Id-SIRTII/CC RFC 2350
1. Document Information
This document contains a description of Id-SIRTII/CC according to RFC 2350. It provides basic information about the Id-SIRTII/CC, the ways it can be contacted, describes its responsibilities and the services offered.
1.1 Date of Last Update
This is version 0.20 as of 01/07/2022. Indonesia date format is DD/MM/YYYY.
1.2 Distribution List for Notifications
There is no distribution list for notifications as of 01/07/2022.
1.3 Locations where this Document May Be Found
The current version of this document can always be found at:
- http://idsirtii.or.id/halaman/tentang/rfc-2350.html
For validation purpose, GPG signed ASCII version of this document is located at:
- http://idsirtii.or.id/halaman/tentang/pgp-public-key.html
The key used for signing is the Id-SIRTII/CC key as listed under section 2.8. Public Keys and Encryption Information.
2. Contact Information
2.1 Name of the Team
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure / Coordination Center.
2.2 Address
Id-SIRTII/CC – BSSN
Jalan Harsono RM No. 70 Ragunan
Jakarta Selatan, 12550
Indonesia
2.3 Time Zone
We are located in Asia, Jakarta - Indonesia Western Time that is GMT+07:00. No daylight saving time. GMT are consider similar with UTC. Indonesia time format are HH:MM:SS in 24 hours notation – without AM/PM.
2.4 Telephone Number
Telp. +62 21 7883 3610
2.5 Facsimile Number
Fax. +62 21 7884 4104
2.6 Other Telecommunication
Twitter: https://twitter.com/id_sirtii
2.7 Electronic Mail Address
Please send incident related reports to incident[at]idsirtii.or.id
Non-incident related mail should be addressed to info[at]idsirtii.or.id
2.8 Public Keys and Encryption Information
Id-SIRTII/CC uses a signing key for operational purpose. Please encrypt any sensitive e-mail with the Id-SIRTII/CC PGP public key and send to info@idsirtii.or.id.
This trust anchor is:
Bits: 4096
Key ID: A25718A5
Fingerprint: D074 F751 FF8D 9669 9EDF C809 F197 D18F A257 18A5
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
mQINBGA00BcBEADNcN8vhm68TgCn0qJYX6F9z4642hM8xfdEYsoxJ1iqQnetqocEgGuz2XHs
sqWOk3KEMfYhqfHBzZjIg6N0FNC+3QEuJayyoyhoYL+5T9SEsBIpO1H6zVcM/tAwIvtVtiJm
QoHNtJCwhMV78xPF8he7ZeKIO98X4j9cULlHtDi35s7cmppMSfA8nplZwRe1ICiuTOFiEWWP
ghZJgj6mXU1ocLblTtjsptFcOCfe9SGYIDt5bgssrGY3vIXTWyFNW4fCOuln3TPKuCVJL/8q
Xo8YTjNX/tzWFMSADTnA355Vb3gMx/h8iu70DPwN2cmsvh+EKXm5cZRf+R5Yj+phnlr6Iwil
m/BV94SlqED4/XOwOOekTmMmPL7ixsSZJqajs5ajIqmph+ik35/VgNvrh+GHkFmD3WaRoJqp
OI4HR2pfgYsq7sqduX0lng/UYl5czOsaGoWA75hwxLxQk6wIYF7OSLY7ca+RG9vqFghnhPM8
ySaQHjOpAiz0tuOBTtQn9i2XH2/4BKqfcc9svMi/BZzmkNseVJHurRsVpfR5UyN4neg8G08m
83Delda4l/hrAokx43VobdkWtzDRjlfrZ2E49z3PrJVON77LhGVmBABYCaWwmOAqu3co5cXN
QViZHYDca+AUorb3wlq0Erq6n4u8DOiLGUyND8NtCIBdvQ4cEwARAQABtBNpbmZvQGlkc2ly
dGlpLm9yLmlkiQI1BBABCAApBQJgNNAZBgsJCAcDAgkQ8ZfRj6JXGKUEFQgCCgMWAgECGQEC
GwMCHgEAALGlD/43AtuXrGb+opP/8voUS+wsv0mN/Xfo/RM2HYdgWbpBTS924xuGCHNtlutG
