Presentation is loading. Please wait.

Presentation is loading. Please wait.

PEG Towards a Secure e-Business Environment for Indonesia: id-FIRST Role in Industry Cooperation for Reporting Crimes and Sharing Threat Information By.

Published byForrest Waites Modified over 9 years ago

Similar presentations

Presentation on theme: "PEG Towards a Secure e-Business Environment for Indonesia: id-FIRST Role in Industry Cooperation for Reporting Crimes and Sharing Threat Information By."— Presentation transcript:

1 PEG Towards a Secure e-Business Environment for Indonesia: id-FIRST Role in Industry Cooperation for Reporting Crimes and Sharing Threat Information By Idris F Sulaiman PhD USAID ICT Advisor /Economist State Ministry of Communications and Information and Partnership for Economic Development (USAID-Government of Indonesia) Project Debriefing Seminar of Bangkok Conference on “Cybercrime Legislation and Enforcement Capacity Building” July 30, 2003, Jakarta The views expressed in this presentation are those of the authors and not necessarily those of USAID, the U.S. Government or the Government of Indonesia.

2 PEG Topics 1) Introduction: –APEC Cybersecurity Strategy 2) Some lessons learnt from Bangkok Conference: –A Key Building Block of Cybersecurity: Private Sector Participation Information sharing & Trusted networks Standards setting & C ode of C onduct 3) Concluding comments 1) Introduction: –APEC Cybersecurity Strategy 2) Some lessons learnt from Bangkok Conference: –A Key Building Block of Cybersecurity: Private Sector Participation Information sharing & Trusted networks Standards setting & C ode of C onduct 3) Concluding comments

3 PEG APEC Cyber Security Strategy Comprehensive approach: 5 initiatives, with action items - basis of the country ’ s efforts on cybercrime and critical infrastructure protection (managed by eSecurity Task Group (e-STG part of Business Facilitation Steering Group, APECTel 26, Moscow, Aug 19-23, 2002) nLegal developments nInformation sharing and cooperation nSecurity and technical guidelines nPublic awareness and education nWireless security Head of States of APEC has approved the strategy in October 2003 with commitments to some deadlines

4 PEG Implementing The Cyberstrategy LEGAL DEV ’ T: (1) Enactment of E-Transaction Law (RUU-ITE) (2) Enforcement Capacity Building: IT / Cybercrime Unit, National Police (POLRI-BARESKRIM) and Jakarta Metro Police ’ s Cybercrime Unit are building their forensic capabilities and training investigator specialists (3) Need for Awareness Building: Law that is not known is not enforced …. Law that is not enforced is not a (real) law... INFO SHARING AND COOPERATION: Partnership for Critical Infrastructure Protection (US) or Trusted Information Sharing Network (Australia), to share: –Business continuity plans –Consequence management –Information system attacks and vulnerabilities –Cybercrime information sharing –Protection of key sites from attack or sabotage TRUST-IS- #1-ISSUE

5 PEG Implementing “ Info ” Sharing In Australia

6 PEG Implementing the Cyberstrategy: What are the responsibilities of CERTs? provide advice to on information systems' security matters –To its stakeholder (eg. ISP-CERT) –To the public establish an incident reporting scheme and liaise with the Police regarding incidents on an “exception” reporting basis –FIRST: Forum of Incidence Response and Security Teams - the global organization to which most major CERTs subscribe (www. first.org)

7 PEG Implementing Security Standards: Anti-cybercrime Code Of Conduct Australian example on: http://www.iia.net.au/cybercrimecode.html Consultations with industry, law enforcement and Privacy Commissioner Scheduled for release August 2003 Cooperative liaison between ISPs and Law Enforcement Agencies

8 PEG Implementing Security Standards: Code Of Conduct Objectives Establish a cooperative working environment between ISPs and LEAs Provide clear guidelines to the satisfaction of both industry and LEAs Provide a transparent mechanism for the handling of LEA’s investigations for the Internet industry Promote positive relations between the LEAs and the Internet industry.

