Battle of The Future

- understanding cyber conflict -

M.S. MANGGALANNY – DEPUTY NETWORK OPERATION AND SECURITY
 2

Jun 10, 2024

CHALLENGE
Interdependency 3

Jun 10, 2024

 People interaction, workplace, lifestyle, business, art and culture heritage,
military/defense, intelligence, government has more dependencies to the
technology and more risk. This is the world of online society, online threat, online
attack, cyber war, competition to gain information supremacy and to take over
cyber resources
 How to prevent, protect, manage (critical) national ICT resources is necessary,
prior action to build effective preemptive are needed
 ICT most fragile/critical internetworked infrastructure, no way to stop the attack
by simply turning off the system (given situation)
The Cyber Cycle 4

Jun 10, 2024

Cyber
Space

Cyber Cyber
Law Threat

Cyber Cyber
Crime Attack

Cyber
Security
 #1 CYBER SPACE 5

“higher the value, greater the risk”

Jun 10, 2024

Internet Size 6

Jun 10, 2024

60 mi
SOCMED

$30 bi 500 mi
economy EBANK
100 mi regular
165 mi cellular
45 mi students
600 GB 10 mi
traffic gamers

60 mi
gadget
Critical System 7

Jun 10, 2024

Defense, Security, Public
Order, Emergency, Health
and Medical Services

Education, Culture,
Public Services,
Art, Creative
Control System,
Industry (IPR) and
Automation
Tourism

Banking, Finance, Capital Local and Central

Investment, Trading, SOE Government
(BUMN) Operations

Transportation, IT, Natural Resources, Power

Broadcasting and and Energy, Water and
Telecommunication Sanitation
 #2 CYBER THREAT 8

“exploitation of vulnerability”

Jun 10, 2024

Vulnerability 9

Jun 10, 2024

Natural Disaster Social Unrest
(earthquake, flood) (riot, chaos, war)

THREAT

Lack of System Human Weakness

(policy, procedures) (social engineering)
National Interest 10

Jun 10, 2024

 ‘National Interest’ is a key concept in International Relations. All the nations are
always engaged in the process of fulfilling or securing the goals of their national
interests. It is a universally accepted right of each state to secure its national
interests. A state always tries to justify its actions on the basis of its national
interest. The behavior of a state is always conditioned and governed by its
national interests
 National Interests can as defined as the claims, objectives, goals, demands and
interests which a nation always tries to preserve, and protect, defend and secure in
relations with other nations. Including by all means resources within its territory,
jurisdiction, and Internet
 In describing the national interests that nations seek to secure a two-fold
classification is generally made: vital and non vital components
Vector of Threat 11

Jun 10, 2024

KINETIC
APT
CORE INET
SOCENG
COUNTERFEI
INSIDER
T

CONTROL MILITARY
CRITICAL RESOURCES
National
Interest
 #3 CYBER ATTACK 12

“to take over the resources”

Jun 10, 2024

Types and Techniques 13

Jun 10, 2024

HIJACKING

Malicious
INTERRUPTION MODIFICATION
Codes, etc.

FABRICATION
Recent Incident 14

Jun 10, 2024

EDU
GOV NET
NET

EBIZ

MOST
VULNERABLE
Cost and Damage 15

Jun 10, 2024

 Computer and network (services) down
 Higher maintenance (re-install, re-configuration)
 Mitigation cost (data recovery, hardening)
 Opportunity lost (business interruption)
 Market and customer dissatisfaction
 Brand damage (tampering corporate image)
 Possible lawsuit or license revocation
 #4 CYBER SECURIY 16

“protecting information assets”

Jun 10, 2024

Risk Management 17

Jun 10, 2024

VULNERABILI
TY
will expose
THREATS ASSETS
exploiting affected to
increase increase
RIS
K
CONTROLS reduce decrease VALUES
to protect impacted to
against organization
SECURITY
should met by
ISMS ISO 27001 18

Jun 10, 2024

Identification
Define Work

Improvement Risk Analysis

Resilience Management

PDCA

Perform Work Control and

Optimization Protection
Apply Standards 19

Jun 10, 2024

Policies
Comp. Org.

