Tata Kelola Ekosistem Berbagi Informasi Keamanan Siber pada Information Sharing and Analysis Center (ISAC) Sektor Pemerintah Daerah di Indonesia

Authors

  • Fandi Aditya Putra Badan Siber dan Sandi Negara

DOI:

https://doi.org/10.56706/ik.v16i1.39

Keywords:

berbagi informasi keamanan siber, ekosistem, ISAC, Pemerintah Daerah, tata kelola

Abstract

Infrastruktur sejenis yang diterapkan oleh instansi Pemerintah Daerah menyebabkan serangan siber yang terjadi terus berulang di masa depan. Berbagi informasi keamanan siber antar instansi pemerintah di Pemerintah Daerah bermanfaat dalam proteksi keamanan siber pada masing-masing instansi Pemerintah Daerah. Tata kelola berbagi informasi keamanan siber melalui ISAC di sektor Pemerintah Daerah belum menjadi fokus penelitian sebelumnya. Pada penelitian ini, tata kelola berbagi informasi keamanan siber pada ISAC sektor Pemerintah Daerah dianalisis berdasarkan NIST Cybersecurity Framework dan MITRE Building a National Cyber Information-Sharing Ecosystem. Hasilnya, terdapat 5 (lima) area tata kelola berbagi informasi keamanan siber, yaitu kebutuhan ISAC seperti model ekosistem dan klasifikasi informasi, entitas, jaringan informasi, teknologi, serta program kolaborasi dan koordinasi. Penelitian ini menunjukkan bahwa model yang dapat diterapkan merupakan model hybrid dengan kombinasi tiga model, empat klasifikasi informasi, empat peran entitas, lima spesifikasi keamanan privasi, serta delapan program kolaborasi dan koordinasi berbagi informasi keamanan siber pada ISAC sektor Pemerintah Daerah. Manfaat dari penelitian ini yaitu memberikan ruang lingkup fundamental terhadap implementasi ekosistem berbagi informasi keamanan siber pada sektor Pemerintah Daerah dalam rangka strategi penanganan risiko keamanan siber.

References

Z. Aviram, "Threat intelligence sharing between cybersecurity vendors: Network, dyadic, and agent views," Journal of Cybersecurity, vol. 4, no. 1, pp. 1-8, 2018.

I. Vakilinia and S. Sengupta, "Fair and private rewarding in a coalitional game of cybersecurity information sharing," IET Information Security, vol. 13, no. 6, pp. 530-540, 2019, doi: 10.1049/iet-ifs.2018.5079.

L. Nevill, Cyber Information Sharing: Lessons for Australia. ASPI International Cyber Policy Centre (ICPC), 2017.

T. D. Wagner, K. Mahbub, E. Palomar, and A. E. Abdallah, "Cyber threat intelligence sharing: Survey and research directions," Computers & Security, vol. 87, 2019, doi: 10.1016/j.cose.2019.101589.

B. Guo, X. Deng, J. Tian, Q. Guan, and X. Zheng, "A Secure Incentive Mechanism for Competitive Organization Data Sharing: A Contract Theoretic Approach," IEEE Access, vol. 7, pp. 60067-60078, 2019, doi: 10.1109/ACCESS.2019.2915387.

A. Mermoud, M. M. Keupp, K. Huguenin, M. Palmie, and D. P. David, "To share or not to share: A behavioral perspective on human participation in security information sharing," Journal of Cybersecurity, vol. 5, no. 1, pp. 1-13, 2019, doi: 10.1093/cybsec/tyz006.

S. C. Dewanti, "Urgensi Sistem Keamanan Siber Pemerintah," Kajian Singkat Terhadap Isu Aktual dan Strategis Bidang Politik Dalam Negeri, vol. XIII, no. 16, pp. 25-30, 2021.

J. Hautamäki and T. Kokkonen, "Model for Cyber Security Information Sharing in Healthcare Sector," in Proc. of the 2nd International Conference on Electrical, Communication and Computer Engineering (ICECCE), Istanbul, Turkey, 2020: IEEE.