9 PEG Implementing Security Standards: Code Of Conduct Principles The Code should be technology neutral Requirements should be fair to all concerned Requirements should not adversely affect economic viability The privacy of customers’ details will be respected

10 PEG Implementing Security Standards: Code Of Conduct Issues Records retention –Balances industry cost and privacy with law enforcement requirements –Who bears of the burden to comply Access to calling line identity data –benefits law enforcement and ISPs Protocols and proformas for access requests –simplifies existing legal obligations

11 PEG IT Reporting Security Initiatives SURVIVAL OF THE FASTEST … The name of the game is “ speed ” reporting: –Cyber-speed is required to solve cybercrime (Vivienne Tan, Bangkok Aug,2003) InfraGuard (Est. 1996, US): creating Trust Networks between Industry & Gov ’ t UK ’ s “ Neighbourhood Watch ” - Warning, Advice and Reporting Points (WARPs) –Provides warning, advice and reporting services on Internet security-related matters –Similar to a CERT but without a capability for responding to incidents (other than providing advice) Information Sharing & Analysis Center (ISAC): –Conceived in US under PDD63 (1998) for coordination between organizations in each CNI sector (Energy, Banking/Finance, Telecommunications, Transport and others) –Examples in: IT, Banking & Telecom –Predictive ISACs do not normally share reports outside their own (paying) membership

12 PEG id-FIRST Background Forum for Awareness Raising F orum for I CT-incident R esponse and S ecurity T eams (id-FIRST) –Secure-Indonesia-FIRST.or.id –Forum of ICT-incident Reporting for Industry Associations (1st FTII: APJII, ASPILUKI, APKOMINDO, ANIMA, INDO-WLI other IAs to follow?) - possible WARPs/InfraGuards model –Links with Response Security Teams (ID-CERT & ID-ISP-CERT) Teams and others in each industry Current & Future services: –Mailing list abuse@apjii.or.id - statistics collection, new start! –Clearing house for information on Security Code of Conduct, Awareness Raising, Links with similar Forums abroad –Make “ business case ” for ICT “ insurance ” - Research on incidence of cybercrime and quantify the damage New PS Forum

13 PEG Concluding comments Some late-comer advantages for Indonesia and other developing countries on policy preparations work, examples: –Malaysia & Philippines (Cyberlaw “ gestation ” & evolution and the need for Business involvement in securing e-Business Env ’ t) –Hong Kong & Canada (Law Enforcement Equipment and Training to meet the needs for 24 hour by 7 days Network) –Australia, United States & UK (private-public sector cooperation) Cybersecurity is ‘ pro-active ’ and ‘ pre- emptive ’ - higher return than mere focus on ‘ reactive ’ but need “ business case ” Formulate an implementable cybersecurity strategy, “ step-by- step ” in each to realize an effective “ Roadmap ” need business involvement and “ real ” participation: nLegal developments nInformation sharing and cooperation nSecurity and technical guidelines nPublic awareness and education So What?

14 PEG URL references APEC Telecommunications and Information Working Group - APECTEL ( see http://www.apecsec.org.sg/ ) US National Strategy to Secure Cyberspace ( see http://www.cybersecurity.org/ ) Partnership for Critical Infrastructure Protection - this is a US public/private initiative in cybersecurity ( see http://www.pcis.org/ ) IT SECURITY TRAINING: developed in conjunction with TEL HumanResources Development Steering Group -Eight modules - Available free of charge for non-commercial purposes, Hosted by Idaho State University at http://apec.isu.edu eSTG Website: http://www.apectelwg.org/apec/atwg/preatg.html APEC Cybersecurity Strategy: http://www.apecsec.org.sg/download/tel/TEL_CyberSecurityRecmdn.pdf TELMIN Statement on the Security of Information and Communication Networks http://www.apectelwg.org/apec/are/telmin5sub03.html APEC Leaders Statement: http://www.apecsec.org.sg/download/pubs/LeadersStmtFightTerroNGrowth.pdf Dept of Commerce Critical Infrastructure Assurance Office (CIAO ) –Initiated a series of public cybersecurity meetings in several US cities ( see http://www.ciao.org )

