Cyber-6

Cyberspace – Cyberthreat – Cyberattack – Cybersecurity – Cybercrime – Cyberlaw

Six Aspect to Protect Critical

Infrastructures
 2

Knowledge Domain
Cyber
Space

Cyber Cyber
Law Threat

Cyber Cyber
Crime Attack

Cyber
Security

7/15/2010
 Cyber Space
Cyberspace – Cyberthreat – Cyberattack – Cybersecurity – Cybercrime – Cyberlaw
 4

Cyberspace

 A reality community
between PHYSICAL WORLD
and ABSTRACTION WORLD

 1.4 billion of real human

population (internet users)

 Trillion US$ of potential

commerce value

 Billion business transactions

per hour in 24/7 mode

Internet is a VALUABLE thing indeed.

Risk is embedded within.
 5

Posture of Internet
45 juta user tersebar di 18,000 pulau

7/15/2010
Internet Statistics
 Populasi Penduduk Indonesia 240,271,522 (akhir 2009)

  Lebih dari 300 ISP, 30 NAP, 3 IX (national internet

exchange)

 1 juta internet user (1999), 45 juta users (2010)

 100.000 internet subscribers (1999), 6 juta (2010)

 Lebih dari 25 juta pengunjung media online setiap hari!

 25 Gbit/s aggregate national traffic, 45 Gbit/s

international traffic
 7

Information Roles
 Kenapa Informasi Sangat Berharga?
 Memuat data and fakta penting (news, reports,
statistics, transaction, logs, dll.)
 Dapat menciptakan persepsi kepada publik
(market, politics, image, marketing, dll.)
 Merepresentasikan asset yang bernilai (money,
documents, password, secret code, etc.)
 Merupakan bahan dasar pengetahuan (strategy,
plan, intelligence, etc.)

7/15/2010
 8

Apakah Internet ?
 A giant network of networks where people
exchange information through various different
digital-based ways:

Email Mailing List Website

Chatting Newsgroup Blogging

E-commerce E-marketing E-government

“… what is the value of internet ???”

7/15/2010
 Cyber Threat
Cyberspace – Cyberthreat – Cyberattack – Cybersecurity – Cybercrime – Cyberlaw
 10

Cyber Threat

 Trend meningkat secara

exponensial

 Motivnya bervarisasi

 Dapat mengakibatkan
kerugian signifikan
terhadap ekonomi dan
politik

 Sulit untuk dilakukan

mitigasi
web defacement information leakage phishing intrusion Dos/DDoS

SMTP relay virus infection hoax malware distribution botnet open proxy

Threats are there to stay. root access theft sql injection trojan horse worms password cracking

Can’t do so much about it. spamming malicious software spoofing blended attack
 11

Underground Economy

7/15/2010
 12

Growing Vulnerabilities
Incidents and Vulnerabilities Reported to CERT/CC

4500 160,000
4000 “Through 2008, 90 percent of 140,000

Total Security Incidents

Total Vulnerabilities

3500 successful hacker attacks 120,000

3000 will exploit well-known 100,000
2500 software vulnerabilities.”
80,000
2000 - Gartner*
60,000
1500
1000 40,000

500 20,000
0 0
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004

Vulnerabilities Security Incidents

* Gartner “CIO Alert: Follow Gartner’s Guidelines for Updating Security on Internet Servers, Reduce Risks.” J. Pescatore,
February 2003
** As of 2004, CERT/CC no longer tracks Security Incident statistics.

7/15/2010
 13

Potential Threats
Unstructured Threats
 Insiders
 Recreational Hackers
 Institutional Hackers

Structured Threats
 Organized Crime
 Industrial Espionage
 Hacktivists

National Security Threats

 Terrorists
 Intelligence Agencies
 Information Warriors

7/15/2010
 Cyber Attack
Cyberspace – Cyberthreat – Cyberattack – Cybersecurity – Cybercrime – Cyberlaw
 15

Cyberattack

 Sudah sangat banyak serangan

yang dilakukan di cyberspace.

 Sebagian besar dipicu oleh

kejadian di dunia nyata.

 Kejadian Estonia telah

membuka mata masyarakat di
seluruh dunia.

7/15/2010
National Incidents
 1 juta event (potential attacks) setiap hari, sebagian
besar datang dari US dan China.

 Web deface menjadi aksi favorit.