E. M. Sedenberg and D. K. Mulligan, "Public Health as a Model for Cybersecurity Information Sharing," JSTOR, vol. 30, no. University of California, Berkeley, School of Law, 2015.

Y. Zhang, S. Deng, Y. Zhang, and J. Kong, "Research on Government Information Sharing Model Using Blockchain Technology," in 10th International Conference on Information Technology in Medicine and Education (ITME), Qingdao, China, 2019: IEEE, pp. 726-729, doi: 10.1109/ITME.2019.00166.

C. Sillaber, C. Sauerwein, A. Mussmann, and R. Breu, "Towards a Maturity Model for Inter-Organizational Cyber Threat Intelligence Sharing: A Case Study of Stakeholders' Expectations and Willingness to Share," in MKWI 2018, Lüneburg, 2018: Leuphana Universität Lüneburg, pp. 1409-1420.

T. Takahashi, Y. Kadobayashi, and K. Nakao, "Toward global cybersecurity collaboration: Cybersecurity operation activity model," in Proceedings of ITU Kaleidoscope 2011: The Fully Networked Human? - Innovations for Future Networks and Services (K-2011), Cape Town, South Africa, 2011: IEEE, pp. 1-8.

D.-J. van Veen, R. S. Kudesia, and H. R. Heinimann, "An Agent-Based Model of Collective Decision-Making: How Information Sharing Strategies Scale With Information Overload," IEEE Transactions on Computational Social Systems, vol. 7, no. 3, pp. 751-767, 2020, doi: 10.1109/tcss.2020.2986161.

K. Yan, W. Shen, Q. Jin, and H. Lu, "Emerging Privacy Issues and Solutions in Cyber-Enabled Sharing Services: From Multiple Perspectives," IEEE Access, vol. 7, pp. 26031-26059, 2019, doi: 10.1109/access.2019.2894344.

L. Zhang, Y. Cui, and YiMu, "Improving Security and Privacy Attribute Based Data Sharing in Cloud Computing," IEEE System Journal, vol. 14, no. 1, pp. 387-397, 2020.

J. M. de Fuentes, L. González-Manzano, J. Tapiador, and P. Peris-Lopez, "PRACIS: Privacy-preserving and aggregatable cybersecurity information sharing," Computers & Security, vol. 69, pp. 127-141, 2017, doi: 10.1016/j.cose.2016.12.011.

A. Zibak and A. Simpson, "Towards Better Understanding of Cyber Security Information Sharing," presented at the 2019 International Conference on Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), Oxford, UK, 2019.

A. Deljoo, T. van Engers, R. Koning, L. Gommans, and C. de Laat, "Towards Trustworthy Information Sharing by Creating Cyber Security Alliances," presented at the 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018.

(2017). ENISA Information Sharing and Analysis Center -ISACs- Cooperative models.

T. C. f. I. S. (CIS), MS-ISAC Multi-State Information Sharing & Analysis Center Service Guide. 2018.

L. W. II, M. Tsuchiya, and R. Repko, "Improving Cybersecurity Cooperation between the Governments of the United States and Japan," SASAKAWA USA, 2020.

ENISA, Cyber Security Information Sharing: An Overview of Regulatory and Non-regulatory Approaches. European Union Agency For Network And Information Security (ENISA), 2015.

S. Yusif and A. Hafeez-Baig, "A Conceptual Model for Cybersecurity Governance," Journal of Applied Security Research, vol. 16, no. 4, pp. 490-513, 2021, doi: https://doi.org/10.1080/19361610.2021.1918995.

(2018). Framework for Improving Critical Infrastructure Cybersecurity Version 1.1.

B. J. Bakis and E. D. Wang, Building a National Cyber Information-Sharing Ecosystem: MITRE, 2017.

MITRE, Cyber Information-Sharing Models: An Overview: MITRE, 2012.

E. M. Sedenberg and J. X. Dempsey, "Cybersecurity Information Sharing Governance Structures: An Ecosystem of Diversity, Trust, and Tradeoffs," arXiv Journal, no. Cornell University, pp. 1-27, 2018.

Downloads

Submitted

23-03-2022

Accepted

13-05-2022

Published

23-05-2022

Issue

Section

Articles