15 PEG Terima Kasih - Thank You - Kop Kun Krap/Kah Please provide feedback to : Idris F. Sulaiman Tel: +62 21 520 1047 Fax: +62 21 521 0311 Email: idris@pegasus.or.idPlease provide feedback to : Idris F. Sulaiman Tel: +62 21 520 1047 Fax: +62 21 521 0311 Email: idris@pegasus.or.id Please download more information from: www.Secure-Indonesia-FIRST.or.id ( “ id-FIRST ” )Please download more information from: www.Secure-Indonesia-FIRST.or.id ( “ id-FIRST ” ) Related USAID ICT Projects/Activities:Related USAID ICT Projects/Activities: Partnership for Economic Growth (PEG) Project: www.pegasus.or.idPartnership for Economic Growth (PEG) Project: www.pegasus.or.id Economic, Law, Institutional & Professional Strengthening (ELIPS) Project : www.elips.or.idEconomic, Law, Institutional & Professional Strengthening (ELIPS) Project : www.elips.or.id The Asia Foundation, Indonesia: www.tafindo.orgThe Asia Foundation, Indonesia: www.tafindo.org USAID Indonesia : www.usaid.gov/idUSAID Indonesia : www.usaid.gov/id

Download ppt "PEG Towards a Secure e-Business Environment for Indonesia: id-FIRST Role in Industry Cooperation for Reporting Crimes and Sharing Threat Information By."

Similar presentations

Establishing a National Working Group on Trade Facilitation Challenges and Lessons Learned Presented by Elizabeth Tamale Ministry of Tourism, Trade and.

Establishing a National Working Group on Trade Facilitation Challenges and Lessons Learned Presented by Elizabeth Tamale Ministry of Tourism, Trade and.
STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION
1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.

1 ASEAN Regional Forum Meeting 28 – 30 April 2010 Bandar Seri Begawan, Brunei CERT-Ins Initiative on International Information Security Dr A S Kamble Director.
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
1 African ICT Roadmap to Achieve NEPAD Objectives Arusha, Tanzania, 1-3 April 2003 Roles of Government and ATU in the Implementation of NEPAD ICT objectives.

1 African ICT Roadmap to Achieve NEPAD Objectives Arusha, Tanzania, 1-3 April 2003 Roles of Government and ATU in the Implementation of NEPAD ICT objectives.
ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels
Towards a framework for integrated cross-border law enforcement initiatives Based on the Consultation Paper circulated to CACOLE in July 2008 by Public.

Towards a framework for integrated cross-border law enforcement initiatives Based on the Consultation Paper circulated to CACOLE in July 2008 by Public.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
CIAO.0209 - July 99 - 1 Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National.

CIAO July Critical Infrastructure Assurance Office Protecting America’s Cyberspace: Version 1.0 of the National Plan Jeffrey Hunker National.
GHS Conference for ASEAN Implementation Towards 2008 and Beyond 9-11 May 2007,Yakarta, Indonesia By: Lao Delegates Vientiane Capital City, Lao PDR.

GHS Conference for ASEAN Implementation Towards 2008 and Beyond 9-11 May 2007,Yakarta, Indonesia By: Lao Delegates Vientiane Capital City, Lao PDR.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.

SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
Strategy and Policy Unit: Current Activities and Future Tasks

Strategy and Policy Unit: Current Activities and Future Tasks
NIS Directive and NIS Platform

NIS Directive and NIS Platform
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
Counter-Terrorism Implementation Task Force (CTITF) Open Briefing to Member States 27 July 2010 Conference Room 2 NLB.

Counter-Terrorism Implementation Task Force (CTITF) Open Briefing to Member States 27 July 2010 Conference Room 2 NLB.

Similar presentations

Ads by Google