LOGO
AN ANALYSIS OF INFORMATION SECURITY GOVERNANCE READINESS IN GOVERNMENT INSTITUTION
A. BUDI SETIAWAN The Center of Research and Development of Informatic Application. Agency of Human Resource Research and Development, Ministry of ICT Indonesia Delivered at 4th International Symposium on Chaos Revolution in Science, Technology and Society August, 28-29, 2013 in Jakarta, Indonesia
INTRODUCTION • Internet usage is increasing • ICT is enabler • The use of ICT in the public sector
• Presidential Instruction No. 3/2003 about Policy & National Strategy on the Development of e-Government • Vulnerability on ICT system…
Increasing IT Risk in Indonesia •
Real incident reported such as phishing, identity theft, data (information resources) stealing, critical information resources hostages, information leakage, insider attack (i.e. virus spread)
•
Cases: cyber war, fraud, web deface, hoax, etc
•
Malicious code, common vulnerabilities/zero day attack -pirate software are widely used (not updated)
(source: Id-SIRTII/CC, 2012)
Recent Risk Report in Indonesia Distributed Denial of Service attack on the system of Domain Name Service (DNS) ccTLD-ID indicates that the attack on the domain "go.id" is the most
(source: Zone-h, 2012)
THREAT
Number of attacks to domain “id” website on October 2012
(source: Id-SIRTII, 2012)
The Study of IT Security Readiness in Government • Observe the readiness of Information Security Governance implementation in government agencies • Analysis was performed by using index of e-Government Rank (PeGI) and Information Security Index (Index KAMI
PeGI
Trianggulation: Expert judgemnet (FGD)
Index KAMI
Indonesia’s Statistics
Internet users: 55,000,000 Internet users as of June.30, 2012, and 22.1% penetration. (source : http://www.internetworldstats.com/asia.htm#id) Internet subs: 2,3 millions
Cyber Security Legal Framework in Indonesia
National Policy and Law on Internet Security “Indonesia’s Telecommunication Act” (UU Telekomunikasi) Indonesia’s Act
“Information & Electronic Transaction Act” (UU ITE) Regulation of Minister of CIT
Decree of Minister of CIT
Circular of Minister of CIT
No. 29/PER/M.KOMINFO/10 /2010 about Securing Telecommunication Network Utilization based on Internet Protocol Number: 133/KEP/M/KOMINFO/04/2010
Number: 01/SE/M.KOMINFO/02/2011
Information Security Index
The Index of Indonesian e-Government Rank Goals: •
Provides a reference for the development and utilization of ICT in public sector
•
Provide impetus for the development of ICT in the government through the evaluation of a large, balanced, and objective
•
Provides map of the environment conditions of the use of ICT in the national government 5 Dimensions of Indonesian e-Government Rank: No.
Dimensions
1
Policy
2
Institutional
3
Infrastructure
4
Application
5
Planning
Indonesian e-Government Rank 2012:
Ministries
NO
Ministries
POLICY
DIMENSION SCORE CATEGORY INFRASTRUCT INSTITUTIONAL APPLICATION PLANNING AVERAGE URE
1
Kementerian Keuangan
3.50
3.53
3.52
3.37
3.63
3.51
Good
2
Kementerian Pekerjaan Umum
3.10
3.52
3.11
3.34
3.52
3.32
Good
3
Kementerian Perindustrian
3.13
3.50
3.48
3.40
3.00
3.30
Good
4
Kementerian Pendidikan dan Kebudayaan
3.17
3.27
3.40
3.22
3.13
3.24
Good
5
Kementerian Tenaga Kerja dan Transmigrasi
3.10
2.96
2.83
2.94
3.16
3.00
Good
6
Kementerian Perhubungan
2.79
2.70
2.90
2.92
2.77
2.82
Good
7
Kementerian Perdagangan
2.73
2.73
3.19
2.92
2.40
2.79
Good
8
Kementerian Pertahanan
2.84
3.10
2.68
2.50
2.75
2.77
Good
9
Kementerian Pemuda dan Olah Raga
2.44
2.73
2.95
2.73
2.83
2.74
Good
10
Kementerian Perencanaan Pembangunan Nasional
2.10
2.43
3.14
2.90
2.73
2.66
Good
11
Kementerian Kesehatan
2.23
2.88
2.74
2.70
2.52
2.61
Good
12
Kementerian Energi dan Sumber Daya Mineral
1.98
2.63
2.98
2.67
2.73
2.60
Good
13
Kementerian Kehutanan
2.54
2.80
2.93
2.62
1.67
2.51
Poor
14
Kementerian Pertanian
2.63
3.03
2.69
2.37
1.67
2.48
Poor
15
Kementerian Luar Negeri
2.15
2.44
2.77
2.40
2.40
2.43
Poor
16
Kementerian Hukum dan Hak Asasi Manusia
2.17
2.33
2.26
2.63
2.70
2.42
Poor
17
Kementerian Koordinator Bidang Kesejahteraan Rakyat
2.38
2.70
2.36
2.27
2.27
2.39
Poor
18
Kementerian Riset dan Teknologi
2.10
2.87
2.55
2.60
1.70
2.36
Poor
19
