Pembentukan Ekosistem Local Government Information Sharing and Analysis Center (LocalGov-ISAC) dengan Toolkit ENISA ISAC in a Box pada Sektor Pemerintah Daerah Indonesia

Authors

  • Fandi Aditya Putra Badan Siber dan Sandi Negara

DOI:

https://doi.org/10.56706/ik.v16i3.58

Keywords:

ekosistem, ISAC in a Box, LocalGov-ISAC, Pemerintah Daerah.

Abstract

Information and Analysis Center (ISAC) merupakan best practice yang dapat diterapkan untuk membantu organisasi dalam mengatasi dampak serangan siber, salah satunya yaitu pada layanan sistem pemerintahan berbasis elektronik sektor Pemerintah Daerah di Indonesia. Penelitian ini mengusulkan pembentukan ekosistem Local Government Information Sharing and Analysis Center (LocalGov-ISAC) di Indonesia dengan memanfaatkan toolkit ENISA ISAC in a Box. Hasil penelitian ini yaitu kondisi sektor Pemerintah Daerah di Indonesia masih belum menerapkan analisis dan berbagi informasi keamanan siber. Pembentukan LocalGov-ISAC mengikuti tahap ENISA ISAC in a Box dengan menghasilkan 5 sasaran dan tujuan pembentukan LocalGov-ISAC,  ruang lingkup sebanyak 6 program kegiatan, keanggotaan LocalGov-ISAC di Indonesia, tata kelola LocalGov-ISAC di Indonesia, metode pertukaran informasi, dan pembiayaan LocalGov-ISAC. Pengembangan ekosistem LocalGov-ISAC di Indonesia yang dihasilkan melibatkan klasifikasi informasi serta sifat informasi dari informasi yang dipertukarkan antar entitas di dalamnya.

References

A. Zrahia, "Threat intelligence sharing between cybersecurity vendors: Network, dyadic, and agent views," Journal of Cybersecurity, vol. 4, pp. 1-16, 2018, doi: 10.1093/cybsec/tyy008.

I. Vakilinia and S. Sengupta, "Fair and private rewarding in a coalitional game of cybersecurity information sharing," IET Information Security, vol. 13, pp. 530-540, 2019, doi: 10.1049/iet-ifs.2018.5079.

S. C. Dewanti, "Urgensi Sistem Keamanan Siber Pemerintah," Kajian Singkat Terhadap Isu Aktual dan Strategis Bidang Politik Dalam Negeri, vol. XIII, no. 16, pp. 25-30, 2021.

(2016). Critical Infrastructure Threat Information Sharing Framework - A Reference Guide to the Critical Infrastructure Community.

J. Hautamäki and T. Kokkonen, "Model for Cyber Security Information Sharing in Healthcare Sector," in Proc. of the 2nd International Conference on Electrical, Communication and Computer Engineering (ICECCE), Istanbul, Turkey, 2020: IEEE.

E. M. Sedenberg and D. K. Mulligan, "Public Health as a Model for Cybersecurity Information Sharing," JSTOR, vol. 30, no. University of California, Berkeley, School of Law, 2015.

Y. Zhang, S. Deng, Y. Zhang, and J. Kong, "Research on Government Information Sharing Model Using Blockchain Technology," in 10th International Conference on Information Technology in Medicine and Education (ITME), Qingdao, China, 2019: IEEE, pp. 726-729, doi: 10.1109/ITME.2019.00166.

C. Sillaber, C. Sauerwein, A. Mussmann, and R. Breu, "Towards a Maturity Model for Inter-Organizational Cyber Threat Intelligence Sharing: A Case Study of Stakeholders' Expectations and Willingness to Share," in MKWI 2018, Lüneburg, 2018: Leuphana Universität Lüneburg, pp. 1409-1420.

T. Takahashi, Y. Kadobayashi, and K. Nakao, "Toward global cybersecurity collaboration: Cybersecurity operation activity model," in Proceedings of ITU Kaleidoscope 2011: The Fully Networked Human? - Innovations for Future Networks and Services (K-2011), Cape Town, South Africa, 2011: IEEE, pp. 1-8.

