Kedaulatan dan Ketahanan Cyber Nasional

(Cyber-Security and Resilience)

DR. Edmon Makarim S.Kom, S.H., LL.M

Dosen Hukum Telematika FHUI

Internet & CyberSecurity

Apa yang menjadi sumberdaya

Internet ?

• IP address

• Domain Name

• Aplikasi dan konten

• Data Pribadi ?

Siapa saja Actors di Internet ???

No Central Authorization:

• IAB (Internet Architectural Board)

• ISOC (Internet Society)

• IETF (Internet Engineering Task Force)

• IRTF (Internet Research Task Force)

• ISTF (Internet Societal Task Force)

• IANA (Internet Assigned Numbers Authority) => ICANN

(Internet Corporations for Assigned Name and Numbers)

Evolusi Bangsa: Identitas & Kultur

PEACEFUL

+

WELFAREWAR SOUVEREIGNTY vs SUPREMACY

Amanat Konstitusi dan Deklarasi InternetBahwa sesungguhnya kemerdekaan itu ialah hak segala bangsa

dan oleh sebab itu, maka penjajahan di atas dunia harus dihapuskan,

karena tidak sesuai dengan perikemanusiaan dan perikeadilan.

Dan perjuangan pergerakan kemerdekaan Indonesia telah

sampailah kepada saat yang berbahagia dengan selamat sentausa

mengantarkan rakyat Indonesia ke depan pintu gerbang kemerdekaan

Negara Indonesia, yang merdeka, bersatu, berdaulat, adil dan

makmur.

Atas berkat rakhmat Allah Yang Maha Kuasa dan dengan

didorongkan oleh keinginan luhur, supaya berkehidupan kebangsaan

yang bebas, maka rakyat Indonesia menyatakan dengan ini

kemerdekaannya.

Kemudian dari pada itu untuk membentuk suatu Pemerintah

Negara Indonesia yang melindungi segenap bangsa Indonesia dan

seluruh tumpah darah Indonesia dan untuk memajukan kesejahteraan

umum, mencerdaskan kehidupan bangsa, dan ikut melaksanakan

ketertiban dunia yang berdasarkan kemerdekaan, perdamaian abadi

dan keadilan sosial, maka disusunlah Kemerdekaan Kebangsaan

Indonesia itu dalam suatu UndangUndang Dasar Negara Indonesia,

yang terbentuk dalam suatu susunan Negara Republik Indonesia yang

berkedaulatan rakyat dengan berdasarkan kepada Ketuhanan Yang

Maha Esa, Kemanusiaan Yang Adil dan Beradab, Persatuan Indonesia

dan Kerakyatan yang dipimpin oleh hikmat kebijaksanaan dalam

Permusyawaratan/ Perwakilan, serta dengan mewujudkan suatu

Keadilan sosial bagi seluruh rakyat Indonesia.

Kedaulatan dalam Cyber ?• Internet (network of the networks) => adalah wujud konvergensi teknologi

informasi, media dan komunikasi dalam suatu bentuk jaringan

komunikasi global yang terbuka dan terdistribusi, menawarkan

kemudahan dan kecepatan namun sejak awal rentan akan keamanan,

dan warisan produk pertahanan Negara lain.

• Apakah yang menjadi kepentingan hukum bangsa dan Negara thp

keberadaan cyberspace (Hak Warga Negara dan Kewajiban pemerintah):• Akses warga Negara kepada internet sekarang diyakini sebagai bagian dari HAM

• Penyelenggaraan cyberspace nasional yang sesuai dengan cita-cita bangsa dan

tujuan nasional (merdeka, bersatu, berdaulat, adil & makmur).

• Hukum, manajemen dan teknis => Melindungi semua asset bangsa yang terhubung

dengan internet (pribadi, perusahaan dan Negara)

• Meningkatkan daya saing dan daya tahan => nilai manfaat harus lebih besar dari

biaya => pengaruh Indonesia keluar harus lebih kuat dari pada pengaruh luar yang

masuk kedalam

• Kedaulatan Bangsa dan Negara terhadap Kepentingan Nasional =>

Keamanan Nasional/Ketahanan Nasional

Ref: Michael Mac Neil

Kedaulatan & Yurisdiksi

• Ability of states to

exert control over

their territory

• Ability of states to

exclude other states

from exerting control

• Sovereignty exerted

through

• Legislative acts

• Executive acts

• Courts

• Sovereignty undermined?

