Id‐SIRTIndonesia Security Incidents Response Team on Internet Infrastructure
Id‐SIRTIndonesia Security Incidents Response Team on Internet Infrastructure
Telecommunication Regulatory Body
of Indonesia
Gunawan Hutagalung, MTHead of Tariff and Interconnect SectionDirectorate Telecommunications – DG PostelTelecommunication Regulatory Body of IndonesiaEmail : [email protected]
Background
2
Telecommunication Regulatory Body of
Indonesia
Cyber Crime Cases in Indonesiadecreasing national competitive advantage
Vulnerabilities on Critical Infrastructurethreats on national security and people’s life
Slow Adoption on Internet Usageloss opportunities on economic growth
Absence of Strong Internet Security System tendency of hindering internet‐based activities
Challenge on Law Enforcement Practicesincreasing numerous attacks on internet infrastructure
Notorious International Perceptionnegative image on the nation and society
Founders Telecommunication Regulatory Body of
Indonesia
3
MASTEL Masyarakat Telematika Indonesia
APJII Asosiasi Penyelenggara Jasa Internet Indonesia
AWARI Asosiasi Warung Internet Indonesia
POLRI Kepolisian Republik Indonesia
KEJAGUNG Kejaksaan Agung
DITJEN POSTEL Direktorat Jenderal Pos dan Telekomunikasi
Indonesian Telematics Society
Indonesian ISP Association
Indonesian Internet Cafe Association
Indonesian Police Office
Indonesian Attorney General Office
DG Postel Indonesia
Regulations Telecommunication Regulatory Body of
Indonesia
4
National Constitution Act UU No.36/1999regarding National Telecommunication Industry
Government Regulation PP No.52/2000regarding Telecommunication Practices
ICT Ministry Decree PERMEN No.26/PER/M.KOMINFO/2007regarding Indonesian Security Incident Response Team on Internet Infrastructure
National Constitution Act UU No.11/2008
regarding Electronic Information and Transaction
The Response team Telecommunication Regulatory Body of
Indonesia
5
Independent Entity Representing Related Stakeholders PROFESSIONAL ‐ EXPERTS ‐ POLICE ‐ ATTORNEY ‐ GOVERNMENT ‐ ACADEMICIAN ‐ RESEARCHER ‐ PRACTITIONER
Triple Board Governance System ADVISORY BOARD ‐ EXECUTIVE BOARD ‐ INSPECTION BOARD
Lead National Scale InitiativesINTERNET SERVICE PROVIDERS AND RELATED PARTIES
Develop International Collaboration and CooperationINSTITUTION AND NATION BASED RESPONSE TEAMS AND OTHER RELATED BODIES
The Vision Telecommunication Regulatory Body of
Indonesia
6
establishingCONDUCIVE and SECUREinternet environment
for Indonesia
The Mission Telecommunication Regulatory Body of
Indonesia
7
to EXPEDITE internet growth through
PROMOTING security awarenessMONITORING incident potentialsSUPPORTING law enforcementPROVIDING technical assistance
The tasks Telecommunication Regulatory Body of
Indonesia
1. EDUCATE stakeholders on security management
2. MONITOR traffic, DETECT incidents, and DELIVER early warning
3. GATHER, ORGANISE, STORE, and MANAGE log files
4. RESPONSE to stakeholders enquiries on internet security
5. DEVELOP simulation laboratories and training centres
6. PROVIDE technical advisory and consultancy
7. CONDUCT international collaborations and co‐operations
8
The exclussion Telecommunication Regulatory Body of
Indonesia
Do not record or evaluate CONTENT
implementation of and protected by INDIVIDUAL PRIVACY ACT
UU No.36/1999 Article 40 on “Illegal Interception”
only monitor TRAFFIC PATTERNS and manage LOG FILES
to detect
9
threats and to support law enforcement
Internet Traffic Behaviors
Source, Destination, Protocol, Port, Time Stamp
The mechanism Telecommunication Regulatory Body of
Indonesia
AnalysePatternsand
DetectIndicationSignals
10
AnalysePatternsand
DetectIndicationSignals
Collect andManage Log Files
from ISPs
Collect andManage Log Files
from ISPs
Monitor InternetTraffic on IXPsand NAPs
Monitor InternetTraffic on IXPsand NAPs
AlertRelated
InstitutionsregardingIncident
Occurrences
AlertRelated
InstitutionsregardingIncident
Occurrences
ProvideStakeholderswith Log Files
Record
ProvideStakeholderswith Log Files
Record
ProvideStakeholders withTraffic Patterns
Record
ProvideStakeholders withTraffic Patterns
Record
ReceiveFormalRequestsfrom
NationalAuthorities
ReceiveFormalRequestsfrom
NationalAuthorities
Analyse Incident Indication Response Incident Management
Develop training programs and research laboratories for societiesDevelop training programs and research laboratories for societies
Engage national and international collaborations with related partiesEngage national and international collaborations with related parties
Support stakeholders with technical information services and supportSupport stakeholders with technical information services and support
The process taxonomy Telecommunication Regulatory Body of
Indonesia
ID‐SIRTII
11
ID‐SIRTII
1. CORE PROCESS1. CORE PROCESS 2. SUPPORTINGACTIVITIES
2. SUPPORTINGACTIVITIES
1.1 LOG FILEMANAGEMENT1.1 LOG FILE
MANAGEMENT1.2 INTERNETTRAFFIC MNGT.1.2 INTERNETTRAFFIC MNGT.
