RFC 2350

1. Document Information

This document contains a description of ID-SIRTII/CC according to RFC 2350. It provides basic information about the ID-SIRTII/CC, the ways it can be contacted, describes its responsibilities and the services offered.

1.1 Date of Last Update

This is version 0.1 as of 2012/04/18.

1.2 Distribution List for Notifications

There is no distribution list for notifications as of 2012/04.

1.3 Locations where this Document May Be Found

The current version of this document can always be found at http://idsirtii.or.id/en/rfc-2350/. For validation purposes, a GPG signed ASCII version of this document is located at http://idsirtii.or.id/en/pgp-public-key/. The key used for signing is the ID-SIRTII/CC key as listed under 2.8.

2. Contact Information

2.1 Name of the Team

ID-SIRTII/CC (Indonesia Security Incident Response Team on Internet Infrastructure)/Coordination Center (CC)

2.2 Address

Ravindo Tower 17th floor
Kebon Sirih Road No. 75, Central Jakarta
Zip Code 10340, Indonesia.

2.3 Time Zone

We are located in Asia Jakarta (Indonesia West) time which is GMT+07:00.

2.4 Telephone Number

+62 21 3192 5551

2.5 Facsimile Number

+62 21 3193 5556

2.6 Other Telecommunication

Voice and Video Conferencing. IP address : 203.34.119.110

2.7 Electronic Mail Address

Please send incident reports to incident[at]idsirtii.or.id

Non-incident related mail should be addressed to info[at]idsirtii.or.id

2.8 Public Keys and Encryption Information

ID-SIRTII/CC uses a master signing key to sign all keys used for operational purposes. This trust anchor is:

Bits : 1024
Key ID : BE5BB5855708940F
Fingerprint : 1fa1 6655 936e 91ba 4593 3be3 be5b b585 5708 940f

—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.4.5 (GNU/Linux)

mQGiBEqLf2cRBAC4XTTZivXB1/llofQ8PmuHZKNOumpv3hdnoZQDjuLgHHHQIjRN
zP4ICI08EGL/ZCeLPUXaTui5Ty+ZKhwYVeFFpdSqAJ2jVCIUSZfhm7XI5prYTMSI
cfrFhUp4LHMRJfGYacFcr6zlJUh8/O/quwEWVDLANvlEDgkaJUImB2q6kwCgnkJ2
kf7V+FR/3Zv7MNM8DNdT+dsD/R3zUypwKtrjftwaThsmnInXyIRj3O3XCU9j8i2L
wODSHfI5/OMVbocQ6DtXwR9P+q+3EWlfkUrI5xxnAyHpefR2rGEM/UDyJzXLGyMm
qTa3I8D/tBF0z9WS+ZyK8IMdzoyt+UzQ2E9jg6Ajqa99et6GD7mBFcaDgUzOrA2Q
z8iZA/41X9Cm1LqETVD/3+wqjLgXxfHGeVe18m4BNrgA4GRSosqO5QaJIkBRFL8w
U0clEEQl44suuOx4BRb5fCEkUhpQKTr2GTgYr8Zi29CFAi1RZnhi+lmcmfmSqb0p
t6kXxZalKinlZGg3+dBElnP9KlCmvTZsU/+p4hPq2eaM2puU8bRNSURTSVJUSUkg
KEtleSBnZW5lcmF0ZWQgb24gcHVibGljIHdlYm1haWwgc2VydmVyKSA8YXBjZXJ0
LXJlcEBpZHNpcnRpaS5vci5pZD6IYAQTEQIAIAUCSot/ZwIbAwYLCQgHAwIEFQII
AwQWAgMBAh4BAheAAAoJEL5btYVXCJQPlSAAn0xeXhH9niBQrJuGRZZDWu3Jaux8
AJ9vkx8cSRmZCKLDZpWQRxlYFklS1LkBDQRKi39nEAQApMpxI+HTuYbptEK8jdG7
79Me0iW/vzuO9FovUs+M74IBaSbr3h+VCNzmAoU5QP44Mc7Hqy9uGzR//iRDJQNa
Keh32+evcnc3Q19hr2PrekwCTB4Qcm+GHvCCuSZV475TW6OsLwse62n89NFwW6j6
iEq5qaZSOzRkRvcED+jUn3sAAwYD+wUvrwRetLAaJr5yH9u9B0wom0qUWvp4GDdR
ekUs9ErMA27Gtfj4oUxjz+kUSMXAU/P/8YqjMxS7hTZYMn8CyHJxPEBc10IvKud6
4nCUSao4u48u6JknC4CkJKJNPriRKOgUc6eOkAv4v24qG/9ao0MDKe0DlSY963Un
zQFSuom1iEkEGBECAAkFAkqLf2cCGwwACgkQvlu1hVcIlA9wVwCgmpd0vuZsPi7T
yxrAjaPzA+xUbYEAniC/3jDu+wmk7s3igkQOt6PFZue0
=3Qrr
—–END PGP PUBLIC KEY BLOCK—–

