mul�ple Camera Management
Multi Frame
4 Cybersecurity.
Lead by ITU for interna�onal
domain, while some standards
are introduced by different
ins�tu�on (ISO, ITGI, ISACA,
etc.)
Your security is my security”
– individual behavior counts
while various collabora�ons
are needed
Educa�on, value, and ethics
are the best defense approaches.
Risk Management Aspect
Threats
Exploi
t
Vulnerabilities
Protect
against
Controls
Expose
Reduce
Risk
Assets
Met
by
Have
Security
Requirements
Asset
Values
Impact on
Organisation
Strategies for Protec�on
Protecting Interactions
Protecting Information
Protecting Infrastructure
Physical Security Checklist
Informa�on Security Checklist
Mandatory Requirements
Cri�cal infrastructures are those physical and cyber‐
based systems essen�al to the minimum opera�ons of
the economy and government. These systems are so
vital, that their incapacity or destruc�on would have a
debilita�ng impact on the defense or economic
security of the na�on.”
Agriculture & Food, Banking & Finance, Chemical,
Defense Industrial Base, Drinking Water and
Wastewater Treatment Systems, Emergency Services,
Energy, Informa�on Technology, Postal & Shipping,
Public Health & Healthcare, Telecommunica�ons,
Transporta�on Systems
Informa�on Security Disciplines
Physical security
Procedural security
Personnel security
Compromising emana�ons security
Opera�ng system security
Communica�ons security
a failure in any of these areas can undermine the
security of a system
Best Prac�ce Standard
BS7799/ISO17799
1
Information
Security Policy
10
Security
Organisation
Compliance
2
9
Bus. Continuity
Planning
8
Integrity
Confiden�ality
Asset
Classification
Controls
3
Informa�on
System
Development &
Maint.
7
Access
Controls
Personnel
Security
Availability
Communication
& Operations
Mgmt
Physical
Security
6
5
4
These Two Guys …..
versus
5 Cybercrime.
Globally defined as INTERCEPTION,
INTERRUPTION, MODIFICATION, and
FABRICATION
Virtually involving inter national
boundaries and multi resources
Intentionally targeting to fulfill
special objective(s)
Convergence in nature with
intelligence efforts.
Crime has inten�onal objec�ves.
Stay away from the bull’s eye.
Type of A�acks
Malicious Ac�vi�es
Mo�ves of Ac�vi�es
1.
2.
3.
4.
Thrill Seekers
Organized Crime
Terrorist Groups
Na�on‐States
6 Cyberlaw.
Difficult to keep updated as
technology trend moves
Different stories between the
rules and enforcement efforts
Require various infrastructure,
superstructure, and resources
Can be easily out-tracked” by
law practitioners
Cyberlaw is here to protect you.
At least playing role in mi�ga�on.
The Crime Scenes
IT as a Tool
IT as a Storage Device
IT as a Target
First Cyber Law in Indonesia.
Range of penalty:
Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million)
6 to 12 years in prison (jail)
starting from
25 March 2008
Picture: Indonesia Parliament in Session
Main Challenge.
ILLEGAL
… the distribution of
illegal materials within
the internet …”
ILLEGAL
“… the existence of
source with illegal
materials that can be
accessed through
the internet …”
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
Holis�c Approach on Comba�ng Cyber Crime
The Background
It all starts from the hacking incident to the Na�onal Elec�on System in 2004:
WHO should response to the NATIONAL LEVEL ICT incident ?
HACKED !!!