 Cyber Fraud, Phising, Email Spam dll.

 Saling serang antar komunitas Indonesia dan Malaysia.

 Dll.
 17

International Issues
 BEIJING/OTTAWA (Reuters) - A cyber-espionage group based in southwest
China stole documents from the Indian Defense Ministry and emails from the
Dalai Lama's office, Canadian researchers said in a report on Tuesday.

 TORONTO (Reuters) - A China-based cyber spy network has hacked into

government and private systems in 103 countries, including those of many
Indian embassies and the Dalai Lama, an Internet research group said. After
initial investigations when the group widened it research it found that the
China-based cyber espionage had hacked computer systems of embassies of
India, Pakistan, Germany, Indonesia, Thailand, South Korea and many other
countries.

 (Reuters) The Chinese government is likely behind recent cyberattacks on

U.S. government Web sites and on U.S. companies in an apparent effort to
quash criticism of the government there, an expert on U.S. and Chinese
relations said. There's no conclusive proof that recent attacks on Google and
dozens of other U.S. companies are directed by the Chinese government, but
logic would point to official Chinese involvement, said Larry Wortzel, a
member of the U.S.-China Economic and Security Review Commission and a
former U.S. Army counterintelligence officer.

7/15/2010
 18

International Issues
 (Reuters) - Israel is using its civilian technological advances to enhance
cyberwarfare capabilities, the senior Israeli spymaster said on Tuesday in
a rare public disclosure about the secret program. Using computer
networks for espionage -- by hacking into databases -- or to carry out
sabotage through so-called "malicious software" planted in sensitive
control systems has been quietly weighed in Israel against arch-foes like
Iran.

 (Reuters) - North Korea's communications ministry was behind a series of

cyber attacks against South Korean and U.S. websites in July, the South's
spy chief was quoted Friday as saying. Dozens of major U.S. and South
Korean government and business sites were slowed or disabled with
traffic generated by malicious software planted on personal computers
unknown to their users. South Korean officials said at the time that North
Korea was a prime suspect.

7/15/2010
 19

Attacks Sophistication
Auto
Coordinated
Cross site scripting Tools
“stealth” / advanced
High scanning techniques
packet spoofing denial of service Staged
Intruder
distributed
Knowledge sniffers
attack tools
sweepers www attacks
automated probes/scans
GUI
back doors
disabling audits network mgmt. diagnostics
hijacking
burglaries sessions
exploiting known vulnerabilities
Attack password cracking
Sophistication
self-replicating code
password guessing
Low
1980 1985 1990 1995 2005

7/15/2010
 20

Vulnerabilities Exploit Cycle

Novice Intruders Automated
Use Crude Scanning/Exploit
Exploit Tools Tools Developed
Intruders
Begin
Crude Widespread Use Using New
Exploit Tools of Automated Types
Distributed Scanning/Exploit of Exploits
Tools

Advanced
Intruders
Discover New
Vulnerability

# Of
Incidents

Time Highest Exposure

7/15/2010
 21

Why Are Attacks so Often Successful

 Kurangnya deteksi, respons, dan eskalasi.

 Tidak ada kebijakan atau prosedur formal untuk

melakukan audit secara (pro) aktif dan/atau event
management.

 Kurangnya sistem authentication dan authorization.

 Tidak ada batasan2 secara logic maupun organinasi

dalam sebuah network.

7/15/2010
What are The Greatest 22

Challenges
 Cyber Security
Cyberspace – Cyberthreat – Cyberattack – Cybersecurity – Cybercrime – Cyberlaw
 24

Cybersecurity

 Lead by ITU for

international domain,
while some standards are
introduced by different
institution (ISO, COBIT,
ITIL, etc.)
 “Your security is my
security” – individual
behavior counts while
various collaborations are
needed
Education, value, and ethics
are the best defense approaches.
7/15/2010
 25

Strategies for Protection

Protecting Interactions

Protecting Information

Protecting Infrastructure

7/15/2010
 26

Mandatory Requirements
• “Critical infrastructures are those physical and cyber-
based systems essential to the minimum operations of
the economy and government. These systems are so
vital, that their incapacity or destruction would have a
debilitating impact on the defense or economic security
of the nation.”
• Banking & Finance, Agriculture & Food, Chemical,
Defense Industrial Base, Drinking Water and Wastewater
Treatment Systems, Emergency Services, Energy,
Information Technology, Postal & Shipping, Public Health
& Healthcare, Telecommunications, Transportation
Systems

