Id-SIRTII/CC RFC 2350

 

1. Document Information

This document contains a description of Id-SIRTII/CC according to RFC 2350. It provides basic information about the Id-SIRTII/CC, the ways it can be contacted, describes its responsibilities and the services offered.

 

1.1 Date of Last Update

This is version 0.9 as of 01/04/2014. Indonesia date format is DD/MM/YYYY.

 

1.2 Distribution List for Notifications

There is no distribution list for notifications as of 01/04/2014.

 

1.3 Locations where this Document May Be Found

The current version of this document can always be found at:

- http://idsirtii.or.id/halaman/tentang/rfc-2350.html

 

For validation purpose, GPG signed ASCII version of this document is located at:

- http://idsirtii.or.id/halaman/tentang/pgp-public-key.html

 

The key used for signing is the Id-SIRTII/CC key as listed under section 2.8. Public Keys and Encryption Information.

 

2. Contact Information

 

2.1 Name of the Team

Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure / Coordination Center.

 

2.2 Address

Ravindo Tower 17th floor

Kebon Sirih Road Number 75, Central Jakarta

Zip Code 10340, Indonesia.

 

2.3 Time Zone

We are located in Asia, Jakarta - Indonesia Western Time that is GMT+07:00. No daylight saving time. GMT are consider similar with UTC. Indonesia time format are HH:MM:SS in 24 hours notation – without AM/PM.

Time reference host: ntp.idsirtii.or.id or IP address 203.34.118.4

 

2.4 Telephone Number

+62 21 3192 5551

 

2.5 Facsimile Number

+62 21 3193 5556

 

2.6 Other Telecommunication

Voice and Video Conferencing to IP address: 203.34.119.110

 

2.7 Electronic Mail Address

Please send incident related reports to incident[at]idsirtii.or.id

Non-incident related mail should be addressed to info[at]idsirtii.or.id

 

2.8 Public Keys and Encryption Information

Id-SIRTII/CC uses a master-signing key to sign all keys used for operational purposes. This trust anchor is:

 

Bits: 1024

Key ID: BE5BB5855708940F

Fingerprint: 1fa1 6655 936e 91ba 4593 3be3 be5b b585 5708 940f

 

—–BEGIN PGP PUBLIC KEY BLOCK—–

Version: GnuPG v1.4.5 (GNU/Linux)

 

mQGiBEqLf2cRBAC4XTTZivXB1/llofQ8PmuHZKNOumpv3hdnoZQDjuLgHHHQIjRN

zP4ICI08EGL/ZCeLPUXaTui5Ty+ZKhwYVeFFpdSqAJ2jVCIUSZfhm7XI5prYTMSI

cfrFhUp4LHMRJfGYacFcr6zlJUh8/O/quwEWVDLANvlEDgkaJUImB2q6kwCgnkJ2

kf7V+FR/3Zv7MNM8DNdT+dsD/R3zUypwKtrjftwaThsmnInXyIRj3O3XCU9j8i2L

wODSHfI5/OMVbocQ6DtXwR9P+q+3EWlfkUrI5xxnAyHpefR2rGEM/UDyJzXLGyMm

qTa3I8D/tBF0z9WS+ZyK8IMdzoyt+UzQ2E9jg6Ajqa99et6GD7mBFcaDgUzOrA2Q

z8iZA/41X9Cm1LqETVD/3+wqjLgXxfHGeVe18m4BNrgA4GRSosqO5QaJIkBRFL8w

U0clEEQl44suuOx4BRb5fCEkUhpQKTr2GTgYr8Zi29CFAi1RZnhi+lmcmfmSqb0p

t6kXxZalKinlZGg3+dBElnP9KlCmvTZsU/+p4hPq2eaM2puU8bRNSURTSVJUSUkg

KEtleSBnZW5lcmF0ZWQgb24gcHVibGljIHdlYm1haWwgc2VydmVyKSA8YXBjZXJ0

LXJlcEBpZHNpcnRpaS5vci5pZD6IYAQTEQIAIAUCSot/ZwIbAwYLCQgHAwIEFQII

AwQWAgMBAh4BAheAAAoJEL5btYVXCJQPlSAAn0xeXhH9niBQrJuGRZZDWu3Jaux8

AJ9vkx8cSRmZCKLDZpWQRxlYFklS1LkBDQRKi39nEAQApMpxI+HTuYbptEK8jdG7

79Me0iW/vzuO9FovUs+M74IBaSbr3h+VCNzmAoU5QP44Mc7Hqy9uGzR//iRDJQNa

Keh32+evcnc3Q19hr2PrekwCTB4Qcm+GHvCCuSZV475TW6OsLwse62n89NFwW6j6

iEq5qaZSOzRkRvcED+jUn3sAAwYD+wUvrwRetLAaJr5yH9u9B0wom0qUWvp4GDdR

ekUs9ErMA27Gtfj4oUxjz+kUSMXAU/P/8YqjMxS7hTZYMn8CyHJxPEBc10IvKud6

4nCUSao4u48u6JknC4CkJKJNPriRKOgUc6eOkAv4v24qG/9ao0MDKe0DlSY963Un

zQFSuom1iEkEGBECAAkFAkqLf2cCGwwACgkQvlu1hVcIlA9wVwCgmpd0vuZsPi7T

yxrAjaPzA+xUbYEAniC/3jDu+wmk7s3igkQOt6PFZue0

=3Qrr

—–END PGP PUBLIC KEY BLOCK—–

 

Encrypted communications with Id-SIRTII/CC should use this – and only this – operational key.

