Project on capacity building for information security
Republic of Indonesia
4th December, 2013
Ministry of Communication and Information Technology (MCIT)
From 23 July, 2014 to 22 January, 2017
Ministry of Communication and Information Technology (MCIT)
With the rapid spread of the Internet, the need for information security measures is increasing day by day. In particular, the damage by cyber-attack has been internationally increasing. Cyber-attacks illegally connect website and/or terminals in governmental offices or private companies, attempting falsification of website or leaking of company's confidential information. In South Korea in March 2013, broadcasting station and banks are damaged in large scale by cyber-attacks. The same may possibly happen in Japan, and countermeasures against such attacks need to be established urgently.
It is via the Internet that the cyber-attacks such as a computer virus or DoS attacks (Denial of Services Attack) reach attacking targets. As such, the countries with poor or insufficient information security settings are not only vulnerable against cyber-attacks, but also exposed to risks to be utilized as originating or transiting sites of cyber-attacks (step-stone), which causes deterioration in business trustfulness of the country. Conversely, the countries with higher levels of information securities will increase trustfulness in business environments, where high qualitied direct investment functions positively to invite high-value-added and knowledge-intensive economies.
Taking this fact seriously, the Indonesian Government has been improving information security levels of the country. The government has first established National CERT; ‘ID-SIRTII/CC' (Indonesian Security Incident Response Team on Internet Infrastructure) under MCIT in 2007, and subsequently ‘Government CSIRT' under Information Security Department of MCIT in 2012. However, countermeasures by these organizations haven't attained to satisfactory levels judged from the increasing amount of cyber-attacks, happening from Indonesia to its ASEAN neighbors or vice versa. For this reason, Indonesia has requested assistance from Japan, who has excellent experience and skill levels in this field.
Additionally to say, since the cyber-attacks are mainly performed via the Internet, single country's measures cannot perfectly tackle the problem. Hence, cooperation needs to be established, where we can properly foresee or quickly respond international cyber-attacks by collecting and analyzing the country's and/or regional information. In response to a request by the Indonesian Government, JICA has dispatched its survey team to the country in April 2013. The team has studied organizational structure of the departments in MCIT responsible for the information security task, and confirmed their capability to perform work as JICA's counterpart. In addition, the team has discussed with MCIT their intentions of cooperation with other ASEAN countries. As a result, two project goals are determined and agreed by MCIT and JICA; one is on capacity building of staff members in the Information Security Department of MCIT to improve information security environments of the country, and the other on establishment of wider and deeper cooperation with other ASEAN countries for improvement of their information security levels.
Improvement of levels in information security in the entire ASEAN region will help promote economy activities in each country in ASEAN, as well as help improve capacity to foresee cyber-attacks targeting Japan, which eventually result in good contribution to information security improvement in Japan too.
To improve the Indonesia of information security measures
To improve information security measures implementation capacity of Indonesia Ministry of Information and Communication
(1) Research an ideal mechanism for SNI ISO/IEC27001 accreditation and certification
(2) Improve technical skills of staffs
(3) Establish a network with Japan and ASEAN countries for studying future trends
(1) Create a method to introduce ISMS to government offices
(2) Create a method to establish CSIRT in government offices
(1) Create a method (channel) for awareness raising
(2) Create materials for awareness raising
Input from the Japan side
Input from the Indonesia side