Pengembangan Financial Service Information Sharing and Analysis Center (FS-ISAC) di Indonesia dengan Pendekatan ENISA ISAC in a Box

Authors

  • Fandi Aditya Putra Badan Siber dan Sandi Negara
  • Farouq Aferudin Politeknik Siber dan Sandi Negara

DOI:

https://doi.org/10.56706/ik.v16i2.49

Abstract

Pembentukan grup Information Sharing and Anlysis Center (ISAC) menjadi salah satu best practice yang dapat dijalankan dalam menghadapi ancaman siber yang semakin masif pada berbagai sektor infrastruktur informasi vital (IIV) termasuk pada sektor perbankan dan keuangan di Indonesia. Melalui ISAC setiap organisasi dapat berbagi kapabilitas yang dimiliki untuk secara bersama-sama menciptakan cybersecurity situational awarenesss. Pada tahun 2019, Bank Indonesia telah menginisiasi pembentukan Cyber Security Sharing Platform - Sistem Pembayaran (CSSP-SP) untuk berbagi informasi keamanan siber khususnya pada industri sistem pembayaran di Indonesia. Pada tahun 2022 telah disahkan payung hukum pelindungan IIV melalui Peraturan Presiden Nomor 82 Tahun 2022 tentang Pelindungan Infrastruktur Informasi Vital. Pada penelitian ini dilakukan pengembangan Financial Services-ISAC di Indonesia melalui pendekatan ENISA ISAC in A Box dimana kami memfokuskan pada satu tahapan yaitu tahap Build. Pada tahap ini terdapat beberapa area di antaranya penentuan tujuan, ruang lingkup, keanggotaan, tata kelola, metode pertukaran informasi serta pembiayaan. Hasil penelitian ini berupa rekomendasi pengembangan penyelenggaraan ISAC sektor perbankan dan keuangan di Indonesia guna mengoptimalkan penyelenggaraan cybersecurity information sharing khususnya pada ekosistem sistem pembayaran di Indonesia.

References

B. S. d. S. N. Direktorat Operasi Keamanan Siber, "Laporan Monitoring Keamanan Siber 2021," BSSN RI, https://bssn.go.id, 2021.

(2015). Sharing Cyber Security Information - Good Practice from the Dutch Public Private Participation Approach.

J. Pöyhönen, V. Nuojua, M. Lehto, and J. Rajamäki, "Cyber Situational Awareness and Information Sharing in Critical Infrastructure Organizations," Information & Security: An International Journal, vol. 43, pp. 236-256, 01/01 2019, doi: 10.11610/isij.4318.

(2016). Critical Infrastructure Threat Information Sharing Framework - A Reference Guide to the Critical Infrastructure Community.

A. Zrahia, "Threat intelligence sharing between cybersecurity vendors: Network, dyadic, and agent views," Journal of Cybersecurity, vol. 4, pp. 1-16, 2018, doi: 10.1093/cybsec/tyy008.

I. Vakilinia and S. Sengupta, "Fair and private rewarding in a coalitional game of cybersecurity information sharing," IET Information Security, vol. 13, pp. 530-540, 2019, doi: 10.1049/iet-ifs.2018.5079.

B. Indonesia, "Blueprint Sistem Pembayaran Indonesia 2021, Bank Indonesia : Menavigasi Sistem Pembayaran Nasional di Era Digital," Bank Indonesia, Jakarta, 2019. [Online]. Available: https://www.bi.go.id/id/publikasi/kajian/Documents/Blueprint-Sistem-Pembayaran-Indonesia-2025.pdf

J. Hautamäki and T. Kokkonen, "Model for Cyber Security Information Sharing in Healthcare Sector," in Proc. of the 2nd International Conference on Electrical, Communication and Computer Engineering (ICECCE), Istanbul, Turkey, 2020: IEEE.

E. M. Sedenberg and D. K. Mulligan, "Public Health as a Model for Cybersecurity Information Sharing," JSTOR, vol. 30, no. University of California, Berkeley, School of Law, 2015.

Y. Zhang, S. Deng, Y. Zhang, and J. Kong, "Research on Government Information Sharing Model Using Blockchain Technology," in 10th International Conference on Information Technology in Medicine and Education (ITME), Qingdao, China, 2019: IEEE, pp. 726-729, doi: 10.1109/ITME.2019.00166.

C. Sillaber, C. Sauerwein, A. Mussmann, and R. Breu, "Towards a Maturity Model for Inter-Organizational Cyber Threat Intelligence Sharing: A Case Study of Stakeholders' Expectations and Willingness to Share," in MKWI 2018, Lüneburg, 2018: Leuphana Universität Lüneburg, pp. 1409-1420.

T. Takahashi, Y. Kadobayashi, and K. Nakao, "Toward global cybersecurity collaboration: Cybersecurity operation activity model," in Proceedings of ITU Kaleidoscope 2011: The Fully Networked Human? - Innovations for Future Networks and Services (K-2011), Cape Town, South Africa, 2011: IEEE, pp. 1-8.