The National Tabulation System
The Founda�on
The Founders
National Constitution UU No.36/1999
regarding National Telecommunication Industry
Ministry
of ICT
Government Regulation No.52/2000
ICT Professional
Association
regarding Telecommunication Practices
ISP
Association
Established on May 2006 as
the National CSIRT/CC of Indonesia
Minister of ICT Decree No.26/PER/M.KOMINFO/2007
regarding Indonesian Security Incident Response Team on Internet Infrastructure
National
Police
General
Attorney
Department
of Justice
The Mission
To provide the society with a secure internet environment
The Major Tasks
Monitoring internet traffic for incident management
Managing traffic log files for law enforcement
Advising cri�cal infrastructure ins�tu�ons
Educa�ng public on informa�on security aspect
Conduc�ng training and development effort
Running simula�on laboratory and R&D center
Genera�ng external and interna�onal collabora�ons
The Main Ac�vi�es
Core Process
Cons�tuents
Monitor
Internet
Traffic
Analyse
Incidents
Response and
Handle Incidents
Deliver
Required
Log Files
Manage
Log Files
Report on
Incident
Handling
Management
Process and
Research
Vital
Sta�s�cs
Suppor�ng Ac�vi�es
Educate Public for Security Awareness
Assist Ins�tu�ons in Managing Security
Provide Training to Cons�tuency and Stakeholders
Run Laboratory for Simula�on Prac�ces
Establish External and Interna�onal Collabora�ons
Customers
The Cons�tuents
ISPs
NAPs
IXs
sponsor
Government
of Indonesia
Law
Enforcement
ID-SIRTII
Na�onal
Security
Communi�es
Interna�onal
CSIRTs/CERTs
The CERTs Topology
ID-SIRTII (CC)
as National CSIRT
Sector CERT
Internal CERT
Vendors CERT
Community CERT
Bank CERT
Telkom CERT
Cisco CERT
A CERT
Airport CERT
SGU CERT
Microsoft CERT
B CERT
University CERT
Police CERT
Oracle CERT
C CERT
GOV CERT
KPK CERT
SUN CERT
D CERT
Military CERT
CIMB CERT
IBM CERT
Lemsaneg CERT
SOE CERT
KPU CERT
SAP CERT
PANDI CERT
SME CERT
Pertamina CERT
Yahoo CERT
Security FIRST
Hospital CERT
Kominfo CERT
Google CERT
Central Bank
CERT
Other CERTs
Other CERTs
Other CERTs
ID-CERT
The People
Ministry of ICT
Directorate of
Post & Telecommunication
Inspection Board
Advisory Board
Chairman
Vice Chairman
General Secretary
Deputy of Operation
and Security
Deputy of Research
and Development
Deputy of Data Center,
Applications & Database
Deputy of Education
and Public Affairs
Deputy of External
Collaborations
with 25 Staff Employees
The Technology
Covering 80% of total internet traffic within the country …
The Holis�c View
SECURE INTERNET
INFRASTRUCTURE
ENVIRONMENT
MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD
People
Process
Technology
Advisory
Board
Preventive
and
Reactive
Traffic
Monitoring
System
Executive
Board
Quality
Mngt.
System
Log File
Management
System
STAKEHOLDERS COLLABORATION AND SUPPORT
NATIONAL REGULATION AND GOVERNANCE
STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT
Interna�onal Link and Partners
MyCERT
SingCERT
ThaiCERT
BrCERT
VietnamCERT
BangCERT
JPCERT/CC
KrCERT/CC
APCERT
FIRST/USA
BhutanCERT
CamCERT
MMCERT
MongCERT
ChinaCERT
KirzhistanCERT
IndiaCERT
UzbekCERT
AzerbaijanCERT
PhCERT
SrilankaCERT
Kiriba�CERT
AusCERT
OIC‐CERT
The Headquarter
Ravindo Tower
17th Floor
Kebon Sirih Kav. 75
Jakarta 10340,
Indonesia
Work Philosophy
Why does a car have BRAKES ???
The car have BRAKES so that it can go FAST … !!!
Why should we have regulation?
Why should we establish institution?
Why should we collaborate with others?
Why should we agree upon mechanism?
Why should we develop procedures?
Why should we have standard?
Why should we protect our safety?
Why should we manage risks?
Why should we form response team?
