Special Presenta�on on 

Memberdayakan Sistem Teknologi Informasi untuk Mewujudkan 
Keamanan Informasi dalam Rangka Pelaksanaan Tugas Pokok TNI 
Konsep – Prinsip – Strategi – Implementasi – Tata Kelola 

Prof. Richardus Eko Indrajit 
Execu�ve Chairman of ID‐SIRTII 

 

eko@idsir�i.or.id 
indrajit@post.harvard.edu  

Internet and Crimes 

MENINGKAT 
SIGNIFIKAN !!! 

ID‐SIRTII Monitoring Analysis 

Agenda for Today 
  Cyber‐6: Revisi�ng the Global Trend on Internet 
  The Roles of ID‐SIRTII in the Na�on 
  Holis�c Approach on Comba�ng Cyber Crime 

Agenda for Today 
  Cyber‐6: Revisi�ng the Global Trend on Internet 
  The Roles of ID‐SIRTII in the Na�on 
  Holis�c Approach on Comba�ng Cyber Crime 

Knowledge Domain: The Cyber Six 

Cyber 
Space 
Cyber 
Law 

Cyber 
Threat 

Cyber 
Crime 

Cyber 
A�ack 
Cyber 
Security 

1 Cyberspace. 
  A reality community between 
PHYSICAL WORLD and 
ABSTRACTION WORLD 
  1.4 billion of real human 
popula�on (internet users) 
  Trillion US$ of poten�al 
commerce value 
  Billion business transac�ons 
per hour in 24/7 mode 

Internet is a VALUABLE thing indeed. 

Risk is embedded within. 
7 

Informa�on Roles 
  Why informa�on? 
–  It consists of important data and facts (news, reports, 
sta�s�cs, transac�on, logs, etc.) 
–  It can create percep�on to the public (market, poli�cs, 
image, marke�ng, etc.) 
–  It represents valuable assets (money, documents, 
password, secret code, etc.) 
–  It is a raw material of knowledge (strategy, plan, 
intelligence, etc.)  

What is Internet ? 
  A giant network of networks where people exchange 
informa�on through various different digital‐based ways: 

Email 

Mailing List 

Website 

Cha�ng 

Newsgroup 

Blogging 

E‐commerce 

E‐marke�ng 

E‐government 

“… what is the value of internet ???”

2 Cyberthreat. 
 

 

 

 

The trend has increased in
an exponential rate mode
Motives are vary from
recreational to criminal
purposes
Can caused significant
economic losses and
political suffers
Difficult to mitigate
web defacement

Threats are there to stay. 
Can’t do so much about it. 

SMTP relay
root access

information leakage

virus infection
theft
spamming

hoax

sql injection

phishing

intrusion

malware distribution
trojan horse

malicious software

spoofing

Dos/DDoS

botnet

worms

open proxy

password cracking

blended attack

10 

Interna�onal Issues 
  What Does FBI Say About Companies: 

– 
– 
– 
– 
– 

91% have detected employee abuse 
70% indicate the Internet as a frequent a�ack point 
64% have suffered financial losses 
40% have detected a�acks from outside 
36% have reported security incidents 

  
 Source: FBI Computer Crime and Security 

Survey 2001 

Professions Threat 

Knowledge Threats 

So�ware Tools Threat 

Vulnerabili�es‐dBase Threat 

Hacking‐dBase Threat 

Underground Economy 

Growing Vulnerabili�es 
Incidents and Vulnerabilities Reported to CERT/CC
4500

2500

“Through 2008, 90 percent of
successful hacker attacks
will exploit well-known software
vulnerabilities.”
”

2000

- Gartner*

3500
3000

140,000
120,000
100,000
80,000
60,000

1500
1000

40,000

500

20,000

0

0
1995

1996

1997

1998

1999

Vulnerabilities

2000

2001

2002

2003

2004

Security Incidents

* Gartner “CIO Alert: Follow Gartner’s Guidelines for Upda�ng Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003 
** As of  2004, CERT/CC no longer tracks Security Incident sta�s�cs. 