Pressures towards common

denominators –eg. Data

havens / long-arm regulation

• Sovereignty Enhanced?

Increased opportunities for

monitoring and surveillance

• Sovereignty Transformed?

• Rise of supranational

institutions

• Privatization of regulation

• Lingkup Umum: => Perdata

atau Pidana

o Jurisdiction to

prescribe

o Jurisdiction to

adjudicate

o Jurisdiction to enforce

o Faktor2 yang diperhatikan:

• Territoriality => location

of acts, tools, persons,

results, etc.

• Personality =>

perpetrator or victim

• Interest => country

interest or universality

Hak Menentukan Nasib sendiri dan memberlakukan

sistem hukumnya => menjaga kepentingan

nasionalnya baik kedalam maupun keluar

Ketahanan Nasional

Landasan:

• Idiil => Pancasila

• Konstitusional => UUD Negara RI 1945

• Konseptual Wawasan NusantaraAsas:- Kesejahteraan dan

Keamanan

- Komperhensif, Integral,

Menyeluruh dan Terpadu

- Mawas Kedalam dan Mawas

Keluar

- Asas Kekeluargaan

Sifat:- Mandiri

- Dinamis

- Wibawa

- Konsultasi dan

Kerjasama

Asta Gatra:- Tri Gatra (geografi, kekayaan alam,

penduduk)

- Panca Gatra (Ideologi,Politik,

Ekonomi, Sosial Budaya, HanKam

• Apakah kita sudah punya sistem utk

digital object identifier utk orang, device

dan network serta sistem keautentikan

nasional (bgmn dgn crypto product ?)

• Apakah ada national proxy sendiri ?

Cyberwarfare & Int’l Humanitarian Law• Piagam PBB

All members shall refrain in their international relations

from the threat or use of force against the territorial

integrity or political independence of any state, or in any

other manner inconsistent with the Purposes of the

United Nations.

• Use of Force and Armed Attack: use of severity, immediacy,

directness, invasiveness, measurability, presumptive

legitimacy (Michael Schimitt) + Additional Protocol I

Geneva, acts of violence against the adversary, whether in

offence or in defence

• Combatttan

• Civilian

• Person yang dilarang untuk diserang

• Objek yang tidak boleh diserang

• Unnecessery Suffering

• Esensi dari Int’l Humanitarian Law adalah perlindungan

terhadap nilai2 kemanusiaan

Tallinn manual =>

• Secara hukum internasional Cyberspace tidak

menihilkan Kedaulatan setiap Negara, baik kedalam

maupun keluar: States are free to exercise control and jurisdiction (Rule X)

on the basis of sovereignty over objects, persons and

activities involving cyberspace, that is, over all three layers

(physical,logical and social layers). Therefore, to suggest

that cyberspace is excluded from the reach of sovereignty

is incorrect as a matter of law.

• manual yang dibuat oleh NATO dalam tataran

akademis bersama dengan berbagai macam Expert,

mencoba menafsirkan bagaimana hukum

Internasional berlaku (lex lata) dalam konflik di

cyberspace, (jus ad bellum, jus in bello)

• cyber warfare are cyber weapon and their

associated cyber system;

• cyber warfare are the cyber tactics, techniques

and procedures by which hostilities are conducted

• Attack => cyber operation, whether offensive or

defensive, that is reasonably expected to cause injury

or death to person or damage or destruction to object.

• Cyber Operations not Per Se Regulated by

International Law

• Due Diligence + Countermeasures

UN-GGE 2010-2015 => ICT & Int’l SecurityIn paragraph 3 of its resolution 64/25, the

General Assembly invited all Member

States to continue to inform the

Secretary-General of their views and

assessments on the following

questions:

(a) General appreciation of the issues of

information security;

(b) Efforts taken at the national level to

strengthen information security and

promote international cooperation in

this field;

(c) The content of the concepts

mentioned in paragraph 2 of the

resolution;

(d) Possible measures that could be

taken by the international community

to strengthen information security at

the global level.

• Peaceful

• Open

• Free

• Secure

• Stable

• Accessible

• Growth

=====

• Inclusive

• Tolerant

• Accountable

• Multilateral

Management of

the global

resources for the

Global Wealth

UN Charter:

Kedaulatan negara;

persamaan kedaulatan;

penyelesaian sengketa

dengan cara damai;

menahan diri dari

ancaman atau

penggunaan kekerasan

dalam hubungan

internasional;

non-intervensi dalam

urusan internal negara

lain;

menghormati hak asasi

manusia dan

kebebasan

fundamental.

