High-Level Segment (HLS) of Council 2008
Geneva, 12-13 November 2008
 
 
Statement by H.E. Mr. Muhammad Nuh, Minister of Communication and Information Technology, Republic of Indonesia

Session 3: Addressing the technical and legal challenges related to the borderless nature of cybercrime

HE Secretary-General,
Excellencies,
Distinguished Speakers,
Participants,
Ladies and Gentlemen,

First of all, let us express our gratitude to God The Almighty for the opportunity lavished to us to participate together in this highly prestigious High-Level Segment (HLS) of the ITU Council 2008.

This forum is irrefutably an important event, not only for Indonesia, but for the world as a whole, since it gives us the chance to share and exchange our perception on issues of strategic importance, notably the nature of cyberthreats and the myriad of risks we would face when venturing online.

Therefore, on behalf of the People and Government of Indonesia and on my own behalf, I would like to express my appreciation for this opportunity for us to share our experiences and views as well as suggestions towards cooperation efforts in this High-Level Segment (HLS) of the ITU Council 2008.

Excellencies, Ladies and Gentlemen:

Information and Communication Technology has definitely ameliorated the way we work and live. ICT has made tremendous contributions: in improving productivity through reduction of production and processing time; in creating database that can be explored to create knowledge and to promote innovation; and in establishing collaboration to create synergies among many entities. Such contribution has yet become much more significant with the ubiquitousness of Internet, as a form of ICT. Using Internet we can connect Anyone in Anywhere at Anytime using Any-device, which popularly known as “4A vision of Internet”.

In a short span, Internet becomes indispensable in the daily lives of individuals, businesses, and organization including government. Hundreds of millions of human and equipments from virtually anywhere all over the world are inter-connected via Internet at anytime, creating a very complex, ubiquitous, and vulnerable cyberspace. It is vulnerable, since the greed of human being in taking the full advantage of its usefulness pressurizes the providers and the users to be willing to deliver and utilize the system even when the people are not ready, when the equipments are not ready, when the infrastructures are not ready and when the system is not ready in dealing with the transparency of Internet, which originally is developed based on “resource sharing philosophy”. This situation is further exacerbated by the fact that the ubiquitous-ness of the cyberspace could make the vulnerability of one node to extend to the whole network.

Ladies and Gentlemen:

Recent developments in Internet have compelled its vulnerability to intensify tremendously:

  1. The transformation of Internet role from portal to social network have created an abundant source of vulnerability from each member of the network
  2. The utilization of Internet from a media of connection to a media of transaction produces activities that must be executed in real time without having enough time for authentication, verification, and validation.
  3. The desideratum of many mission critical systems to be put on-line for the convenience of the users, opens up possibilities for un-invited persons to be able to peek into the systems.
  4. The exigencies to serve individual mobility to increase productivity, allows users to interact with systems using any inter-connected network currently available in their premises

To imagine how astringent the susceptibility of the Internet is, we can look back to the well-known Metcalfe Law of network usefulness; this time in reverse condition, to estimate network vulnerability. If its usefulness is proportional to the square number of useful node then its vulnerability should also be proportional to the square number of vulnerable node. One can easily imagine how big this number is, considering hundreds of millions of people and devices are connected at anytime, which therefore become nodes of the network.

The size of the problem related to cyber-threat and the necessary cyber-security to overcome its potential damage is therefore unimaginably stupendous. It is not enough to be just responsive when dealing with problems of such scale, since the damage provoked will be so big that it is not possible to remedy them in timely manner. Thus, every country in the world have to be astute and prepared whenever a threat strikes. In fact, readiness is the key factor in cyber-security: readiness of the people, readiness of the infrastructures, systems readiness, governmental readiness, and the regulation readiness. To be ready before, during, and after the strikes. Every country, and the world as a whole, must be ready and be prepared. Problems of such scale are not possible to be handled by or designated as the responsibility of only one institution. It requires close cooperation among all institutions - individuals, users - providers, government - business - citizen, nationally – regionally -internationally.

Excellencies, Distinguished Speakers and Participants:

Cyber-security is not only concerned with threats to businesses or institutions or governments; the threats to individuals too, since they are actually much detrimental since they appear before us like the tip of the iceberg, manifesting only a small part of themselves. In dealing with cyber-security, we have to consider comprehensive approaches that can provide the required security for individuals, for businesses, for institution, for government, and for sovereignty of a country. Such a comprehensive approach comprises of the many faces of readiness I have noted earlier:

  1. Regulations that need to be exploited as the rules and codes of conduct in performing activities in cyber space.
  2. Institution that performs security check in cyber space as enforcement of the regulation
  3. Technology that are designed and used as tools to conduct security activity in cyber space, which comprise of infrastructures and applications
  4. Society that is aware about risks, threats, protection, while surfing the cyber world

These are, in my opinion, the minimum number of ingredients for any country in equipping itself with cyber security for their cyber world. Based on this approach, the cyber security in Indonesia is currently under development.