Encrypted communications with ID-SIRTII/CC should use this operational key.

All keys can be found at http://www.idsirtii.or.id/signature.asc

2.9 Team Members

- Mr. Rudi Lumanto as Chairman
- Mr. Muhammad Salahuddien as Vice Chairman of Operational and Network Security
- Mr. Mizamil as Vice Chairman of Socialization and Public Affairs
- Mr. Muhammad Salman as Vice Chairman of Interagency Collaboration
- Mr. Bisyron Wahyudi as Vice Chairman of Data Center, Application and Database
- Mr. Iwan Sumantri as Vice Chairman of Research and Development

Management, liaison and supervision are provided by Muhammad Salman, Vice Chairman of Interagency Collaboration of ID-SIRTII/CC.

2.10 Other Information
2.11 Points of Customer Contact

The preferred method for contacting ID-SIRTII/CC is via e-mail. For incident reports and related issues please use laporan.insiden[at]idsirtii.or.id. This will create a ticket in our tracking system and alert the human on duty.

For general inquiries please send e-mail to info@idsirtii.or.id

If it is not possible (or advisable due to security reasons) to use e-mail, you can reach us via telephone at +62 21 31925551.

ID-SIRTII/CC`s hours of operation are generally restricted to regular business hours. We do business and answer phones from 8:00 a.m. to 5:00 p.m. Monday through Friday Asia Jakarta (Indonesia West) time which is GMT+07:00. Our phones are connected to the offices ONLY DURING THESE HOURS. Be sure to compute the time difference between your area and ours, thus eliminating the possibility of a wasted call.

Please use our incident reporting form.

3. Charter
3.1 Mission Statement

The purpose of ID-SIRTII/CC is to coordinate security efforts and incident response for critical infrastructure and IT-security problems on a national level in Indonesia.

3.2 Constituency

The constituency are:
- IT-security teams
- Internet Service Provider (ISP)
- Network Access Provider (NAP)
- Local Exchange Operator
- Law Enforcement Association (LEA)
- Police
- Attorney General
- Ministries of Law and Human Rights
- Directorate General of Post and Telecommunication
- Ministry of Communication and Information Technology of Indonesia
- ICT Community
- Indonesian Internet Service Provider Association (APJII)
- Local CERTs in Indonesia.

Pro-active and educational material will be provided for SMEs and the general public as well.

3.3 Sponsorship and/or Affiliation

ID-SIRTII/CC is an initiative of :

1.   AWARI (Asosiasi Warung Internet Indonesia/Indonesian Internet Kiosk Association)

http://www.awari.or.id

2.   MASTEL (Masyarakat Telematika Indonesia/Indonesian Infocom Society)

http://www.mastel.or.id

3.   APJII (Asosiasi Penyelenggara Jasa Internet Indonesia/Indonesian Internet Service Provider Association)

http://www.apjii.or.id

4.   POLRI (Kepolisian Republik Indonesia/Indonesian National Police)

http://www.polri.go.id

5.   KEJAGUNG (Kejaksaan Agung Republik Indonesia/Indonesian Attorney General)

http://www.kejaksaan.go.id

6.   DIRJENPOSTEL (Direktorat Jenderal Pos dan Telekomunikasi/Directorate General of Post and Telecommunication)

http://www.postel.go.id

7.   BI (Bank Indonesia/Indonesian Central Bank) and Asosiasi Kartu Kredit Indonesia (Indonesian Credit Card
Association)

http://www.bi.go.id

Funding is provided by Directorate General of Post and Telecommunication.