Limiting norms Good practices & positive duties

1. states should not knowingly allow their

territory to be used for internationally

wrongful acts using ICTs;

2. states should not conduct or knowingly

support ICT activity that intentionally

damages critical infrastructure;

3. states should take steps to ensure supply

chain security, and should seek to prevent

the proliferation of malicious ICT and the

use of harmful hidden functions;

4. states should not conduct or knowingly

support activity to harm the information

systems of another state’s emergency

response teams (CERT/CSIRTS) and

should not use their own teams for

malicious international activity;

5. states should respect the UN resolutions

that are linked to human rights on the

internet and to the right to privacy in the

digital age.

• states should cooperate to increase

stability and security in the use of ICTs

and to prevent harmful practices;

• states should consider all relevant

information in case of ICT incidents;

• states should consider how best to

cooperate to exchange information, to

assist each other, and to prosecute

terrorist and criminal use of ICTs;

• states should take appropriate measures

to protect their critical infrastructure;

• states should respond to appropriate

requests for assistance by other states

whose critical infrastructure is subject to

malicious ICT acts;

• states should encourage responsible

reporting of ICT vulnerabilities and should

share remedies to these.

Kesimpulan1. Kedaulatan di cyberspace => cyberdiplomacy adalah 3C (coordination, cooperation,

collaboration) untuk Open, Free, Secure, Inclusive, Tolerant and Growth.

2. Kedaulatan Bangsa/Rakyat => Identitas Bangsa dan Budaya serta Kemandirian.

3. Kedaulatan hukum negara untuk melindungi bangsanya selayaknya keluar mengikuti

kemanapun data pribadi warga negaranya berada dan digunakan.

4. Kedaulatan Rakyat, tidak hanya tanggung jawab Pemerintah melainkan juga semua

komponen bangsa (multistake-holders), Namun tetap harus berpijak pada amanat

pembukaan konstitusi => Merdeka, Berdaulat, Adil dan Makmur + Ketertiban Dunia,

Perdamaian Abadi dan Keadilan Sosial.

5. Meskipun secara teknis kita terbukti tidak punya hajat/ kemampuan untuk “menguasai”

cyber, namun faktanya Indonesia adalah persilangan kepentingan. Oleh karena itu

“Netralitas, Inclusive, Tolerant, Accountable dan demi Kesejahteraan Bersama”

selayaknya adalah agenda diplomasi Indonesia di cyberspace.

6. Apakah bangsa Indonesia telah memiliki birokrasi, pelaku usaha, dan masyarakat

madani yang memegang amanat konstitusi ? Bukankah dengan Public Private

Partnership justru sistem pertahanan negara di cyberspace ternyata didominasi oleh

para pelaku usaha bukan pemerintah? Bagaimanakah komitmen kita sbg anak bangsa?

Terima Kasih

• Mata =>

wawasan

• Lampu => ide

intelektual

• Senyum =>

Optimisme

• IC/processor =>

TIK

• Web =>

geostrategis

Nusantara

LAMPIRAN

Int’l Relationship + Diplomacy • Vienna Convention (1961) on Diplomatic Relations dan Vienna

Convention (1963) on Consular Relation

• Diplomacy is a key concept in world politics. It refers to a process of

communication and negotiation between states and other international

actors.

• Diplomacy began in the ancient world but took on a recognizably modern

form from the fifteenth century onwards with the establishment of the

permanent embassies.

• The main function of diplomacy is negotiation which broadly means

discussion designed to identify common interest and areas of conflict

between parties.

• A ‘traditional’ diplomacy system developed thereafter had some

distinctive features which can be summarized under the headings of

structure, process, and agenda.

Ref: Mirko Tasic (I17025)

New diplomacy World War I was a ‘watershed’ in the history of diplomacy.

The perceived failure of diplomacy to prevent this war led

to a demand for a ‘new’ diplomacy that would be less

secretive and more subject of democratic control. The

outbreak of World War II revealed the limits of the ‘new’

diplomacy.

Two important changes:

1. State were no longer the only actors involved.

2. Governments themselves were beginning to change in terms of the scope of their activities and the extend to which they sought to regulate the lives of their citizens.