Total Security Incidents

Total Vulnerabilities

4000

160,000

Poten�al Threats 

Unstructured Threats 
 
 
 

 Insiders 
 Recrea�onal Hackers 
 Ins�tu�onal Hackers 

Structured Threats 
 
 
 

Organized Crime 
Industrial Espionage 
Hack�vists 

Na�onal Security Threats 
  Terrorists 
  Intelligence Agencies  
  Informa�on Warriors 

3 Cybera�ack. 
  Too many a�acks have been 
performed within the cyberspace. 
  Most are triggered by the cases in the 
real world. 
  The eternal wars and ba�les have 
been in towns lately. 
  Estonia notorious case has opened the 
eyes of all people in the world. 

A�ack can occur any�me and 
anyplace without no�ce. 

Case #1 

Case #2 

Case #3 

Case #4 

Case #5 

A�acks Sophis�ca�on 

Auto
Coordinated

Tools

Cross site scripting
“stealth”” / advanced
scanning techniques

High

packet spoofing denial of service

Intruder
Knowledge

sniffers
sweepers
GUI

Staged

distributed
attack tools
www attacks
automated probes/scans

back doors
network mgmt. diagnostics

disabling audits

hijacking
sessions

burglaries

exploiting known vulnerabilities

Attack
Sophistication

password cracking
self-replicating code
password guessing

Low
1980

1985

1990

1995

2005

Vulnerabili�es Exploit Cycle 

Novice Intruders
Use Crude
Exploit Tools

Crude
Exploit Tools
Distributed

Automated
Scanning/Exploit
Tools Developed
Widespread Use
of Automated
Scanning/Exploit
Tools

Advanced
Intruders
Discover New
Vulnerability
# Of 
Incidents 

Time 

Highest Exposure

Intruders
Begin
Using New
Types
of Exploits

File Management 

Microsoft Excel

URL Management 

URL

Directory Traversal Management 

Directory Traversal

Mailing List Management 

Email Reply

Live Camera Management 

Java Applet

Surveillance Camera Management 

Web Monitor

Security Camera Management 

Sony

Mul�ple Camera Management 

Multi Frame

4 Cybersecurity. 
  Lead by ITU for interna�onal 
domain, while some standards 
are introduced by different 
ins�tu�on (ISO, ITGI, ISACA, 
etc.) 
  “Your security is my security” 
– individual behavior counts 
while various collabora�ons 
are needed 

Educa�on, value, and ethics  
are the best defense approaches. 

Risk Management Aspect 

Threats

Exploi
t

Vulnerabilities

Protect
against

Controls

Expose

Reduce

Risk 

Assets

Met
by

Have

Security
Requirements

Asset
Values

Impact on
Organisation

Strategies for Protec�on 

Protecting Interactions

Protecting Information

Protecting Infrastructure

Physical Security Checklist 

Informa�on Security Checklist 

Mandatory Requirements 
  “Cri�cal infrastructures are those physical and cyber‐

based systems essen�al to the minimum opera�ons of 
the economy and government.  These systems are so 
vital, that their incapacity or destruc�on would have a 
debilita�ng impact on the defense or economic 
security of the na�on.” 
  Agriculture & Food, Banking & Finance, Chemical, 
Defense Industrial Base, Drinking Water and 
Wastewater Treatment Systems, Emergency Services, 
Energy, Informa�on Technology, Postal & Shipping, 
Public Health & Healthcare, Telecommunica�ons, 
Transporta�on Systems 

Informa�on Security Disciplines 
  Physical security 
  Procedural security 
  Personnel security 
  Compromising emana�ons security 
  Opera�ng system security 
  Communica�ons security 
 
 a failure in any of these areas can undermine the 
security of a system  

Best Prac�ce Standard 

BS7799/ISO17799

1 

Information
Security Policy

10 

Security
Organisation

Compliance

2 

9 

Bus. Continuity
Planning
8 

Integrity 

Confiden�ality 

Asset
Classification
Controls

3 

Informa�on 

System
Development &
Maint.

7 

Access
Controls

Personnel
Security

Availability 

Communication
& Operations
Mgmt

Physical
Security
6 

5 

4 

These Two Guys ….. 

versus

5 Cybercrime. 
 

 
 
 

Globally defined as INTERCEPTION,
INTERRUPTION, MODIFICATION, and
FABRICATION
Virtually involving inter national
boundaries and multi resources
Intentionally targeting to fulfill
special objective(s)
Convergence in nature with
intelligence efforts.
Crime has inten�onal objec�ves. 
Stay away from the bull’s eye. 

Type of A�acks 

Malicious Ac�vi�es 

Mo�ves of Ac�vi�es 
1. 
2. 
3. 
4. 

