Id‐SIRTIndonesia Security Incidents Response Team on Internet Infrastructure

Id‐SIRTIndonesia Security Incidents Response Team on Internet Infrastructure

Telecommunication Regulatory Body 

of Indonesia

Gunawan Hutagalung, MTHead of Tariff and Interconnect SectionDirectorate Telecommunications – DG PostelTelecommunication Regulatory Body of IndonesiaEmail : hutagalung@postel.go.id

Background

2

Telecommunication Regulatory Body of 

Indonesia

Cyber Crime Cases in Indonesiadecreasing national competitive advantage

Vulnerabilities on Critical Infrastructurethreats on national security and people’s life

Slow Adoption on Internet Usageloss opportunities on economic growth

Absence of Strong Internet Security System tendency of hindering internet‐based activities

Challenge on Law Enforcement Practicesincreasing numerous attacks on internet infrastructure

Notorious International Perceptionnegative image on the nation and society

Founders Telecommunication Regulatory Body of 

Indonesia

3

MASTEL Masyarakat Telematika Indonesia

APJII Asosiasi Penyelenggara Jasa Internet Indonesia

AWARI Asosiasi Warung Internet Indonesia

POLRI Kepolisian Republik Indonesia

KEJAGUNG Kejaksaan Agung

DITJEN POSTEL Direktorat Jenderal Pos dan Telekomunikasi

Indonesian Telematics Society

Indonesian ISP Association

Indonesian Internet Cafe Association

Indonesian Police Office

Indonesian Attorney General Office

DG Postel Indonesia

Regulations Telecommunication Regulatory Body of 

Indonesia

4

National Constitution Act UU No.36/1999regarding National Telecommunication Industry

Government Regulation PP No.52/2000regarding Telecommunication Practices

ICT Ministry Decree PERMEN No.26/PER/M.KOMINFO/2007regarding Indonesian Security Incident Response Team on Internet Infrastructure

National Constitution Act UU  No.11/2008

regarding Electronic Information and Transaction 

The Response team Telecommunication Regulatory Body of 

Indonesia

5

Independent Entity Representing Related Stakeholders PROFESSIONAL ‐ EXPERTS ‐ POLICE ‐ ATTORNEY ‐ GOVERNMENT ‐ ACADEMICIAN ‐ RESEARCHER ‐ PRACTITIONER

Triple Board Governance System ADVISORY BOARD ‐ EXECUTIVE BOARD ‐ INSPECTION BOARD

Lead National Scale InitiativesINTERNET SERVICE PROVIDERS AND RELATED PARTIES

Develop International Collaboration and CooperationINSTITUTION AND NATION BASED RESPONSE TEAMS AND OTHER RELATED BODIES

The Vision Telecommunication Regulatory Body of 

Indonesia

6

establishingCONDUCIVE and SECUREinternet environment

for Indonesia

The Mission Telecommunication Regulatory Body of 

Indonesia

7

to EXPEDITE internet growth through

PROMOTING security awarenessMONITORING incident potentialsSUPPORTING law enforcementPROVIDING technical assistance

The tasks Telecommunication Regulatory Body of 

Indonesia

1. EDUCATE stakeholders on security management

2. MONITOR traffic, DETECT incidents, and DELIVER early warning

3. GATHER, ORGANISE, STORE, and MANAGE log files 

4. RESPONSE to stakeholders enquiries on internet security

5. DEVELOP simulation laboratories and training centres

6. PROVIDE technical advisory and consultancy

7. CONDUCT international collaborations and co‐operations

8

The exclussion Telecommunication Regulatory Body of 

Indonesia

Do not record or evaluate CONTENT

implementation of and protected by INDIVIDUAL PRIVACY ACT

UU No.36/1999 Article 40 on “Illegal Interception”

only monitor TRAFFIC PATTERNS and manage LOG FILES

to detect

9

threats and to support law enforcement

Internet                     Traffic Behaviors

Source, Destination, Protocol, Port, Time Stamp

The mechanism Telecommunication Regulatory Body of 

Indonesia

AnalysePatternsand

DetectIndicationSignals

10

AnalysePatternsand

DetectIndicationSignals

Collect andManage Log Files

from ISPs

Collect andManage Log Files

from ISPs

Monitor InternetTraffic on IXPsand NAPs

Monitor InternetTraffic on IXPsand NAPs

AlertRelated

InstitutionsregardingIncident

Occurrences

AlertRelated

InstitutionsregardingIncident

Occurrences

ProvideStakeholderswith Log Files

Record

ProvideStakeholderswith Log Files

Record

ProvideStakeholders withTraffic Patterns

Record

ProvideStakeholders withTraffic Patterns

Record

ReceiveFormalRequestsfrom

NationalAuthorities

ReceiveFormalRequestsfrom

NationalAuthorities

Analyse Incident Indication Response Incident Management

Develop training programs and research laboratories for societiesDevelop training programs and research laboratories for societies

Engage national and international collaborations with related partiesEngage national and international collaborations with related parties

Support stakeholders with technical information services and supportSupport stakeholders with technical information services and support

The process taxonomy Telecommunication Regulatory Body of 

Indonesia

ID‐SIRTII

11

ID‐SIRTII

1. CORE PROCESS1. CORE PROCESS 2. SUPPORTINGACTIVITIES

2. SUPPORTINGACTIVITIES

1.1 LOG FILEMANAGEMENT1.1 LOG FILE

MANAGEMENT1.2 INTERNETTRAFFIC MNGT.1.2 INTERNETTRAFFIC MNGT.

2.1 TRAININGCONDCUT

2.1 TRAININGCONDCUT

2.2  RESEARCH ANDDEVELOPMENT

2.2  RESEARCH ANDDEVELOPMENT

2.3 INFO SUPPORTSERVICES

2.3 INFO SUPPORTSERVICES

2.4 EXTERNALCOLLABORATION2.4 EXTERNAL

COLLABORATION

1.1.1Collect

1.1.2Organise

1.1.3Store

1.1.4Retrieve

1.1.5Transfer

1.1.6Distribute

1.1.7Archieve

1.2.1Gather

1.2.2Monitor

1.2.3Analyse

1.2.4Detect

1.2.5Inform

1.2.6Distribute

1.2.7Archieve

2.1.1Plan

2.1.2Offer

2.1.3Register

2.1.4Execute

2.1.5Evaluate

2.2.1Propose

2.2.2Study

2.2.3Report

2.2.4Plan

2.2.5Execute

2.2.6Evaluate

2.3.1Require

2.3.2Prepare

2.3.3Inform

2.3.4Execute

2.3.5Evaluate

2.3.6Learn

2.4.1Explore

2.4.2Propose

2.4.3Correspond

2.4.4Engage

2.4.5Plan

2.4.6Execute

2.4.7Evaluate

ID‐SIRTII

1. CORE PROCESS2. SUPPORTINGACTIVITIES

1.1 LOG FILEMANAGEMENT

1.2 INTERNETTRAFFIC MNGT.

2.1 TRAININGCONDCUT

2.2  RESEARCH ANDDEVELOPMENT

2.3 INFO SUPPORTSERVICES

2.4 EXTERNALCOLLABORATION

1.1.1Collect

1.1.2Organise

1.1.3Store

1.1.4Retrieve

1.1.5Transfer

1.1.6Distribute

1.1.7Archieve

1.2.1Gather

1.2.2Monitor

1.2.3Analyse

1.2.4Detect

1.2.5Inform

1.2.6Distribute

1.2.7Archieve

2.1.1Plan

2.1.2Offer

2.1.3Register

2.1.4Execute

2.1.5Evaluate

2.2.1Propose

2.2.2Study

2.2.3Report

2.2.4Plan

2.2.5Execute

2.2.6Evaluate

2.3.1Require

2.3.2Prepare

2.3.3Inform

2.3.4Execute

2.3.5Evaluate

2.3.6Learn

2.4.1Explore

2.4.2Propose

2.4.3Correspond

2.4.4Engage

2.4.5Plan

2.4.6Execute

2.4.7Evaluate

The Consequences Telecommunication Regulatory Body of 

Indonesia

12

Operator ‐ NAP ‐ IXP ‐ ISPobligation to record logs and to monitor traffic

stated in the contract with customers

Close User Group networkobligation to record logs and users identity

Hot Spot and Internet Cafeobligation to record users identity

The enforcement Telecommunication Regulatory Body of 

Indonesia

13

Operator ‐ NAP ‐ IXP ‐ ISPadministrative sanctions (from warning to license revocation)

Close User Group networkbased on the contract agreement

Hot Spot and Internet CafeIP address block

CASE(s)

lead to

Legal and Law Enforcement

The topology Telecommunication Regulatory Body of 

Indonesia

14

The tools Telecommunication Regulatory Body of 

Indonesia

15

The organization Telecommunication Regulatory Body of 

Indonesia

Deputy of Operationand Security

16

Deputy of Operationand Security

Deputy of Data Center,Applications & DatabaseDeputy of Data Center,Applications & Database

Deputy of Researchand DevelopmentDeputy of Researchand Development

Deputy of Educationand Public Affairs

Deputy of Educationand Public Affairs

Deputy of ExternalCollaborations

Deputy of ExternalCollaborations

ChairmanChairman

Vice ChairmanVice Chairman General SecretaryGeneral Secretary

Inspection BoardInspection Board Advisory BoardAdvisory Board

Ministry of ICTDirectorate of

Telco & Communication

Ministry of ICTDirectorate of

Telco & Communication

The holistic view Telecommunication Regulatory Body of 

Indonesia

SECURE INTERNET INFRASTRUCTUREENVIRONMENT

17

SECURE INTERNET INFRASTRUCTUREENVIRONMENT

PeoplePeople ProcessProcess TechnologyTechnology

LogDatabaseSystem

TrafficMonitoringSystem

IncidentIndicationAnalysis

IncidentMngt.Support

AdvisoryBoard

ExecutiveBoard

MONITOR ‐ANALYSIS ‐ YELL ‐DETECT ‐ALERT ‐ YIELDMONITOR ‐ANALYSIS ‐ YELL ‐DETECT ‐ALERT ‐ YIELD

STAKEHOLDERS COLLABORATION AND SUPPORTSTAKEHOLDERS COLLABORATION AND SUPPORT

NATIONAL REGULATION AND GOVERNANCENATIONAL REGULATION AND GOVERNANCE

STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENTSTRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT

The mitigation view Telecommunication Regulatory Body of 

Indonesia

18

id‐sirtii 

Thank You.Terima kasih!

Thank You.Terima kasih!Telecommunicatio

n Regulatory Body of Indonesia