Structure Process Agenda

• The nature of new

diplomacy as a process of

negotiation was also

changed.

• State continued to negotiate

bilaterally with each other

on a state-to-state basis,

but groups of states

negotiated multilaterally

through the auspices of

intergovernmental

organizations.

• The agenda of the new diplomacy contained a number of new issues.

• Avoidance of war became a priority.

• However diplomatic activities also began to focus more on economic, social, and welfare issues relating to material wellbeing. These became known as ‘low politics’ issues.

Ref: Mirko Tasic (I17025)

The diplomatic environment of the 21st century is marked by change and

uncertainty. These are set by:

» The expansion in the number and variety of international actors

empowered by the ICT and social media. These actors now extend

beyond traditional NGOs to more amorphous civil society groups.

» The development of a new international security agenda focused on the

security of the individual within the state and including issues such as

climate change or pandemic disease (e.g. Ebola) that go well beyond

traditional concepts of international security.

» The resurgence of more traditional geopolitical agendas as states compete

for power, resources or territory.

» The expansion of regulatory diplomatic agendas, enhanced by the global

financial crisis and demands for more effective banking regulation.

» The progressive fragmentation of the rules and norms governing

international political and trade relations as more confident emerging

states increasingly assert their own values and rules. One consequence is

the continuing weakening of multilateral institutions.Resources: Joseph Mifsud, London Academy of Diplomacy

Catatan Perbandingan: China & US1. First, mutual appreciation instead of mutual negating.

2. Second, mutual respect instead of confrontation and accusation.

3. Third, mutual governance instead of self-interest.

President Xi has called for a multilateral, democratic and transparent international Internet

governance system that upholds peace, security, openness and cooperation of

cyberspace. That is the common consensus of international cyberspace governance.

"No country can achieve absolute security without the overall security of

international cyberspace."

4. Fourth, mutual trust instead of mutual suspicion.

As the nation with the most Internet users in the world, China knows all too well the value

of a peaceful cyberspace. As the main victim of hacking, China understands too well the

importance of security. Our government has always opposed all forms of Internet attack.

On the issue of cybersecurity, China and the U.S. should increase communication,

deepen mutual trust, fight cybercrime, terrorism, hacking and invasions of privacy

together, and jointly protect intellectual property rights, making the Internet as the treasure

trove of Alibaba rather than a Pandora' s box. With wisdom and courage, cybersecurity will

not become a source of conflict in Sino-U.S. relations, but a new bright spot of

cooperation.

5. Fifth, win-win instead of zero-sum. Ref:

ITU cybersecurity# ITEM ELEMENTS OF A NATIONAL CYBERSECURITY

PROGRAMME

1. Top Government Cybersecurity Accountability Top

government leaders are accountable for devising a national

strategy and fostering local, national and global cross-sector

cooperation.

2. National Cybersecurity Coordinator An office or individual

oversees cybersecurity activities across the country.

3. National Cybersecurity Focal Point A multi-agency body

serves as a focal point for all activities dealing with the

protection of a nation’s cyberspace against all types of cyber

threats.

4. Legal Measures Typically, a country reviews and, if necessary,

drafts new criminal law, procedures, and policy to deter, respond

to and prosecute cybercrime.

5. National Cybersecurity Framework Countries typically adopt

a Framework that defines minimum or mandatory security

requirements on issues such as risk management and

compliance.

6. Computer Incident Response Team (CIRT) A strategy-led

programme contains incident management capabilities with

national responsibility. The role analyses cyber threat trends,

coordinates response and disseminates information to all

relevant stakeholders.

7. Cybersecurity Awareness and Education A national

programme should exist to raise awareness about cyber threats.

8. Public-Private Sector Cybersecurity partnership

Governments should form meaningful partnership with the

private sector.

9. Cybersecurity Skills and Training Programme A programme

should help train cybersecurity professionals.

10. International Cooperation Global cooperation is vital due to

the transnational nature of cyber threats.

On top of the five Pillars, the GCA contains seven strategic goals.