2.1 TRAININGCONDCUT
2.1 TRAININGCONDCUT
2.2 RESEARCH ANDDEVELOPMENT
2.2 RESEARCH ANDDEVELOPMENT
2.3 INFO SUPPORTSERVICES
2.3 INFO SUPPORTSERVICES
2.4 EXTERNALCOLLABORATION2.4 EXTERNAL
COLLABORATION
1.1.1Collect
1.1.2Organise
1.1.3Store
1.1.4Retrieve
1.1.5Transfer
1.1.6Distribute
1.1.7Archieve
1.2.1Gather
1.2.2Monitor
1.2.3Analyse
1.2.4Detect
1.2.5Inform
1.2.6Distribute
1.2.7Archieve
2.1.1Plan
2.1.2Offer
2.1.3Register
2.1.4Execute
2.1.5Evaluate
2.2.1Propose
2.2.2Study
2.2.3Report
2.2.4Plan
2.2.5Execute
2.2.6Evaluate
2.3.1Require
2.3.2Prepare
2.3.3Inform
2.3.4Execute
2.3.5Evaluate
2.3.6Learn
2.4.1Explore
2.4.2Propose
2.4.3Correspond
2.4.4Engage
2.4.5Plan
2.4.6Execute
2.4.7Evaluate
ID‐SIRTII
1. CORE PROCESS2. SUPPORTINGACTIVITIES
1.1 LOG FILEMANAGEMENT
1.2 INTERNETTRAFFIC MNGT.
2.1 TRAININGCONDCUT
2.2 RESEARCH ANDDEVELOPMENT
2.3 INFO SUPPORTSERVICES
2.4 EXTERNALCOLLABORATION
1.1.1Collect
1.1.2Organise
1.1.3Store
1.1.4Retrieve
1.1.5Transfer
1.1.6Distribute
1.1.7Archieve
1.2.1Gather
1.2.2Monitor
1.2.3Analyse
1.2.4Detect
1.2.5Inform
1.2.6Distribute
1.2.7Archieve
2.1.1Plan
2.1.2Offer
2.1.3Register
2.1.4Execute
2.1.5Evaluate
2.2.1Propose
2.2.2Study
2.2.3Report
2.2.4Plan
2.2.5Execute
2.2.6Evaluate
2.3.1Require
2.3.2Prepare
2.3.3Inform
2.3.4Execute
2.3.5Evaluate
2.3.6Learn
2.4.1Explore
2.4.2Propose
2.4.3Correspond
2.4.4Engage
2.4.5Plan
2.4.6Execute
2.4.7Evaluate
The Consequences Telecommunication Regulatory Body of
Indonesia
12
Operator ‐ NAP ‐ IXP ‐ ISPobligation to record logs and to monitor traffic
stated in the contract with customers
Close User Group networkobligation to record logs and users identity
Hot Spot and Internet Cafeobligation to record users identity
The enforcement Telecommunication Regulatory Body of
Indonesia
13
Operator ‐ NAP ‐ IXP ‐ ISPadministrative sanctions (from warning to license revocation)
Close User Group networkbased on the contract agreement
Hot Spot and Internet CafeIP address block
CASE(s)
lead to
Legal and Law Enforcement
The organization Telecommunication Regulatory Body of
Indonesia
Deputy of Operationand Security
16
Deputy of Operationand Security
Deputy of Data Center,Applications & DatabaseDeputy of Data Center,Applications & Database
Deputy of Researchand DevelopmentDeputy of Researchand Development
Deputy of Educationand Public Affairs
Deputy of Educationand Public Affairs
Deputy of ExternalCollaborations
Deputy of ExternalCollaborations
ChairmanChairman
Vice ChairmanVice Chairman General SecretaryGeneral Secretary
Inspection BoardInspection Board Advisory BoardAdvisory Board
Ministry of ICTDirectorate of
Telco & Communication
Ministry of ICTDirectorate of
Telco & Communication
The holistic view Telecommunication Regulatory Body of
Indonesia
SECURE INTERNET INFRASTRUCTUREENVIRONMENT
17
SECURE INTERNET INFRASTRUCTUREENVIRONMENT
PeoplePeople ProcessProcess TechnologyTechnology
LogDatabaseSystem
TrafficMonitoringSystem
IncidentIndicationAnalysis
IncidentMngt.Support
AdvisoryBoard
ExecutiveBoard
MONITOR ‐ANALYSIS ‐ YELL ‐DETECT ‐ALERT ‐ YIELDMONITOR ‐ANALYSIS ‐ YELL ‐DETECT ‐ALERT ‐ YIELD
STAKEHOLDERS COLLABORATION AND SUPPORTSTAKEHOLDERS COLLABORATION AND SUPPORT
NATIONAL REGULATION AND GOVERNANCENATIONAL REGULATION AND GOVERNANCE
STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENTSTRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT