cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online:...
Transcript of cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online:...
![Page 1: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/1.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Cybersecurity Strategy
Budi Rahardjo@rahard
2021
![Page 2: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/2.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
VLSI/Security/Social Media/IoT/AI/Big Data
• Lecturer at ITB• Manage .ID domain 1997-
2005• Founder & chairman of
ID-CERT• Serial technopreneur
22021 BR - Security Strategy 2021
![Page 3: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/3.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 3
![Page 4: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/4.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Pemanfaatan Teknologi Informasi di Indonesia
• Ojek online: Gojek, Grab, {berbagai layanan ojek lokal}• Fintech: Gopay, Ovo, Dana, Jenius, ...• E-commerce: Tokopedia, Shopee, Bukalapak, Blibli, Lazada, ...• Travel: Traveloka, Tiket.com, ...• Komunikasi: WhatsApp, Telegram, Signal, ...• Media Sosial: Instagram, Facebook, Twitter, tiktok, ...• E-government: pajak,
Tingginya ketergantungan kita kepada IT
2021 BR - Security Strategy 2021 4
![Page 5: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/5.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Recent Security Cases in Indonesia
2021 BR - Security Strategy 2021 5
![Page 6: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/6.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
New WA Privacy Policy & Terms and Condition
2021 BR - Security Strategy 2021 6
![Page 7: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/7.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 7
![Page 8: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/8.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 8
![Page 9: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/9.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Kreditplus
2021 BR - Security Strategy 2021 9
![Page 10: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/10.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 10
![Page 11: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/11.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 11
![Page 12: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/12.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 12
![Page 13: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/13.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 13
![Page 14: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/14.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 14
![Page 15: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/15.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 15
![Page 16: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/16.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Siapa Yang Bertanggungjawab?
• Dalam setiap kasus, selalu pelanggan (nasabah) yang disudutkan• Ketika sebuah layanan terkena retas, maka pengguna yang harus
sibuk mengganti password
• Harus ada sanksi kepada penyedia jasa• Agar tidak lalai• Ada aspek kehati-hatian• Jera• (Secukupnya dan tidak terlalu memberatkan juga)
2021 BR - Security Strategy 2021 16
![Page 17: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/17.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Tanggap Darurat | Emergency Response
• Mulai diwajibkan keberadaan organisasi tanggap darurat (emergency response) di berbagai bidang yang dianggap kritis (critical infrastructure)• Bidang-bidang yang dianggap infrastruktur kritis• (Rancangan) Peraturan Badan Siber dan Sandi Negara tentang
Perlindungan Infrastruktur Informasi Kritis nasional• https://bssn.go.id/wp-content/uploads/2019/09/rancangan-Perban-
PIIKN-V6.pdf
2021 BR - Security Strategy 2021 17
![Page 18: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/18.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Sektor Infrastruktur Informasi Kritis Nasional
a) penegakan hukumb) energi dan sumber daya mineralc) transportasid) keuangan dan perbankane) kesehatanf) teknologi informasi dan komunikasig) pangan (pertanian)h) pertahanan dan industri strategisi) layanan darurat (sosial)j) sumber daya airk) pemerintah
2021 BR - Security Strategy 2021 18
![Page 19: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/19.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Strategy
2021 BR - Security Strategy 2021 19
![Page 20: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/20.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
#1: (Secruity) Information Sharing
• Problem: lack of information sharing• The need of information sharing & analysis center (ISAC)• Everybody is developing Security Operation Center (SOCs) and
Incident Response Teams (IRTs/emergency response team), but still not sharing information• The bad guys are sharing information!
• To do: Information sharing platform, standard & procedures
2021 BR - Security Strategy 2021 20
![Page 21: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/21.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM2021 BR - Security Strategy 2021 21
![Page 22: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/22.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
#2: Bulit-in Security (in new tech)
• Security is not considered when developing new technologies• It may be too late when considered
later• eg. attacked by vending machines
• Security must be built-in• Internet of Secure Things• ...
https://liveatpc.com/attacked-by-a-vending-machine-botnet-strikes-again-with-ddos-attack-on-university/
2021 BR - Security Strategy 2021 22
![Page 23: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/23.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
#3: Human Aspects: Awareness & Skills
“The man behind the gun”
• Security awareness for top management, because security is a top down initiative
• Increase in capability & capacity of technical personels
2021 BR - Security Strategy 2021 23
![Page 24: cybersecurity strategy 2021 updatebudi.rahardjo.id/files/br-ojk-2021-1.pdf · •Ojek online: Gojek, Grab, {berbagai layanan ojek lokal} •Fintech: Gopay, Ovo, Dana, Jenius, ...](https://reader035.fdocuments.in/reader035/viewer/2022062509/61065de9e9cd6a12005ed644/html5/thumbnails/24.jpg)
INDONESIA COMPUTER EMERGENCY RESPONSE TEAM
Concluding Remarks
• Ketergantungan akan teknologi informasi (dan teknologi lainnya) akan semakin meningkat• Aspek keamanan (security) akan tetap menjadi salah satu topik
yang utama• Cybersecurity strategy
• Information sharing• Built-in security• Human resources
2021 BR - Security Strategy 2021 24