These are:

1) Elaboration of strategies for the development of a model

cybercrime legislation that is globally applicable and

interoperable with existing national and regional legislative

measures;

2) Elaboration of global strategies for the creation of appropriate

national and regional organisational structures and policies on

cybercrime;

3) Development of a strategy for the establishment of globally

accepted minimum security criteria and accreditation schemes

for hardware and software applications and systems;

4) Development of strategies for the creation of a global

framework for watch, warning and incident response to ensure

cross-border coordination between new and existing

initiatives;

5) Development of global strategies for the creation and

endorsement of a generic and universal digital identity

system and the necessary organisational structures to

ensure the recognition of digital credentials across

geographical boundaries;

6) Development of a global strategy to facilitate human and

institutional capacity building to enhance knowledge and

know-how across sectors and in all the abovementioned

areas; and

7) Proposals on a framework for a global multi-stakeholder

strategy for international cooperation, dialogue and

coordination in all the above-mentioned areas.

ASEAN ICT Master Plan => 2015-2020VISION AIM 2020

• Digitally-enabled Programmes for continual education and

upgrading to equip ASEAN citizens with the

latest infrastructure, technology, digital skill

sets, information, applications and services.

• Secure.A safe and trusted ICT environment in

ASEAN, providing reassurance in the online

environment by building trust in online

transactions via a robust infrastructure.

• SustainableResponsible & environmentally friendly use

of ICT.

• TransformativeA progressive environment for the disruptive

use of technology for ASEAN's social and

economic benefits.

• InnovativeA supportive entrepreneurial environment

that encourages innovative and novel uses

of ICT.

• Inclusive and IntegratedEmpowered and connected citizens and

stakeholders.

OUTCOMES 2020

1. Economic

Development &

Transformation

2. People Integration &

Empowerment through

ICT

3. Innovation

4. ICT Infrastructure

Development

5. Human Capital

Development

6. ICT in the Single

Market

7. New Media & Content

8. Information Security &

Assurance

ASEAN will build a trusted

digital ecosystem, so that

transactions and information

exchanges will be safe, secure,

and trustworthy.

Models Regulations of PKI

Cross Recognition

• Self-Regulation

=>communities PKI

• “Mesh” PKI =>

Peer-to-peer

• “bridge” CSP.

Identity &

e-transaction

Reformasi Hukum

Pasal 30

(1) Tiaptiap warga negara berhak dan wajib ikut serta dalam usaha

pertahanan dan keamanan negara. **)

(2) Usaha pertahanan dan keamanan negara dilaksanakan melalui

sistem pertahanan dan keamanan rakyat semesta oleh Tentara

Nasional Indonesia dan Kepolisian Negara Indonesia Republik

Indonesia, sebagai kekuatan utama, dan rakyat, sebagai kekuatan

pendukung. **)

(3) Tentara Nasional Indonesia terdiri atas Angkatan Darat, Angkatan

Laut dan Angkatan Udara sebagai alat negara bertugas

mempertahankan, melindungi, dan memelihara keutuhan dan

kedaulatan negara. **)

(4) Kepolisian Negara Republik Indonesia sebagai alat negara yang

menjaga keamanan dan ketertiban masyarakat bertugas

melindungi, mengayomi, melayani masyarakat, serta menegakkan

hukum. **)

(5) Susunan dan kedudukan Tentara Nasional Indonesia, Kepolisian

Negara Republik Indonesia, hubungan kewenangan Tentara

Nasional Indonesia dan Kepolisian Negara Republik Indonesia di

dalam menjalankan tugasnya, syaratsyarat keikutsertaan warga

negara dalam usaha pertahanan dan keamanan diatur dengan

undangundang. **)

UU 2/2002

Kepolisian

UU 34/2004 TNI

UU 16/2004

Kejaksaan

UU 48/2009 Kekuasaan Kehakiman

UU 3/2002

Pertahanan

Pasal 1

(1) Negara Indonesia ialah Negara Kesatuan, yang berbentuk Republik.

(2) Kedaulatan berada di tangan rakyat dan dilaksanakan menurut

UndangUndang Dasar. ***)

(3) Negara Indonesia adalah negara hukum. ***)

Konstitusi:

UU 17/2011 Intelijen

UU 11/2008 ITE

UU 14/2008 KIP

UU 16/2012 Indust.Han

UU 5/2014 ASN

HAN KAM TIBMAS

UU 23/2014 PemDa

UU 39/2008

Kementrian

UU 30/2014 Adm Pemth

UU 25/2009

Pelayanan Publik

UU 43/2009 Kearsipan

UU 39/99

HAM

UU 40/99

Pers

UU 36/99 Telekomunikasi

UU 43/2008

Wilayah Negara

UU 32/2002 Penyiaran