Thrill Seekers  
Organized Crime  
Terrorist Groups 
Na�on‐States 

6 Cyberlaw. 
 
 
 
 

Difficult to keep updated as
technology trend moves
Different stories between the
rules and enforcement efforts
Require various infrastructure,
superstructure, and resources
Can be easily “out-tracked” by
law practitioners

Cyberlaw is here to protect you. 
At least playing role in mi�ga�on. 

The Crime Scenes 

IT as a Tool

IT as a Storage Device

IT as a Target

First Cyber Law in Indonesia. 

Range of penalty:
  Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million)
  6 to 12 years in prison (jail)

starting from

25 March 2008

Picture: Indonesia Parliament in Session

Main Challenge. 

ILLEGAL
“… the distribution of
illegal materials within
the internet …”

ILLEGAL
“… the existence of
source with illegal
materials that can be
accessed through
the internet …”

Agenda for Today 
  Cyber‐6: Revisi�ng the Global Trend on Internet 
  The Roles of ID‐SIRTII in the Na�on 
  Holis�c Approach on Comba�ng Cyber Crime 

The Background 
It all starts from the hacking incident to the Na�onal Elec�on System in 2004: 
 
WHO should response to the NATIONAL LEVEL ICT incident ? 

HACKED !!!

The National Tabulation System

The Founda�on 
The Founders 

National Constitution UU No.36/1999
regarding National Telecommunication Industry
Ministry
of ICT

Government Regulation No.52/2000

ICT Professional
Association

regarding Telecommunication Practices
ISP
Association

Established on May 2006 as
the National CSIRT/CC of Indonesia
Minister of ICT Decree No.26/PER/M.KOMINFO/2007
regarding Indonesian Security Incident Response Team on Internet Infrastructure

National
Police

General
Attorney

Department
of Justice

The Mission 
To provide the society with a secure internet environment 

The Major Tasks 

Monitoring internet traffic for incident management 
 Managing traffic log files for law enforcement 
Advising cri�cal infrastructure ins�tu�ons 
 Educa�ng public on informa�on security aspect 
Conduc�ng training and development effort 
 Running simula�on laboratory and R&D center 
Genera�ng external and interna�onal collabora�ons 

The Main Ac�vi�es 

Core Process 

Cons�tuents 

Monitor 
Internet 
Traffic 

Analyse 
Incidents 
Response and 
Handle Incidents 
Deliver 
Required 
Log Files 

Manage 
Log Files 

Report on 
Incident 
Handling 
Management 
Process and 
Research 
Vital 
Sta�s�cs 

Suppor�ng Ac�vi�es 

Educate Public for Security Awareness 
Assist Ins�tu�ons in Managing Security 
Provide Training to Cons�tuency and Stakeholders 
Run Laboratory for Simula�on Prac�ces 
Establish External and Interna�onal Collabora�ons 

Customers 

The Cons�tuents 

ISPs 
 
NAPs 
 
IXs 
sponsor 
Government 
of Indonesia 

Law 
Enforcement 

ID-SIRTII

Na�onal 
Security 
Communi�es 

Interna�onal 
CSIRTs/CERTs 

The CERTs Topology 

ID-SIRTII (CC)
as National CSIRT

Sector CERT

Internal CERT

Vendors CERT

Community CERT

Bank CERT

Telkom CERT

Cisco CERT

A CERT

Airport CERT

SGU CERT

Microsoft CERT

B CERT

University CERT

Police CERT

Oracle CERT

C CERT

GOV CERT

KPK CERT

SUN CERT

D CERT

Military CERT

CIMB CERT

IBM CERT

Lemsaneg CERT

SOE CERT

KPU CERT

SAP CERT

PANDI CERT

SME CERT

Pertamina CERT

Yahoo CERT

Security FIRST

Hospital CERT

Kominfo CERT

Google CERT

Central Bank
CERT

Other CERTs

Other CERTs

Other CERTs

ID-CERT

The People 
Ministry of ICT
Directorate of
Post & Telecommunication

Inspection Board

Advisory Board

Chairman
Vice Chairman

General Secretary

Deputy of Operation
and Security

Deputy of Research
and Development

Deputy of Data Center,
Applications & Database

Deputy of Education
and Public Affairs

Deputy of External
Collaborations

with 25 Staff Employees 

The Technology 
Covering 80% of total internet traffic within the country … 

The Holis�c View 

SECURE INTERNET
INFRASTRUCTURE
ENVIRONMENT

MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD
People

Process

Technology

Advisory
Board

Preventive
and
Reactive

Traffic
Monitoring
System

Executive
Board

Quality
Mngt.
System

Log File
Management
System

STAKEHOLDERS COLLABORATION AND SUPPORT
NATIONAL REGULATION AND GOVERNANCE
STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT

Interna�onal Link and Partners 
 
 
 
 
 
 
 
 
 
 
 
 

MyCERT 
SingCERT 
ThaiCERT 
BrCERT 
VietnamCERT 
BangCERT 
JPCERT/CC 
KrCERT/CC 
APCERT 
FIRST/USA 
BhutanCERT 
CamCERT 

 
 

MMCERT 
MongCERT 

 

ChinaCERT 
KirzhistanCERT 

 

IndiaCERT 
UzbekCERT 

 
 
 
 

AzerbaijanCERT 

 

PhCERT 
SrilankaCERT 

 

Kiriba�CERT 
AusCERT 

 
 

OIC‐CERT 

The Headquarter 

Ravindo Tower  
17th Floor 
Kebon Sirih Kav. 75  
Jakarta 10340,  
Indonesia 

Work Philosophy 

Why does a car have BRAKES ???

The car have BRAKES so that it can go FAST … !!!

Why should we have regulation?
Why should we establish institution?
Why should we collaborate with others?
Why should we agree upon mechanism?
Why should we develop procedures?
Why should we have standard?
Why should we protect our safety?
Why should we manage risks?
Why should we form response team?

Agenda for Today 
  Cyber‐6: Revisi�ng the Global Trend on Internet 
  The Roles of ID‐SIRTII in the Na�on 
  Holis�c Approach on Comba�ng Cyber Crime 

Two Way Rela�onship 

Real 
World 

“Physical War””

Cyber 
Space 

“Virtual War””

Two Way Rela�onship 

Real 
World 

relate 

relate 

real interaction
real transaction
real resources
real people
flow of information
flow of product/services
flow of money

Cyber 
Space 

Two Way Rela�onship 

Ethics
Law

Real 
World 

Cyber 
Space 

Rule of Conduct
Mechanism

Cyber Law
“Ruling Cyber Space interaction with Real World Penalty”
”

Classic Defini�on of War 

WAR is here to stay…
“Can Cyber Law alone
become the weapon
for modern defense
against 21st century
Cyber Warfare & Cyber
Crime?”

Two Way Rela�onship 

Real 
World 

impact 

impact 

Cyber 
Space 

Two Way Rela�onship 

blackmail
threaten
destroy
attack

mess up

ruin

Real 
World 

penetrate

crime

destroy
terminate

 
 
 
 
 
 
Poli�cal 
Incidents 

 
 
 
 
 
 
Interna�onal 
Events 

 
 
 
 
 
 
Published 
Books 

Cyber 
Space 

disrupt

 
 
 
 
 
 
Training 
Materials 

 
 
 
 
 
 
Pirated         
Tools 

 
 
 
 
 
 
Community of 
Interests 

Two Way Rela�onship 

justify

suspect

sue
investigate

Real 
World 

 
 
 
 
 
 
Personal       
Blogs 

 
 
 
 
 
 
Ci�zen 
Journalism 

inspect

sabotage

condemn
examine

spy

gossip

 
 
 
 
 
 
Anonymous 
Interac�on 

Cyber 
Space 

perceive

 
 
 
 
 
 
Phishing and 
Forgery 

 
 
 
 
 
 
Campaign and 
Provoca�on 

 
 
 
 
 
 
Communi�es 
Reviews 

The Paradox of Increasing Internet Value 

internet  
users 

+ 

+ 

transac�on 
value 

+ 

interac�on 
frequency 

+ 

communi�es 
spectrum 

usage 
objec�ves 

= 

The Internet Value 
it means… 

threats 

a�acks 

crimes 

Internet Security Issues Domain 

  Internet is formed 
through connec�ng 
a set of digital‐
based physical 
technology that 
follows a good 
number of 
standards and 
protocols 
  All technical 
components 
(hardware and 
so�ware) interact 
to each other 
within a complex 
dependent… 