XDR+gWrP1VPPZRI7N07VvwpeRG0ukOk/EdosUwDQ3BnSBmiMMpPQxWD2sHVjK92G8iau39c+
mGpH2R97DlxKx/SZucB3IJ7XxAYSVw2bRMr1USf4bQyRr65GmDsfChkua+bEbZEAYFcxynan
x5zihGLRVUn3fs8u0mfmKRbXpv9VdfcgVaaa3JbS7USIB98n8U4jTRtJngaYdPq3A+ylqPBc
xI2yRvYX5qNqAdjrt220JBFcqwE2xuspFhlqEidIx3G4ZCULnWZwaGHxZ14AuYpUTsgnPzc3
ZVUZ4F7k6UmVolWDCh5qk7mn7QIOrgjBzEznbj7qaQ11hyyqNKzN05kRKcnAuE/HJHX1PHT1
quBHYKO9Kdg9JyeEBqrdWvpq91sUs4mPGFf6zXsvU0UIgueuYbm8P5vS9kFV0p/giAAEfZqI
CTEUQf2t29H9hlBSyXii5uXEzU6bZXuR5Fd89ZB3nuDBP+JRjsQhP6CMrrnbiO3c6Y5ZjViV
vQK0NRpi27Hd+P3z+dDB5RTYMgGVMcN0zZ3HL5GkCVIJn9WDhtFIrD/IubBNhqxmgjFmpH4L
IP3vudFoa7vX6SXFbFC8gfALfaAlR52GH5B5GosKaEdP2KEZz7kCDQRgNNAXARAA2oLsOsKs
aTCwsh8iDozlS3cNv+5/qxiYppLxr0v3UyEYTvT5qJ6t800hhz05YjT1nSlY9S7Mdac/AU8E
TEZnK107n99CkGr0pnEBDMMKPRwh9WnIXPLnHer4Xm9TVBif4YXlR/7Nrd9u++MluAyMv8O+
Jwt3xUWGb4kYaoF3X25GFxd0k2xz5Tk4AhJC5O29cD1jGrTdG7MpK4G+dRTKEm5l0/dcpKvC
YpHZYUaDFn+cVnLPnTETzkJWsUTANT2TX0GAL9RdktL1uFubaUuuNCqZjIpuwMg0cn/0oXBx
auNw7wtjlXJZUAPcbi5Cy9skbDt2LLdzkEdoJdxIx/JxdYxymATrXZg/9WA2YcrxkF/YXsja
FE5uOXgFtFgbww8pRis7I8Rd5KphpKh1Vy/3vRfpB15lXF6mPK2ZQP6WV95fTaMGxb4eEqGy
LbKcpD8jXTXOPP/v27aKrTmkJQ7c8ZAxoRHhNhf9JgWawsyON9g3ICON1isAmo6TArdbaCOQ
bEnyOrT387g0Al9lzuJa3l0juvPhPk/DlcJGzhvNcRv+VdC7OdsPc/zeim36bvgwnx56uli0
+LbvPJG6aEnDBvucRBzHMqeDCnzh7QcnXiij74GKIbjh/GVlap9mo4kph3ifauEaO6SqciVX
TJC2UBwn8b0lcN8+PuWw1JpfEKEAEQEAAYkCHwQYAQgAEwUCYDTQHQkQ8ZfRj6JXGKUCGwwA
AMzyD/wJ3aap6Qvd9LG08e41C4FDwfBZCWTodkC5g/TuAe3fdyK3nORSl28bl62I5sO1L1/E
T9DXFwT76MVhwwQSW1REFNbQhHu7Ge5DmxJdPc3ktBQRcaX/CN/495gM7zxdBMibG28xkrfn
K8Q12J4Om1Yr/bc0KO6IbG88bu4AarF/vvW4GWBPMRgp3wmFiRixCgHuSD41kFiCsFAZ1zV0
8dZvPM2MqqxcB75Med7PnRn2VtgQN24iyo0zVRiM/TDGPvfzwlnEooA/dzMvU9Y92SFPAVuv
Qa1983erPAay2YYCnpR/k6jMQHeQbF4ny0WX5ypyVd+/dM45FGOG1ppOM9Lk/znQCMqRX4r/
n784OQ8r5cIBL76OiZWyBneI/7rlAVmuRQTKtzU9dA65T1/Ne9woF2ItNTdSiF0f68curDiC
GgOoCeWWYmYM0ybWuKjLjIf4Z/cAVsPydyZeYpgNEKkVTvUrRw6II8EqMSEofbDT5L8YWahL
5zdlun4L8A4gpEKZLK0dicHc/ONnaO1TdIyqbHYrzEDQadcXhbpVWGKkqUc7Kqw7O5S36Bx7
K4hfDTJMKuV8pg+eLG+nnqfYZQvl1n53hwKxKJmk+tjqpi+vxMVlPxLneYpZUcrsEzcyezIU
FGRDu1EYvD2M0zWkFZ10LFR1rOsTRqbI1tBVGnX/Fw==
=dF++
-----END PGP PUBLIC KEY BLOCK-----
2.9 Team Members
Taufik Nurhidayat, as Liaison Officer and Acting Official Chair of Id-SIRTII/CC.
2.10 Other Information
Further information about Id-SIRTII/CC can be found at: https://www.idsirtii.or.id
2.11 Points of Customer Contact
Preferred method to contact Id-SIRTII/CC is through e-mail. For incident reports and related issues, please directly use incident[at]idsirtii.or.id. This procedure will create a ticket number in our tracking system and will alert officer on duty.
For general inquiries please send e-mail to info[at]idsirtii.or.id
If it is not possible – or advisable due to security reasons – to use e-mail, you can contact or reach us through fixed line – telephone at +62 21 7883 3610.