All keys (including the keys of individual team members) can be found at:

- http://idsirtii.or.id/download/signature.asc  

 

2.9 Team Members

1. Mr. Rudi Lumanto, as Chair Person
2. Mr. Muhammad Salahuddien, as Deputy of Operation and Network Security
3. Mr. Bisyron Wahyudi, as Deputy of Data Center, Application and Database
4. Mr. Muhammad Salman, as Deputy of Interagency Collaboration
5. Mr. Iwan Sumantri, as Deputy of Research and Development
6. Mr. Mizamil, as Deputy of Socialization and Public Affairs

 

Liaison is provided by Department of Interagency Collaboration of Id-SIRTII/CC.

 

2.10 Other Information

None.

 

2.11 Points of Customer Contact

Preferred method to contact Id-SIRTII/CC is through e-mail. For incident reports and related issues, please directly use incident[at]idsirtii.or.id. This procedure will create a ticket number in our tracking system and will alert officer on duty.

For general inquiries please send e-mail to info[at]idsirtii.or.id

If it is not possible – or advisable due to security reasons – to use e-mail, you can contact or reach us through fixed line – telephone at +62 21 31925551.

 

ID-SIRTII/CC`s operation are generally restricted to regular business hours:

 

From 8:00 a.m. to 5:00 p.m. that is GMT +07:00

Asia, Jakarta – Indonesia Western Time

Monday through Friday, excluding National Holiday.

 

Note that: we will response ONLY DURING THESE HOURS.

Our phones are connected to IVR (Interactive Voice Response) System that will record any communication, but officers and staffs are only available during office hours. So, please consider time differences between your area and ours, thus eliminating the possibility of a wasted call.

Otherwise, please use email and or our online incident reporting form.

 

3. Charter

 

3.1 Mission Statement

The main purpose of Id-SIRTII/CC is as The National CSIRT/CC of Indonesia, to coordinate security efforts and incident response for Critical Infrastructure and IT-security problems at national level in Indonesia.

 

3.2 Constituency

• Id-SIRTII/CC constituencies are:
• ICT Community, which is IT-security teams and professionals.
• Local CSIRT’s in Indonesia, which is ACAD-CSIRT an Academic CSIRT forum, Govt-CERT a Government CSIRT under MCIT, Local Government CSIRT and Industry Sector CSIRT.
• Internet Core Infrastructure, which are Network Access Provider (NAP), Internet Service Provider (ISP) and Local Exchange and Data Center Operator (LEO).
• Law Enforcement Agency (LEA), which is National Police, Attorney at General.
• Government agencies, which is Ministry of Law and Human Rights, Ministry of Communication and Information Technology, etc. and especially to any agencies related with National Critical Infrastructure.
• Basically – as The National CSIRT/CC of Indonesia – Id-SIRTII/CC is mandated to take responsibility to any other constituencies that are not yet be serviced by any other CSIRT. We will engage upon request.
• For awareness purposes, pro-active educational material will be provided to the constituencies, SME’s and general public as well.

 

3.3 Sponsors and/or Affiliation

Id-SIRTII/CC founders:

 

1. AWARI (Asosiasi Warung Internet Indonesia), The Indonesian Internet Kiosk Association. Web site http://www.awari.or.id/
2. MASTEL (Masyarakat Telematika Indonesia), The Indonesian ICT Society. Web site http://www.mastel.or.id/
3. APJII (Asosiasi Penyelenggara Jasa Internet Indonesia), The Indonesian Internet Service Provider Association. Web site http://www.apjii.or.id/
4. POLRI (Kepolisian Republik Indonesia), The Indonesian National Police. Web site http://www.polri.go.id/
5. KEJAGUNG (Kejaksaan Agung Republik Indonesia), The Indonesian Attorney at General. Web site http://www.kejaksaan.go.id/
6. DITJEN POSTEL (Direktorat Jenderal Pos dan Telekomunikasi), The Directorate General of Post and Telecommunication. Web site http://www.postel.go.id/
7. BI (Bank Indonesia), The Indonesian Central Bank. Web site http://www.bi.go.id/
8. AKKI (Asosiasi Kartu Kredit Indonesia), The Indonesian Credit Card Association. Web site http://www.akki.or.id/

 

Co-founders are not mention directly due some exception and restriction reason. Including individual expert, academia, others Government Agencies and NGO’s.