Kementerian Koperasi dan Usaha Kecil dan Menengah
2.25
2.28
2.37
2.58
2.20
2.34
Poor
20
Kementerian Badan Usaha Milik Negara
1.55
2.28
2.40
2.64
2.40
2.25
Poor
21
Kementerian Koordinator Bidang Perekonomian
2.40
2.60
2.10
2.45
1.57
2.22
Poor
22 23
2.19 2.02
2.57 2.67
2.24 2.07
2.03 2.38
1.67 1.40
2.14 2.11
Poor Poor
2.03
2.44
1.80
2.08
1.44
1.96
Poor
1.50
2.00
1.94
2.10
2.12
1.93
Poor
26
Kementerian Pariwisata dan Ekonomi Kreatif Kementerian Kelautan dan Perikanan Kementerian Pemberdayaan Perempuan dan Perlindungan Anak Kementerian Koordinator Bidang Politik, Hukum, dan Keamanan Kementerian Lingkungan Hidup
1.44
1.90
2.24
2.18
1.83
1.92
Poor
27
Kementerian Agama
1.43
2.04
2.46
1.88
1.48
1.86
Poor
28
Kementerian Perumahan Rakyat
1.38
1.83
1.90
2.23
1.30
1.73
Poor
29
Kementerian Pembangunan Daerah Tertinggal AVERAGE
1.21 2.29
1.63 2.63
1.57 2.61
1.80 2.58
1.40 2.29
1.52 2.48
Very Poor Poor
24 25
Indonesian e-Government Rank 2012:
Local Government (Provinces)
DIMENSION NO
Provinces
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
SCORE
POLICY
INSTITUTIONAL
INFRASTRUCTURE
APPLICATION
PLANNING
AVERAGE
Jawa Barat Jawa Timur DKI Jakarta Yogyakarta Aceh Bangka Belitung Sumatera Selatan Gorontalo Jambi Jawa Tengah Kalimantan Timur Kalimantan Tengah Nusa Tenggara Barat Sumatera Barat Kalimantan Barat Papua Sulawesi Utara Kepulauan Riau Sumatera Utara Sulawesi Barat Lampung
3.46 3.17 2.88 2.79 2.42 2.67 2.71 2.42 1.83 2.08 2.00 2.21 2.29 2.38 1.92 1.67 2.00 1.38 1.21 1.50 1.21
3.53 3.47 2.73 2.67 2.87 3.07 2.60 2.47 2.73 2.67 2.40 2.40 2.13 2.13 2.20 1.90 2.20 2.47 2.20 1.70 2.07
3.33 3.10 2.90 2.90 3.05 2.38 2.67 2.48 2.24 2.67 2.43 2.00 1.71 2.05 1.95 1.93 1.67 1.48 1.86 1.90 1.43
3.10 2.73 2.77 2.73 2.77 2.27 2.40 2.60 2.53 2.40 2.23 2.03 2.43 1.77 2.00 1.98 2.37 1.80 1.77 1.70 1.90
3.47 2.67 2.80 2.80 2.47 2.73 2.67 2.87 2.47 1.80 2.20 2.40 1.67 1.60 1.80 2.27 1.20 2.13 1.47 1.47 1.47
3.38 3.03 2.82 2.78 2.71 2.62 2.61 2.57 2.36 2.32 2.25 2.21 2.05 1.98 1.97 1.95 1.89 1.85 1.70 1.65 1.61
22
Bengkulu
1.50
1.73
1.19
1.63
1.33
1.48
23
Sulawesi Tengah
1.33
1.80
1.24
1.63
1.00
1.40
24
Kalimantan Selatan
1.00
1.47
1.00
1.67
1.00
1.23
AVERAGE
2.08
2.40
2.15
2.22
2.07
2.18
CATEGORY
Good Good Good Good Good Good Good Poor Poor Poor Poor Poor Poor Poor Poor Poor Poor Poor Poor Poor Poor Very Poor Poor Very Poor Poor Very Poor Poor Poor
Analysis of Indonesian e-Government Rank Ministries Dimension: Policy 20.69%
Dimension: Institutional 31.03%
Dimension:Infrastructure
0%
3.45%
41.38%
44.83%
58.62%
51.72%
48.28%
Good
Poor
Very Poor
Good
Poor
Dimension: Application 0%
Very Poor
Good
Poor
Very Poor
Dimension: Planning 20.69%
3.45% 34.48%
51.72% 68.28%
41.38%
Good
Poor
Very Poor
Very Good
Good
Poor
Very Poor
Analysis of Indonesian e-Government Rank Local Government (Provinces) Dimension: Policy
Dimension: Institutional 4%
25.00%
29.17%
Dimension: Infrastructure 20.83%
37.50%
29.17%
58.33% 45.83%
Good
Poor
50.00%
Very Poor
Good
Dimension: Application 0%
Poor
Good
Very Poor
Poor
Dimension: Planning
20.83%
0.00% 29.17%
29.17%
79.17% 41.67%
Good
Poor
Very Poor
Very Good
Good
Poor
Very Poor
Very Poor
Information Security Index 2012
Source: Directorate of Information Security
Cyber Security Readiness in Government 1. Coordination between government agencies is still weak in terms of cyber security 2. The levels of internet safety and cyber security awareness of government agencies and public are still low 3. Implementation of ICT security in Indonesia is still running on silo system 4. ICT governance and information security management systems in government agencies do not operate effectively
Recommendation for Cyber Security Readiness in Government 1. Need strong commitment form all level management in government institution related to implement IT Security governance 2. Information security should become the spirit for all ICT regulation and policy 3. Need particular policy from the highest level government management which is mandate for all government institution to implement IT Security governance
THANK YOU
A. BUDI SETIAWAN ICT Researcher at Center of R&D of Informatic Application Human Resource R&D Agency, Ministry of ICT Indonesia
[email protected] [email protected]