Business HR
Continuity Security

Incident
Asset Mgt.
Mgt.
Confidentiality
Integrity
Availability
Supplier Access
Relation Control

ACQN
Develop Crypto
Maintain
Physical
Comm.
Ops. Security
Security
#5 CYBER CRIME 20

“when reality bites”

Jun 10, 2024

Scope of Crimes 21

Jun 10, 2024

Illegal
Access

Illegal UU ITE IPR

Material 11/2008 Privacy

Data
Forgery
The Actors 22

Jun 10, 2024

Thrill Seekers (Vandalism, Hacktivism)

Organized Crime (Infrastructure, Ecosystem)

Terrorist Group (Ideology, Mercenary)

Nation State (Black Ops., Sponsors)

Professionals (Illegal Business, Buyers)

Insider (Job) Threat 23

Jun 10, 2024

• Sophistication/targeted attack • Trojans and backdoor

• Personal information stealing • Unsecure programming

• Account hijacking and fraud crime • Counterfeit equipment

• Lack of awareness, user behavior • Data/information misuse

• Caused by data over exposure • Level of access policy breach

• Social engineering techniques • Physical security perimeter breach

• Phishing, malicious code as tools • Inappropriate disposal procedures

• Human, the weakest security link • Weak NDA and retirement program
Latest Trends 24

Jun 10, 2024

 Sophistication (individual, skilled, targeted)
 Online banking fraud (phishing, MITM): still!
 Tax evasion, money laundering, corruption
 Underground economy, transnational crime (organized, cross border, distributed,
multi stage, political issues involved, global action, targeted attack, state
sponsored)
 Crimes that not exist yet (not regulated yet), online (cyber), financial (money),
integrated (any kind related), more politics
 #6 CYBER LAW 25

“bring justice into the future”

Jun 10, 2024

Existing Law’s 26

Jun 10, 2024

 Budapest Convention
 UU ITE NO 11/2008
 UU KIP NO 14/2008
 UU PORNOGRAFI NO 44/2008
 UU PERLINDUNGAN ANAK NO 23/2002
 KUHP, RUU, RPP, others proposals
 Content Regulation and Filtering
 The TALLIN Manual (proposal)
Challenges 27

Jun 10, 2024

 Size of the problems and complexity
 Mutual legal assistance within counterparts
 Ensuring judicial (court) systems compliance
 Rapid exploitation on advanced technology
 Beware of the power of money and politics
 Investigation issues: cross jurisdictions, different search, seizing data and
evidence procedures, limited time (investigation, prosecution), human rights and
privacy safeguarding (OECD), limited cyber law
Political Will 28

Jun 10, 2024

 Multijurisdictional Special Task Force
 Sophistication of skills and capability
 Improved communications and technology
 Intelligence and information sharing
 Multilateral Treaty and Convention
 International collaboration focal point
 Adequate fund and resources support
Collaboration 29

Jun 10, 2024

 Ratification of UN convention (UNODC)
 Technical assistance by related experts
 Training of criminal justice practitioners
 Information sharing among parties involved
 Periodic organized crimes trends assessment
 Sustainable special witness protection program
 Cross border control surveillance and patrol
Proposed National Body 30

Jun 10, 2024

 Manage National Cyber Security framework and standard to assure, evaluate
periodically critical information security deployment
 Manage national secure data center and DRC capability, provide secure
emergency channel and resources to establish and maintain critical infrastructure
for public services during the hard events
 Maintain “preparedness” at national level through cyber exercises, periodic drill
test and coordination simulation (critical scenario)
CYBER ESPIONAGE 31

Jun 10, 2024

Intelligence Area 32

Jun 10, 2024

trade secrets, ICT, military
oil and gas, coal, mining, rain
technology, clean energy and
forest, bio diversity, plantation
medical
NATURAL ECONOMY

POLITICS MILITARY
targeted data, cyber terrorism, counterintelligence, weaponry
intrusion, propaganda, counter including bio technology and
espionage, insurgence, any chemical, command and control
popular sentiment system
Situation Awareness 33

Jun 10, 2024

MONITORING DECISION ACTION
Past, Present Analysis Optimization
Construct Projection Goals, Result
Perception Options Feedback
News Feeding 34

Jun 10, 2024

Attack Visibility 35

Jun 10, 2024

Meta Data Surveillance 36

Jun 10, 2024

Meta Data Surveillance 37

Jun 10, 2024

Detection System 38

Jun 10, 2024

INTRANET
UTM, IDPS
SIEM, BIG
DATA
EXTRANET
CEWAS

ISMS, SOP
AUDIT
BCP, DRP
Deep WEB : Ghost NET 39

Jun 10, 2024

WEB
SURFACE

SHADOW
CNC

CRIME UNDER
PROVIDER GROUND
ECOSYSTEM ECONOMY
CYBER WARFARE 40

Jun 10, 2024

Electronic Warfare 41

Jun 10, 2024

 An attack to the electromagnetic spectrum: military command and control,
telecommunication systems, radio frequency transmission jamming, satellite and
sensors/radar/sonar surveillance hijacking and directed energy: lasers, EMP
attack, less lethal weaponry (sonic, thermal) and exotic nanotech exploitation
The Cyber War 42