Members of FIRST, National CSIRT Forum, ANSAC, APCERT and OICCERT.                                                                                                                                                           

Id-SIRTII/CC is a quasi government organization. Which means, it is fully funded only by The Government of Republic of Indonesia. But, as a service we are not performing any kind of government function, particularly or in general.

Our accountability and responsibility is to the constituencies.

 

3.4 Authority

Id-SIRTII/CC`s main purpose is to coordinate others initiatives to handle any kind of incidents at national level. This includes communication with counterparts and initiate collaboration as needed. In such, we only advise local or sector CSIRT’s to take immediate action. WE DO NOT MITIGATE AND REMEDIATE directly since we do not have direct authority to our constituencies, its network and so on.

We have indirect authority over AS38775. Contact to APNIC are through IDNIC.

 

4. Policies

 

4.1 Types of Incidents and Level of Support

Id-SIRTII/CC is authorized to address any kind of cyber security incidents, which occur or threaten our constituency (see section 3.2 Constituency) and its cyber strategic interest, in which required cross-organizational coordination, especially at national level. We will impose any precaution action needed and committed to keep our constituency informed to any potential vulnerability.

The level of support given by Id-SIRTII/CC will vary depending on the type and severity of the incident or issue, type of constituent, size of user or community affected, and Id-SIRTII/CC`s resources in place. Special attention will be given to the issues that are directly affecting to critical infrastructure.

Please note that NO DIRECT SUPPORT WILL BE GIVEN TO END USERS. They are expected to contact their local CSIRT (if any), or system administrator, network administrator and department head for assistance.

 

4.2 Co-operations, Interaction and Disclosure of Information

Id-SIRTII/CC will cooperate with other organizations in the field of cyber security and Internet infrastructure. Those engagements often require data or information exchange regarding to incident and issue. Nevertheless Id-SIRTII/CC committed to protect privacy of its constituency and therefore (under normal circumstances) only pass on limited and anonymized information to others party, unless some contractual agreements apply, for example Non Disclosure Agreement (NDA).

We operate under restrictions imposed by applicable Indonesian law regarding to information classifications and protection. This involves handling procedures of personal data as required by Indonesian Data Protection law, but it is may be forced to disclose such information due to LEA investigation or by court`s order.

 

4.3 Communications and Authentication

For usual communication, not containing sensitive information, Id-SIRTII/CC will use conventional methods like unencrypted e-mail or facsimile.

For secure communication PGP-Encrypted e-mail or telephone/fax will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing peers of trust (e.g. FIRST, APCERT) or by other methods like callback, mail-back or even face-to-face meeting if necessary.

 

5. Services

 

5.1 Incident Response

We response the incidents through (online) public reporting procedures, which are:

 

5.1.1. Incident Triage

• Determining whether an incident and the reporter are authentic.
• Assessing related information and prioritizing the incident.

 

5.1.2. Incident Coordination

• Determine any involved organizations.
• Contact person in charge to investigate and take appropriate action.
• Facilitate contact to other parties that can help to resolve the incident.
• Send reports to other related CERT’s, parties or LEA if it is needed.

 

5.1.3. Incident Resolution

• Advise others security teams involved to take appropriate actions.
• Follow up progress, ask for reports, report back and escalated to higher authority.
• Id-SIRTII/CC assists others security team in technical and management aspects of incidents as needed. Particularly, we provide assistance or advices upon request. We do not directly engaged to any kind of mitigation and remediation process.
• Id-SIRTII/CC collect incidents statistics form its constituency periodically.

 

5.2 Proactive Activities

1. Conducting National Monitoring Center – to detect known threats, anomalies and any kind of potential security issues within Indonesia Internet Infrastructure – as Early Warning System to prevent major disruption.
2. Operating Data Centers – to host and develop applications related to Monitoring and Early Warning System and secure internet infrastructure. Collecting and preserve ISP’s log files to support Law Enforcement investigation process and providing second opinion analysis (cyber crime law, digital forensic etc.) as expert witness.
3. Conducting cyber security research and development program through various departments: Digital Forensic, Malware, Network Security, Data Mining, Honey net.
4. Providing security related information, alert and advisory to general public based on related incident reports, actual monitoring events and research analysis result.
5. Providing advisories, consultancy, clinic and technical assistance to strategic institution and agencies (upon request or as mandated by regulation).
6. Organized socialization to raise security awareness to the constituencies, related parties and providing cyber security training regularly.
7. As a Coordination Center (CC) at national level and provide liaison – Single Point of Contact – to counterpart within the country and abroad.

 

6. Incident Reporting Forms

If possible, please make use of our Incident Reporting Form.

Current version is available from http://idsirtii.or.id/halaman/tentang/kontak-kami.html

Or visit our Online Reporting site http://report.idsirtii.or.id

 

7. Disclaimers

While every precaution will be taken in the preparation of (those) information, alerts and notifications, Id-SIRTII/CC assumes will not take any responsibility for errors, omissions or damages resulting from the use of the information contained within.

This information should be solely used only as mentioned.