Ladies and Gentlemen:

First, allow me broadly describe the Indonesia cyber space. Some statistics are given in the slide for the infrastructure and its utilization: PC density in Indonesia grows about 21% each year, while internet users increases by about 29% each year, and broadband internet users have proliferated at incredible speed of 215% due to the recent aggressive deployment of mobile broadband. Even though these percentages itself are not high, its absolute value is utterly significant due to the number of Indonesia population that is advancing slowly to a quarter billion. Considering the number of Indonesia cyber world inhabitants and its tremendous growth in the last three years, it is essential for Indonesia to adopt a progressive action toward securing its cyber space.

In terms of regulation, as the first ingredient of cyber security, Indonesia has applied Electronics Information and Transactions Law since it was passed by the Parliament in April 2008. Currently, Government of Indonesia is preparing several Government Decrees as the implementation of this law. At the same time, Government and Parliament are preparing Cyber Law as a complement to this Electronics Information and Transaction Law. Regarding the use of IP‐based infrastructure, Minister of Communication and Information Technology has signed Ministerial Decree to cover IP infrastructure security issues. Thus, it is expected that the acceleration of Internet utilization will be in realized in every walk of life.

In terms of institution, Indonesia, through the Ministerial Decree of Minister of Communication and Information Technology, has established Indonesia Security Incident Readiness Team on Internet Infrastructure, popularly known in Indonesia as ID-SIRTII, in 2007 as anticipation for the implementation of the previously mentioned two laws.

Excellencies, Distinguished Participants:

Of course, Government of Indonesia must equipped this Institution with the third ingredient, which is the necessary technology, both infrastructure and systems, as tools to conduct security activities in Indonesia cyber space. As a readiness team, ID-SIRTII is responsible for not only technological aspects of cyber security but also its non-technological aspects. As an Non Government Body that supports the government and society in establishing a secure Internet environment, ID-SIRTII has been assigned seven main tasks, namely:

  • Monitoring Internet traffic for the purpose of identifying and preventing any malicious activity;
  • Managing Internet traffic log files to support law enforcement activities by the authorities;
  • Assisting critical infrastructure institutions in their efforts to increase their information security capability;
  • Building public awareness of the importance of Internet security;
  • Conducting the necessary internet security training programs for all related stakeholders;
  • Operating a simulation and R&D laboratory to support organizational activities; and
  • Developing international collaboration and co-operation with similar CSIRT/CERT agencies in other countries.

As the basic philosophy and the principle of “Your Security is Our Security” emerge, the Government of Indonesia believes that the most competent approach to protect the Internet is through the empowerment of people. Society awareness, the fourth ingredient of cyber security, is constructed by consistently promoting this concept and educating people from different backgrounds and communities as to the importance of safeguarding themselves from cyber threats and crime. In this way, a secure Internet environment for everybody will someday become a reality. The role of the government is crucial in accelerating the socialization of this practice, since a top down approach is required in order to guarantee its effectiveness.

The efforts to raise public awareness are implemented through:

  • Capacity building at government agencies;
  • Conducting training & certification for human resources to develop security expertise;
  • ID-SIRTII-led security awareness activities for the benefit of operators of critical national infrastructure;
  • Perpetual socialization and publications to raise public awareness and responsibilities; and
  • Encouraging other relevant initiatives.

Ladies and Gentlemen:

As part of the global village, of course, we cannot cover all the initiatives exclusively in our own country. In the cyber space, no boundary exists; traffic will flow effortlessly almost without any restriction. In order to comprehensively respond to certain events, regional cooperation is a imperative.

Government of Indonesia have proposed an efficacious regional and international cooperation by establishing a single point of contact for larger audiences, such as the ASEAN Single points of contact has been established.

As already described above, the debate on Internet security cannot be separated from international relations. Meanwhile, each country undoubtedly retains its own interests and priorities. There are several key success factors worth to consider:

  • Cooperation based on trust and equality among the parties is crucial in building a successful and effective security mechanism;
  • Harmonizing laws and policies among neighboring countries within a region is required to extend understanding and support;
  • Synchronization of regional awareness programs and initiatives to prevent overlapping is required;
  • Development of a common international platform to speed up the mitigation and law enforcement should an accident occurs;
  • Erecting standards and guidance in order to succor countries that are not ready to implement is also important. Such assistance is essential since their security issue may also pose a threat to all other country’s security.

Excellencies, Distinguished Speakers and Participants,
Ladies and Gentlemen:

Finally, on this very important occasion, I do hope that we will acquire useful collection of information, advantages and opportunities from this forum in order to be able to explore avenues of cooperation among developed and developing countries to minimize the impact of the misuse of Internet and strengthen the fight against cybe rcrime. However, please do not forget that we do still have sociological issues to cope. While in the name of security, it may be necessary to know the origin, the content, the destination of data package, as such knowledge can also be considered as an intervention to privacy. Finding the balance between the two is the ultimate challenge of any cyber security forum such as this one.

Thank you.