Jun 10, 2024

 An attack with politically motivated and or nation-state sponsored with
intelligence style operation or an insurgence involving and or targeting computer
system, networks, especially IP based (internet) to infiltrate, disrupt and or
causing damage, sabotage/neutralize existing services and or critical systems
including its content
 TALLIN Manual: large scale (massive) coordinated attack, impact to national
interest i.e. disrupt civil services and military operations
Asymmetric Warfare 43

Jun 10, 2024

 ICT offenses to prevail/take over, dominate, control targeted resources to gain
supremacy, build propaganda (public opinion, international perception, creating
massive polemic), provocation: public disorder (demonstration, riot, sectarian
violence/strife)
 Political issues causing uncontrolled widespread cyber warfare involving many
partisan group of interest as a PROXY based on mutual (common) interest; that
could be very difficult to identify who they really are and how to detect their
presence
Invincible Strategy 44

Jun 10, 2024

 NOT an open direct attack. Silent, anonymous, random, distributed, undercover,
untraceable and continuously using widespread any unrelated resources,
internetworked, cross borders and beyond any jurisdictions. There is only one
rule: NO RULES!
 Complete covert action, nobody’s know the real enemy and who is attacking
who. Using complex strategy involving many different parties, amateur,
professionals, military and civilians, organization
Attacker’s Perspective 45

Jun 10, 2024

 Everybody and everything is the TARGET
 Individual computer experts ("hackers”)
 Political issues, ICT supremacy, just for fun
 Intelligence agencies including cyber spy
 Criminals, cyber mafia, underground economy
 Businesses rivalry, trade secrets stealing
 Disgruntled employees, retired personnel
 Other parties that may seek other flaws to breach the information
CYBER DEFENSE 46

Jun 10, 2024

Defense Area 47

Jun 10, 2024

Cyber Cyber
Crime Espionage

Cyber Cyber
War Terrorism
Strengthen The Assets 48

Jun 10, 2024

 Professional certified human resources
 Skill improvement (training, drill, practices)
 Continuous research and development
 Updated data and base of knowledge
 Log management and correlation analysis
 Periodic security assessment and audit (CIA)
Establish Strategy 49

Jun 10, 2024

 Using any common technology and application – easy to use not easy to break,
practical and it is cheap but reliable
 Rely on human resource: discipline, procedures and logic
 Instantly leverage the lack of secure private infrastructure and it’s adequate
quality of services with affordable cost
 Expanding collaboration with any other related potential local trusted agency,
expert, academia, community etc.
 Focus on cyber priority target, capacity building, monitor and surveillance to
detect/prevent possible threat/attack
 New structure needed: national cyber intelligence service
Offensive Capability 50

Jun 10, 2024

 Series of capability to launch massive tabletop targeted counter attack
 Set of scenario to exercise cyber deterrence and prepare battlefield
 Faster is better. Cyber war moves faster than any other type of warfare
 Focus on escalatory control, crisis instability and to collateral damage
 Civilians high impact preparation, it could harm public critical systems
 Attribution, extremely difficult to track down who is really the cause of the
attack. Unsuspecting countries and or parties can be used as a launching point for
other countries attacks and they can easily and accidentally involved into the war.
Strong offense/defense needed
Focus: Context 51

Jun 10, 2024

 Every year, China recruit more than +3000 IT post graduate students, security
professionals and voluntary hackers group. Now estimated +100,000 personnel of
Cyber Army are in services
 China and Russia has the largest underground economy i.e. “The Russian
Company” and most powerful Ghost Net
 Vietnam has established 1,000 Cyber Army in the year 2011
 Malaysia has prepared scenarios (drill) and resources for the “Cyber Storm” since
2005. The Cyber Security Malaysia has +300 expert in many areas: cryptography,
digital forensic etc.
 South Korea and Japan are the most targeted economy in Asia Pacific that are
regularly experiencing massive cyber attack
Focus: Infrastructure 52

Jun 10, 2024

 Singapore has the largest multiple fiber optic backbone that is connecting Asia
Pacific rim and Australia to Europe, known as the most concentrated exchange
networks + data centers that host most regional strategic content and retain its
traffic. Which means they have the most cyber espionage capability in the region
and Indonesia is the most dependent with 90% of traffic flows
 Japan has more +500 secure and solid infrastructure of global scale data centers
with DRC that are proven by numerous catastrophic event including natural and
nuclear disaster. Which means they have the most sophisticated cyber resilience in
the region
Focus: Deterrent 53