Agenda for Today
Cyber‐6: Revisi�ng the Global Trend on Internet
The Roles of ID‐SIRTII in the Na�on
Holis�c Approach on Comba�ng Cyber Crime
Two Way Rela�onship
Real
World
Cyber
Space
Physical War””
“Virtual War””
Two Way Rela�onship
Real
World
relate
relate
real interaction
real transaction
real resources
real people
flow of information
flow of product/services
flow of money
Cyber
Space
Two Way Rela�onship
Ethics
Law
Real
World
Cyber
Space
Rule of Conduct
Mechanism
Cyber Law
Ruling
Cyber Space interaction with Real World Penalty”
”
Classic Defini�on of War
WAR is here to stay…
“Can Cyber Law alone
become the weapon
for modern defense
against 21st century
Cyber Warfare & Cyber
Crime?“
Two Way Rela�onship
Real
World
impact
impact
Cyber
Space
Two Way Rela�onship
blackmail
threaten
destroy
attack
mess up
ruin
Real
World
penetrate
crime
destroy
terminate
Poli�cal
Incidents
Interna�onal
Events
Published
Books
Cyber
Space
disrupt
Training
Materials
Pirated
Tools
Community of
Interests
Two Way Rela�onship
justify
suspect
sue
investigate
Real
World
Personal
Blogs
Ci�zen
Journalism
inspect
sabotage
condemn
examine
spy
gossip
Anonymous
Interac�on
Cyber
Space
perceive
Phishing and
Forgery
Campaign and
Provoca�on
Communi�es
Reviews
The Paradox of Increasing Internet Value
internet
users
+
+
transac�on
value
+
interac�on
frequency
+
communi�es
spectrum
usage
objec�ves
=
The Internet Value
it means…
threats
a�acks
crimes
Internet Security Issues Domain
Internet is formed
through connec�ng
a set of digital‐
based physical
technology that
follows a good
number of
standards and
protocols
All technical
components
(hardware and
so�ware) interact
to each other
within a complex
dependent…
TECHNICAL
ISSUES
INTERNET
SECURITY
BUSINESS
ISSUES
SOCIAL
ISSUES
What are interac�ng in the net are real people, not just a
bunch of intellectual machines” – by the end of the day,
human mind, characters, behaviors, and values ma�er
It is not an “isolated world” that does not have any
rela�onship with the real physical world
It is a part of
business system as
transac�ons and
interac�ons are
being conducted
accordingly
As technology
mimic, enable,
drive, and
transform the
business, internet
dependency is high
For the ac�vi�es
that rely on �me
and space – where
resources and
processes can be
digitalized ‐ the
network is the
business
Technical Trend Perspec�ve
the phenomena…
malicious
code
vulnerabili�es
spam and
spyware
phishing and
iden�fy the�
�me to
exploita�on
the efforts…
Intrusion Preven�on
So�ware Patches
Firewalls
Malware Blocking
Encryp�on and PKI
An�spyware
Network Access Control
An�Virus
Applica�on and Device Control
Web and Email Security
Business Trend Perspec�ve
the context…
Risk Management
Prac�ces
Cost Benefit
Analysis
Regulatory
Compliance
Governance
Requirements
Digital Asset
Management
Standard and
Policy
Enforcement
the strategy…
Archiving and Reten�on Management
IT Audit
Business Con�ngency Plan
Chief Security Officer
Security Management
Technology Compliance
Disaster Recovery Center
ISO Compliance
Standard Cer�fica�on
Storage and Backup Management
Backup and Recovery
Applica�on and Device Control
Social Trend Perspec�ve
the characteris�cs…
Computer
Savvy Society
Digital System
Everywhere
Free World,
Open Market
the choices…
policy vs. design
enforcement vs. culture
Internet as
New Fron�er
pressure vs. educa�on
reward vs. punishment
standard vs. self control
regula�on vs. ethical behavior
Borderless
Geography
top‐down vs. bo�om‐up
preven�on vs. reac�on
The Core Rela�onships
People
(Social Aspects)
Context/Content
Applica�ons
(Business Aspects)
Technology
(Technical Aspects)
Converging Trend
BUSINESS
TECHNICAL
ISSUES
ISSUES
SOCIAL
ISSUES
Internetworking Dependency
Since the strength of a chain
depends on the weakest link,
then YOUR SECURITY is MY SECURITY…
Things to Do
1.
2.
3.
4.
5.
6.
7.
8.
Iden�fy your valuable assets
Define your security perimeter
Recognize all related par�es involved
Conduct risk analysis and mi�ga�on strategy
Ensure standard security system intact
Ins�tu�onalize the procedures and mechanism
Share the experiences among others
Con�nue improving security quality
Key ac�vi�es: use the THEORY OF CONSTRAINTS !
(Find the weakest link, and help them to
increase their security performance and
capabili�es…)
What should we do?
Monitoring the dynamic environment happening in real world
and cyber world?
Building effec�ve procedures and mechanism among
ins�tu�ons responsible for these two worlds?
Forming interna�onal framework for collabora�on and
coopera�on to combat cyber crimes?
Finding the most fast and effec�ve methodology to educate
society on cyber security?
Developing and adop�ng mul�‐lateral cyber law conven�on?
Ac�ng like intelligence agencies? Interpol? Detec�ves?
CSIRTs/CERTs? ASEAN? United Na�ons?
Lessons Learned
As the value of internet increase, so does the risk of having it
in our life.
Hackers and crackers help each others, why shouldn’t we
collaborate?
Enough talking and planning, start execu�ng your risk
management strategy…
Beware …
Thank You
Prof. Richardus Eko Indrajit
Chairman of ID‐SIRTII and APTIKOM
indrajit@post.harvard.edu
www.eko‐indrajit.com