D.-J. van Veen, R. S. Kudesia, and H. R. Heinimann, "An Agent-Based Model of Collective Decision-Making: How Information Sharing Strategies Scale With Information Overload," IEEE Transactions on Computational Social Systems, vol. 7, no. 3, pp. 751-767, 2020, doi: 10.1109/tcss.2020.2986161.

J. Shen, T. Zhou, D. He, Y. Zhang, X. Sun, and Y. Xiang, "Block Design-Based Key Agreement for Group Data Sharing in Cloud Computing," IEEE Transactions on Dependable and Secure Computing, vol. 16, pp. 996-1010, 2019, doi: 10.1109/TDSC.2017.2725953.

N. Wang, Y. Cai, J. Fu, and X. Chen, "Information privacy protection based on verifiable (t, n)-Threshold multi-secret sharing scheme," IEEE Access, vol. 8, pp. 20799-20804, 2020, doi: 10.1109/ACCESS.2020.2968728.

K. Yan, W. Shen, Q. Jin, and H. Lu, "Emerging Privacy Issues and Solutions in Cyber-Enabled Sharing Services: From Multiple Perspectives," IEEE Access, vol. 7, pp. 26031-26059, 2019, doi: 10.1109/ACCESS.2019.2894344.

L. Zhang, Y. Cui, and Y. Mu, "Improving Security and Privacy Attribute Based Data Sharing in Cloud Computing," IEEE Systems Journal, vol. 14, pp. 387-397, 2020, doi: 10.1109/JSYST.2019.2911391.

Z. Yang, W. Wang, Y. Huang, and X. Li, "Privacy-preserving public auditing scheme for data confidentiality and accountability in cloud storage," Chinese Journal of Electronics, vol. 28, pp. 179-187, 2019, doi: 10.1049/cje.2018.02.017.

J. M. de Fuentes, L. González-Manzano, J. Tapiador, and P. Peris-Lopez, "PRACIS: Privacy-preserving and aggregatable cybersecurity information sharing," computers & security, vol. 69, pp. 127-141, 2017.

Y. Ming and W. Shi, "Efficient Privacy-Preserving Certificateless Provable Data Possession Scheme for Cloud Storage," IEEE Access, vol. 7, pp. 122091-122105, 2019, doi: 10.1109/ACCESS.2019.2938528.

W. Shen, J. Qin, J. Yu, R. Hao, and J. Hu, "Enabling Identity-Based Integrity Auditing and Data Sharing with Sensitive Information Hiding for Secure Cloud Storage," IEEE Transactions on Information Forensics and Security, vol. 14, pp. 331-346, 2018, doi: 10.1109/TIFS.2018.2850312.

I. Vakilinia, D. K. Tosh, and S. Sengupta, "Attribute based sharing in cybersecurity information exchange framework," presented at the 2017 International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), Seattle, WA, 2017.

ENISA, Information Sharing and Analysis Centres (ISACs) Cooperative models. 2018.

N. A. Kollars and A. Sellers, "Trust and information sharing: ISACs and U.S. Policy," Journal of Cyber Policy, vol. 1, no. 2, 2016, doi: 10.1080/23738871.2016.1229804.

L. W. II, M. Tsuchiya, and R. Repko, "Improving Cybersecurity Cooperation between the Governments of the United States and Japan," SASAKAWA USA, 2020.

(2017). ENISA Information Sharing and Analysis Center -ISACs- Cooperative models.

E. U. A. f. C. (ENISA). "ISAC in a Box." https://www.enisa.europa.eu/topics/national-cyber-security-strategies/information-sharing/isacs-toolkit/view# (accessed April 5, 2022).

O. P. Sandy. "BI Bilang Sudah Punya Cyber Security Sharing Platform." cyberthreat.id. https://cyberthreat.id/read/11174/BI-Bilang-Sudah-Punya-Cyber-Security-Sharing-Platform (accessed 12 Juli 2022, 2022).

B. Indonesia, "Laporan Tahunan 2019 “Sinergi, Transformasi, dan Inovasi Menuju Indonesia Maju”," Bank Indonesia, Jakarta, 2019. [Online]. Available: https://www.bi.go.id/id/publikasi/laporan/Documents/LTBI_2019-ID.pdf

T. Suyudi. "Digitalisasi Jadi “Senjata” ASEAN Pulihkan Ekonomi." itworks.id. https://www.itworks.id/38465/digitalisasi-jadi-senjataasean-pulihkan-ekonomi.html (accessed 12 Juli 2022, 2022).

B. Indonesia, "Komitmen Pemulihan, Digitalisasi, dan Keberlanjutan Ekonomi ASEAN," D. Komunikasi, Ed., ed: Bank Indonesia, 2021.

Downloads

Submitted

19-07-2022

Accepted

07-09-2022

Published

30-09-2022

Issue

Vol. 16 No. 2 (2022)

Section

Articles

License

Copyright (c) 2022 Info Kripto

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.