Jun 10, 2024

 Korea has the highest cyber content density, best broadband services and top of
the world cyber penetration. Which means they have the most cyber deterrence
in the region
 China has the largest independent network with incomparable internet users and
business scale. Which means nobody could control China. They have the most
significant cyber enforcement with any kind of measures (power) including
cyber military
 Russia has the largest underground network, cyber crime providers, black market,
mercenaries. Which means they have unlimited resources to promote any kind
of cyber chaos
Focus: Power Game 54

Jun 10, 2024

 Ideology is no longer perceived as major threat. The main reason now is to make
more money, winning competition, to dominate others and control as much as
cyber resources on the net
 China and Russia has the most leading, sophisticated, very well organized attack
activity aimed for information espionage, piracy, fraud, business data information
leakage, identity theft, around the globe – mostly targeting US ICT resources
(technology etc.) and hosting the largest underground economy: billions $/year
Focus: Resilience 55

Jun 10, 2024

Failed to Achieved
Competitiveness
Lack of
Competency
Lost of Dignity and Confidence

WE LOST
Weaker Ability
of Independency
Low Level of
Deterrence
Cannot Assure
Safety and Recovery
Conclusions 56

Jun 10, 2024

 Global cyber subjection will be determined with the power of knowledge, new
invention of technology or innovation, cyber resources domination and common
interest: MONEY
 NATIONAL INITIATIVES 57

“an additional conceptual track”

Jun 10, 2024

The Framework 58

Jun 10, 2024

Global Policy and
Coop. Strategy

Emergency Operation
Readiness Framework

Compliance Capacity
Enforcement Building
Research
Develop.
Proposed Structure 59

Jun 10, 2024

President
(Chief)

National Cyber National Cyber

Security Council Intelligence (?)

Defense MCIT LEA Sectors

(Command) (Detecting) (Crime) (Mitigate)
NCSC Role 60

Jun 10, 2024

NCSC Chief
(President)

NCSIRT/CC CIIP BODY NCSC LEA DEFENSE

[COC] [COC] [COC] [COC] [COC]

2.
1. 3.
Blue Print
CEWAS Framework Evaluation Military
Road Map
Policy, SOP Pre/Post Audit
Strategy
Sector Security 61

Jun 10, 2024

COC Services 62

Jun 10, 2024

• EWS (Early Warning System),
EWS Surveillance and Monitoring

• ISMS (Information Security

TC ISMS Management Services)
Cyber
Operation • ASF (Analysis Support Facility)
Center
• CCC (Command Control Center)
RND ASF
• RND (Research N Development)
CCC
• TC (Training Center)
Key: Collaboration 63

Jun 10, 2024

Cross
Coordinated Jurisdiction
Attack

Limited
Rapid Changes
Resources

Inter Dependency
CYBER DEFENSE 64

Jun 10, 2024

Structure 65

Jun 10, 2024

Secretary
Of Defense

★★★ ★★★ ★★★

Cyber Defense Military HQ Intelligence Agency
Operation Center Cyber Command SANNEG, BAIS, BIN
Common Roles 66

Jun 10, 2024

 “It is not our mission to defend the entire nation. Cyber Command is to defend
the Defense Department networks (only). If we are tasked to defend those
(public) networks, then we’d have to put in place the capabilities to do that.”
 “DOD start a pilot program offering the military’s cyber security tools to ISP’s for
use in detecting and stopping attacks on their networks.”
 “in the event of major crisis, ensuring the protection of civil liberties, and
navigating rules of war in situations where, unlike in traditional warfare, attackers
can launch attacks from computers located in neutral 3rd countries or route
attacks through American-owned computers here in the United States.”
 “would have the authority to use offensive cyber weapons against military
command and control network, real weaponry, power grids, transportation,
telecoms network, and enemies financial institutions.”
Military 2nd Command 67

Jun 10, 2024

★★
General Chief
2nd Command

★
Secretariat and
Resource Center

★ ★ ★
Deputy Deputy Deputy
Operation RND Intelligence
Military Concern 68

Jun 10, 2024

 Preserve secrecy and integrity of military storage and transmission
 Prevent any illegal intercepted by an unauthorized party
 Personnel has to guard their privacy protect themselves
 95% military and intelligence communications pass through private network
carriers (e.g., phone and VSAT company)
 Private speech may be broadcast locally by a mobile or cellular phone or
transmitted digitally over a public network that can be tapped in numerous
locations
 Databases full of confidential data reside in computers that can be accessed,
infiltrated illegally, disrupted by other computers through public networks; and so
on
Thank You! 69

Jun 10, 2024

ID-SIRTII/CC
 RAVINDO Tower 17th Floor
 KEBON SIRIH RAYA 75
 Central Jakarta, 10340
 Phone +62 21 3192 5551 ; Fax +62 21 3193 5556
 [email protected] ; www.idsirtii.or.id