D.-J. van Veen, R. S. Kudesia, and H. R. Heinimann, "An Agent-Based Model of Collective Decision-Making: How Information Sharing Strategies Scale With Information Overload," IEEE Transactions on Computational Social Systems, vol. 7, no. 3, pp. 751-767, 2020, doi: 10.1109/tcss.2020.2986161.

L. Zhang, Y. Cui, and Y. Mu, "Improving Security and Privacy Attribute Based Data Sharing in Cloud Computing," IEEE Systems Journal, vol. 14, pp. 387-397, 2020, doi: 10.1109/JSYST.2019.2911391.

J. M. de Fuentes, L. González-Manzano, J. Tapiador, and P. Peris-Lopez, "PRACIS: Privacy-preserving and aggregatable cybersecurity information sharing," computers & security, vol. 69, pp. 127-141, 2017.

Z. Yang, W. Wang, Y. Huang, and X. Li, "Privacy-preserving public auditing scheme for data confidentiality and accountability in cloud storage," Chinese Journal of Electronics, vol. 28, pp. 179-187, 2019, doi: 10.1049/cje.2018.02.017.

Y. Ming and W. Shi, "Efficient Privacy-Preserving Certificateless Provable Data Possession Scheme for Cloud Storage," IEEE Access, vol. 7, pp. 122091-122105, 2019, doi: 10.1109/ACCESS.2019.2938528.

W. Shen, J. Qin, J. Yu, R. Hao, and J. Hu, "Enabling Identity-Based Integrity Auditing and Data Sharing with Sensitive Information Hiding for Secure Cloud Storage," IEEE Transactions on Information Forensics and Security, vol. 14, pp. 331-346, 2018, doi: 10.1109/TIFS.2018.2850312.

I. Vakilinia, D. K. Tosh, and S. Sengupta, "Attribute based sharing in cybersecurity information exchange framework," presented at the 2017 International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS), Seattle, WA, 2017.

J. Shen, T. Zhou, D. He, Y. Zhang, X. Sun, and Y. Xiang, "Block Design-Based Key Agreement for Group Data Sharing in Cloud Computing," IEEE Transactions on Dependable and Secure Computing, vol. 16, pp. 996-1010, 2019, doi: 10.1109/TDSC.2017.2725953.

N. Wang, Y. Cai, J. Fu, and X. Chen, "Information privacy protection based on verifiable (t, n)-Threshold multi-secret sharing scheme," IEEE Access, vol. 8, pp. 20799-20804, 2020, doi: 10.1109/ACCESS.2020.2968728.

CISECURITY, MS-ISAC Multi-State Information Sharing & Analysis Center Service Guide. 2018.

L. Nevill, Cyber Information Sharing: Lessons for Australia. ASPI International Cyber Policy Centre (ICPC), 2017.

ENISA, Cyber Security Information Sharing: An Overview of Regulatory and Non-regulatory Approaches. European Union Agency For Network And Information Security (ENISA), 2015.

Undang-Undang Nomor 23 Tahun 2014 tentang Pemerintahan Daerah, 2014.

Peraturan Pemerintah Nomor 18 Tahun 2016 tentang Perangkat Daerah.

Peraturan Badan Siber dan Sandi Negara Nomor 4 Tahun 2021 tentang Pedoman Manajemen Keamanan Informasi Sistem Pemerintahan Berbasis Elektronik dan Standar Teknis dan Prosedur Keamanan Sistem Pemerintahan Berbasis Elektronik, 2021.

Peraturan Presiden Nomor 95 Tahun 2018 Tentang Sistem Pemerintahan Berbasis Elektronik.

ENISA, Information Sharing and Analysis Centres (ISACs) Cooperative models. 2018.

(Report No. DOT HS 812 076). (2014). Assessment of the Information Sharing and Analysis Center Model.

C. O. U. Kingdom, Public Summary of Sector Security and Resilience Plans. London: Civil Contingencies Secretariat, 2017.

E. U. A. f. C. (ENISA). "ISAC in a Box." https://www.enisa.europa.eu/topics/national-cyber-security-strategies/information-sharing/isacs-toolkit/view# (accessed April 5, 2022).

Downloads

Submitted

01-09-2022

Accepted

25-10-2022

Published

05-12-2022

Issue

Section

Articles