cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •ojek online:...
TRANSCRIPT
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Cybersecurity Strategy
Budi Rahardjo@rahard
2021
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
VLSI/Security/Social Media/IoT/AI/Big Data
• Lecturer at ITB• Manage .ID domain 1997-
2005• Founder & chairman of
ID-CERT• Serial technopreneur
22021 BR - Security Strategy 2021
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 3
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Pemanfaatan Teknologi Informasi di Indonesia
• Ojek online: Gojek, Grab, {berbagai layanan ojek lokal}• Fintech: Gopay, Ovo, Dana, Jenius, ...• E-commerce: Tokopedia, Shopee, Bukalapak, Blibli, Lazada, ...• Travel: Traveloka, Tiket.com, ...• Komunikasi: WhatsApp, Telegram, Signal, ...• Media Sosial: Instagram, Facebook, Twitter, tiktok, ...• E-government: pajak,
Tingginya ketergantungan kita kepada IT
2021 BR - Security Strategy 2021 4
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Recent Security Cases in Indonesia
2021 BR - Security Strategy 2021 5
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
New WA Privacy Policy & Terms and Condition
2021 BR - Security Strategy 2021 6
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 7
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 8
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Kreditplus
2021 BR - Security Strategy 2021 9
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 10
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 11
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 12
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 13
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 14
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 15
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Siapa Yang Bertanggungjawab?
• Dalam setiap kasus, selalu pelanggan (nasabah) yang disudutkan• Ketika sebuah layanan terkena retas, maka pengguna yang harus
sibuk mengganti password
• Harus ada sanksi kepada penyedia jasa• Agar tidak lalai• Ada aspek kehati-hatian• Jera• (Secukupnya dan tidak terlalu memberatkan juga)
2021 BR - Security Strategy 2021 16
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Tanggap Darurat | Emergency Response
• Mulai diwajibkan keberadaan organisasi tanggap darurat (emergency response) di berbagai bidang yang dianggap kritis (critical infrastructure)• Bidang-bidang yang dianggap infrastruktur kritis• (Rancangan) Peraturan Badan Siber dan Sandi Negara tentang
Perlindungan Infrastruktur Informasi Kritis nasional• https://bssn.go.id/wp-content/uploads/2019/09/rancangan-Perban-
PIIKN-V6.pdf
2021 BR - Security Strategy 2021 17
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Sektor Infrastruktur Informasi Kritis Nasional
a) penegakan hukumb) energi dan sumber daya mineralc) transportasid) keuangan dan perbankane) kesehatanf) teknologi informasi dan komunikasig) pangan (pertanian)h) pertahanan dan industri strategisi) layanan darurat (sosial)j) sumber daya airk) pemerintah
2021 BR - Security Strategy 2021 18
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Strategy
2021 BR - Security Strategy 2021 19
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
#1: (Secruity) Information Sharing
• Problem: lack of information sharing• The need of information sharing & analysis center (ISAC)• Everybody is developing Security Operation Center (SOCs) and
Incident Response Teams (IRTs/emergency response team), but still not sharing information• The bad guys are sharing information!
• To do: Information sharing platform, standard & procedures
2021 BR - Security Strategy 2021 20
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 21
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
#2: Bulit-in Security (in new tech)
• Security is not considered when developing new technologies• It may be too late when considered
later• eg. attacked by vending machines
• Security must be built-in• Internet of Secure Things• ...
https://liveatpc.com/attacked-by-a-vending-machine-botnet-strikes-again-with-ddos-attack-on-university/
2021 BR - Security Strategy 2021 22
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
#3: Human Aspects: Awareness & Skills
“The man behind the gun”
• Security awareness for top management, because security is a top down initiative
• Increase in capability & capacity of technical personels
2021 BR - Security Strategy 2021 23
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Concluding Remarks
• Ketergantungan akan teknologi informasi (dan teknologi lainnya) akan semakin meningkat• Aspek keamanan (security) akan tetap menjadi salah satu topik
yang utama• Cybersecurity strategy
• Information sharing• Built-in security• Human resources
2021 BR - Security Strategy 2021 24