7/15/2010
 27

Metode Evaluasi
 Complete Security Audit

 Confidentiality, Integrity, Availability

 Menggunakan standard (best practice)

 Dilakukan pihak independen

 Penetration Test :
 Black Box
 White Box
 Grey Box

 Hasil hanya snapshot saat itu

 Perlu dilakukan evaluasi berkala

7/15/2010
 28

System Under Test

 Topologi

 Network Element

 Application

7/15/2010
 29

Best Practice Standard

ISO/IEC 27001:2005 (Information technology - Security techniques -
Information Security Management Systems - Requirements) The
standard in the UK is dual numbered BS 7799-2:2005.
1
Information
10 Security Policy 2
Security
Compliance
Organisation
9
Asset 3
Bus. Continuity Integrity Confidentiality Classification
Planning
Controls
Information
8
System
Personnel
Development & 4
Availability Security
Maint.

Access Physical
7 Controls Communication Security 5
& Operations
Mgmt 6
7/15/2010
 Cyber Crime
Cyberspace – Cyberthreat – Cyberattack – Cybersecurity – Cybercrime – Cyberlaw
 31

Cybercrime

 Globally defined as INTERCEPTION,

INTERRUPTION, MODIFICATION, and
FABRICATION

 Virtually involving international

boundaries and multi resources

 Intentionally targeting to fulfill

special objective(s)

 Convergence in nature with

intelligence efforts.

Crime has intentional objectives.

Stay away from the bull’s eye.
7/15/2010
 32

Type of Attacks
 33

Motives of Activities
1. Thrill Seekers

2. Organized Crime

3. Terrorist Groups

4. Nation-States

7/15/2010
 Cyber Law
Cyberspace – Cyberthreat – Cyberattack – Cybersecurity – Cybercrime – Cyberlaw
 35

Cyberlaw

 Difficult to keep updated as

technology trend moves

 Different stories between the

rules and enforcement efforts

 Require various infrastructure,

superstructure, and resources

 Can be easily “out-tracked” by

law practitioners

Cyberlaw is here to protect you.

At least playing role in mitigation.
7/15/2010
 36

First Cyber Law in Indonesia.

Range of penalty:
• Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million)
• 6 to 12 years in prison (jail)

starting from
25 March 2008

Picture: Indonesia Parliament in Session

7/15/2010
 37

Main Challenge.
ILLEGAL
“… the distribution of
illegal materials within
the internet …”

ILLEGAL
“… the existence of
source with illegal
materials that can be
accessed through
the internet …”

7/15/2010
 ID-SIRTII
Indonesia Security Incident Response Team on Internet Infrastructure
 39

Legal Framework
Undang-Undang No.36/1999
regarding National Telecommunication Industry

New Cyberlaw on Information

and Electronic Transaction

Peraturan Pemerintah No.52/2000

regarding Telecommunication Practices

Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006

regarding Security on IP-Based Telecommunication Network Management

Peraturan Menteri No.26/PER/M.KOMINFO/2007

regarding Indonesian Security Incident Response Team on Internet Infrastructure
 40

Mission and Objectives

“ To expedite the economic growth of the country through providing
the society with secure internet environment within the nation ”

1. Monitoring internet traffic for incident handling purposes.

2. Managing log files to support law enforcement.

3. Educating public for security awareness.

4. Assisting institutions in managing security.

5. Providing training to constituency and stakeholders.

6. Running laboratory for simulation practices.

7. Establishing external and international collaborations.

 41

Team and Structure

Ministry of ICT
Directorate of
Post & Telecommunication

Inspection Board Advisory Board

General Secretary

Deputy of Operation Deputy of Research

and Security and Development

Deputy of Data Center,

Applications & Database

Deputy of Education Deputy of External

and Public Affairs Collaborations
 42

Topology Approach
 43

Lab Facilities

 Network/Incident Simulation
 Honeypot
 Malware Anlysis
 Digital Forensic
 Data Mining/Warehouse
 Terima Kasih

Indonesia Security Incident Response Team on Internet Infrastructure

Menara Ravindo 17th Floor, Jl. Kebon Sirih Kav. 75, Jakarta, Phone: 021 319 25551