TECHNICAL 
ISSUES 

INTERNET 
SECURITY 

BUSINESS 
ISSUES 

SOCIAL 
ISSUES 

  What are interac�ng in the net are real people, not just a 
bunch of “intellectual machines” – by the end of the day, 
human mind, characters, behaviors, and values ma�er 
  It is not an “isolated world” that does not have any 
rela�onship with the real physical world 

  It is a part of 
business system as 
transac�ons and 
interac�ons are 
being conducted 
accordingly 
  As technology 
mimic, enable, 
drive, and 
transform the 
business, internet 
dependency is high 
  For the ac�vi�es 
that rely on �me 
and space – where 
resources and 
processes can be 
digitalized ‐ the 
network is the 
business 

Technical Trend Perspec�ve 
the phenomena… 

malicious 
code 

vulnerabili�es 

spam and 
spyware 

phishing and 
iden�fy the� 

�me to 
exploita�on 

the efforts… 

Intrusion Preven�on 
So�ware Patches 
Firewalls 
Malware Blocking 
Encryp�on and PKI 
An�spyware 
Network Access Control 
An�Virus 
Applica�on and Device Control 
Web and Email Security 

Business Trend Perspec�ve 
the context… 
 
 
 
 
 
Risk Management 
Prac�ces 

 
 
 
 
 
Cost Benefit 
Analysis 

 
 
 
 
 
Regulatory 
Compliance 

 
 
 
 
 
Governance 
Requirements 

 
 
 
 
 
Digital Asset 
Management 

 
 
 
 
 
Standard and  
Policy 
Enforcement 

the strategy… 

Archiving and Reten�on Management 
IT Audit  

Business Con�ngency Plan 
Chief Security Officer 

Security Management 
Technology Compliance 

Disaster Recovery Center 

ISO Compliance 

Standard Cer�fica�on 

Storage and Backup Management 

Backup and Recovery 

Applica�on and Device Control 

Social Trend Perspec�ve 
the characteris�cs… 

 
 
 
Computer 
Savvy Society 

 
 
 
Digital System 
Everywhere 

 
 
 
Free World, 
Open Market 

the choices… 

policy vs. design 

enforcement vs. culture 

 
 
 
Internet as 
New Fron�er 

pressure vs. educa�on 
reward vs. punishment 

standard vs. self control 
regula�on vs. ethical behavior 

 
 
 
Borderless 
Geography 

top‐down vs. bo�om‐up 

preven�on vs. reac�on 

The Core Rela�onships 
People 

(Social Aspects) 

Context/Content 
Applica�ons 
(Business Aspects) 

Technology 

(Technical Aspects) 

Converging Trend 

BUSINESS 

TECHNICAL 

ISSUES 

ISSUES 

SOCIAL 
ISSUES 

Internetworking Dependency 

Since the strength of a chain  
   depends on the weakest link, 
 
       then YOUR SECURITY is MY SECURITY… 

Things to Do 
1. 
2. 
3. 
4. 
5. 
6. 
7. 
8. 

Iden�fy your valuable assets 
Define your security perimeter  
Recognize all related par�es involved 
Conduct risk analysis and mi�ga�on strategy 
Ensure standard security system intact 
Ins�tu�onalize the procedures and mechanism 
Share the experiences among others 
Con�nue improving security quality 

Key ac�vi�es: use the THEORY OF CONSTRAINTS ! 
(Find the weakest link, and help them to 
increase their security performance and 
capabili�es…) 

What should we do? 
  Monitoring the dynamic environment happening in real world 
and cyber world?  
  Building effec�ve procedures and mechanism among 
ins�tu�ons responsible for these two worlds? 
  Forming interna�onal framework for collabora�on and 
coopera�on to combat cyber crimes? 
  Finding the most fast and effec�ve methodology to educate 
society on cyber security? 
  Developing and adop�ng mul�‐lateral cyber law conven�on? 
  Ac�ng like intelligence agencies? Interpol? Detec�ves? 
CSIRTs/CERTs? ASEAN? United Na�ons? 

Lessons Learned 
  As the value of internet increase, so does the risk of having it 
in our life. 
  Hackers and crackers help each others, why shouldn’t we 
collaborate? 
  Enough talking and planning, start execu�ng your risk 
management strategy… 

Beware … 

Thank You 

Prof. Richardus Eko Indrajit 

Chairman of ID‐SIRTII and APTIKOM 

 

indrajit@post.harvard.edu  
www.eko‐indrajit.com