ID-SIRTII/CC`s operation are generally restricted to regular business hours:
From 8:00 a.m. to 5:00 p.m. that is GMT +07:00
Asia, Jakarta – Indonesia Western Time
Monday through Friday, excluding National Holiday.
Note that: we will response ONLY DURING THESE HOURS.
Our phones are connected to IVR (Interactive Voice Response) System that will record any communication, but officers and staffs are only available during office hours. So, please consider time differences between your area and ours, thus eliminating the possibility of a wasted call.
Otherwise, please use email and or our online incident reporting form.
3. Charter
3.1 Organizational Information
Id-SIRTII/CC is under the National Security Operation Center (NSOC), which is a part of the National Cyber & Crypto Agency (NCCA), in Indonesian called as Badan Siber dan Sandi Negara (BSSN). This is regulated in Presidential Regulation of the Republic of Indonesia Number 53 of 2017 concerning National Cyber and Crypto Agency, which is amended in Presidential Regulation of the Republic of Indonesia Number 133 of 2017 concerning Amendments to Presidential Regulation Number 53 of 2017 concerning National Cyber and Crypto Agency, and the latest amendment to Presidential Regulation Number 28 of 2021 concerning National Cyber and Crypto Agency.
3.2 Mission Statement
The main purpose of Id-SIRTII/CC is as The National CSIRT/CC of Indonesia, to coordinate security efforts and incident response for government level, Critical Infrastructure, digital economy and IT-security problems at national level in Indonesia.
3.3 Constituency
Id-SIRTII/CC constituencies are:
3.4 Sponsors and/or Affiliation
Id-SIRTII/CC founders:
Co-founders are not mention directly due some exception and restriction reason. Including individual expert, academia, others Government Agencies and NGO’s.
Members of FIRST, National CSIRT Forum, APCERT and OICCERT.
Id-SIRTII/CC is a quasi government organization. Which means, it is fully funded only by The Government of Republic of Indonesia.
Our accountability and responsibility is to the constituencies.
3.5 Authority
Id-SIRTII/CC`s main purpose is to coordinate others initiatives to handle any kind of incidents at national level. This includes communication with counterparts and initiate collaboration as needed. In such, we advise local or sector CSIRT’s or our constituencies to take immediate action. WE DO NOT MITIGATE AND REMEDIATE directly since we do not have direct authority to our constituencies, its network and so on.
We have indirect authority over AS38775. Contact to APNIC are through IDNIC.
4. Policies
4.1 Types of Incidents and Level of Support
Id-SIRTII/CC is authorized to address any kind of cyber security incidents, which occur or threaten our constituency (see section 3.2 Constituency) and its cyber strategic interest, in which required cross-organizational coordination, especially at national level. We will impose any precaution action needed and committed to keep our constituency informed to any potential vulnerability.
The level of support given by Id-SIRTII/CC will vary depending on the type and severity of the incident or issue, type of constituent, size of user or community affected, and Id-SIRTII/CC`s resources in place. Special attention will be given to the issues that are directly affecting to critical infrastructure.
Please note that NO DIRECT SUPPORT WILL BE GIVEN TO END USERS. They are expected to contact their local CSIRT (if any), or system administrator, network administrator and department head for assistance.
4.2 Co-operations, Interaction and Disclosure of Information
Id-SIRTII/CC will cooperate with other organizations in the field of cyber security and Internet infrastructure. Those engagements often require data or information exchange regarding to incident and issue. Nevertheless Id-SIRTII/CC committed to protect privacy of its constituency and therefore (under normal circumstances) only pass on limited and anonymized information to others party, unless some contractual agreements apply, for example Non Disclosure Agreement (NDA).
We operate under restrictions imposed by applicable Indonesian law regarding to information classifications and protection. This involves handling procedures of personal data as required by Indonesian Data Protection law, but it is may be forced to disclose such information due to LEA investigation or by court`s order.
4.3 Communications and Authentication
For usual communication, not containing sensitive information, Id-SIRTII/CC will use conventional methods like unencrypted e-mail or facsimile.
For secure communication PGP-Encrypted e-mail or telephone/fax will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing peers of trust (e.g. FIRST, APCERT) or by other methods like callback, mail-back or even face-to-face meeting if necessary.
5. Services
5.1 Incident Response
We response the incidents through (online) public reporting procedures, which are:
5.1.1. Incident Triage
5.1.2. Incident Coordination
5.1.3. Incident Resolution
5.2 Proactive Activities
6. Incident Reporting Forms
If possible, please make use of our Incident Reporting Form.
Current version is available from http://idsirtii.or.id/halaman/tentang/kontak-kami.html
7. Disclaimers
While every precaution will be taken in the preparation of (those) information, alerts and notifications, Id-SIRTII/CC assumes will not take any responsibility for errors, omissions or damages resulting from the use of the information contained within.
This information should be solely used only as mentioned.