3.4 Authority

ID-SIRTII/CC`s main purpose in incident handling is the coordination of incident response. As such, we only advise local CERTs and have no authority to demand certain actions. We have indirect authority over AS38775.

4. Policies
4.1 Types of Incidents and Level of Support

ID-SIRTII/CC is authorized to address all types of computer security incidents which occur, or threaten to occur, in our Constituency (see 3.2) and which require cross-organizational coordination.

The level of support given by ID-SIRTII/CC will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and ID-SIRTII/CC`s resources at the time. Special attention will be give to issues affecting critical infrastructure.

Note that no direct support will be given to end users; they are expected to contact their system administrator, network administrator, or department head for assistance.

ID-SIRTII/CC is committed to keeping its constituency informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited.

4.2 Co-operation, Interaction and Disclosure of Information

ID-SIRTII/CC will cooperate with other Organizations in the Field of Computer Security on internet infrastructure. This Cooperation also includes and often requires the exchange of vital information regarding security incidents and vulnerabilities. Nevertheless ID-SIRTII/CC will protect the privacy of their customers, and therefore (under normal circumstances) pass on information in an anonymized way only unless other contractual agreements apply.

ID-SIRTII/CC operates under the restrictions imposed by Indonesian law. This involves careful handling of personal data as required by Indonesian Data Protection law, but it is also possible that – according to Indonesian law – ID-SIRTII/CC may be forced to disclose information due to a Court`s order.

4.3 Communication and Authentication

For normal communication not containing sensitive information ID-SIRTII/CC will use conventional methods like unencrypted e-mail or fax.

For secure communication PGP-Encrypted e-mail or telephone will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. FIRST, TI, …) or by other methods like call-back, mail-back or even face-to-face meeting if necessary.

5. Services

5.1 Incident Response

ID-SIRTII/CC will assist IT-security team in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:

5.1.1. Incident Triage

* Determining whether an incident is authentic.
* Assessing and prioritizing the incident.

5.1.2. Incident Coordination

* Determine the involved organizations.
* Contact the involved organizations to investigate the incident and take the appropriate steps.
* Facilitate contact to other parties which can help resolve the incident.
* Send reports to other CERTs

5.1.3. Incident Resolution

* Advise local security teams on appropriate actions.
* Follow up on the progress of the concerned local security teams.
* Ask for reports.
* Report back.

ID-SIRTII/CC will also collect statistics about incidents within its constituency.

5.2 Proactive Activities

1. Socializing to related parties to conduct security activities of the telecommunications network utilization of IP-based.
2. Monitoring, detection and early warning of threats and disturbance of the telecommunications network of IP-based in Indonesia.
3. Developing and / or providing, operating, maintaining and developing the database system of monitoring and conducting security activities of the telecommunications network utilization of IP-based at least for monitoring, early detection and early warning of threats and disturbance to the telecommunications network utilization of IP-based, keeping records of transactions (log files) for supporting the law enforcement process.
4. Performing the functions of information services to the threats and security disturbance of the telecommunications network utilization of IP-based.
5. Carrying out research and development activities, providing simulation lab and training activities of the telecommunications network utilization security of IP-based.
6. Providing consultancy services and technical assistance to strategic institutions/agencies
7. As a central coordination (Coordination Center / CC) and liaison (Single Point of Contact) with related agencies /institutions both in the country and abroad.

6. Incident Reporting Forms

If possible, please make use of the Incident Reporting Form, the current version is available from http://idsirtii.or.id/en/contact-us/

7. Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, ID-SIRTII/CC assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.

Member of