The Development of Cybersecurity Information Sharing Framework for National Critical Information Infrastructure in Indonesia

Farouq Aferudin, Kalamullah Ramli

Abstract


The increase of cyber attacks in the Critical Information Infrastructure (CII) requires every organization to collaborate through Cybersecurity Information Sharing (CIS). To support the implementation of the CIS, governance support is needed in the form of a framework that can be used as a reference. This study focuses on developing a CIS framework for the CII sector in Indonesia which consists of three main outputs, namely the proposed ecosystem, the proposed framework and the recommendations for the implementation of the framework. The proposed framework is based on standards including ISO/IEC 27032, NIST SP 800-150 and ENISA ISAC in a Box, based on best practices for implementing CIS and best practices for implementation in other countries including the United States, Australia, United Kingdom, Singapore and Canada. To validate, the expert judgment method was used to obtain suggestions for improvement. The expert judgment method was also carried out quantitatively to measure interrater reliability between experts using Fleiss Kappa Statistics. The measurement results show a kappa value of 0.938, which means that the proposed framework implementation recommendation gets an agreement from the experts at the almost perfect agreement level.


Keywords


cybersecurity information sharing; critical information infrastructure; framework; fleiss kappa statistic

Full Text:

PDF

References


(AMS), A. M. S. (2019). ASEAN Critical Information Infrastructure Protection Framework.

(CISA), C. a. I. S. A. (2022a). Critical Infrastructure Sector.

(CISA), C. a. I. S. A. (2022b). Information Sharing Vital Resource.

(ENISA), E. U. A. f. C. (2022). ISAC in a Box. Retrieved from https://www.enisa.europa.eu/topics/national-cyber-security-strategies/information-sharing/isacs-toolkit/view#

(NCSC), T. N. C. S. C. (2018). Cybersecurity information Sharing Partnership (CiSP) Terms and Condition V5.0.

(NCSC), T. N. C. S. C. (2021). Annual Review 2021 : Making the UK the safest place to live and work online. Retrieved from

(NCSC), T. N. C. S. C. (2022). CNI Hub. Retrieved from https://www.ncsc.gov.uk/section/private-sector-cni/cni

(NSCS), T. N. C. S. C. (2022). CISP - Cyber Security Information Sharing Partnership. Retrieved from https://www.ncsc.gov.uk/section/keep-up-to-date/cisp

Agency, C. a. I. (2022). About CISA. Retrieved from https://www.cisa.gov/about-cisa

Australia, C. o. (2009). Australian Cyber Security Strategy.

Brennan, R. L., & Prediger, D. J. (1981). Coefficient Kappa: Some Uses, Misuses, and Alternatives. Educational and Psychological Measurement, 41, 687 - 699.

Canada, P. S. (2022). Information Sharing for National Security. Retrieved from https://www.publicsafety.gc.ca/cnt/ntnl-scrt/cntr-trrrsm/shrng-ns-nfrmtn-en.aspx

CIIP Guidelines Ver. 3.0. (2016).

Commerce, U. S. D. o. (2016). NIST Special Publication 800-150 Guide to Cyber Threat Information Sharing. In.

Critical Infrastructure Threat Information Sharing Framework - A Reference Guide to the Critical Infrastructure Community. (2016).

Cybersecurity, C. C. o. (2021). Industri Collaboration. Retrieved from https://cyber.gc.ca/en/industry-collaboration

Departement of Home Affairs, A. G. (2021). Protecting Critical Infrastructure Systems. Retrieved from https://www.homeaffairs.gov.au/reports-and-publications/submissions-and-discussion-papers/protecting-critical-infrastructure-systems

Departement of Homeland Security, U. S. (2018). United States Cybersecurity Strategy.

Direktorat Operasi Keamanan Siber, B. S. d. S. N. (2021). Laporan Monitoring Keamanan Siber 2021. Retrieved from https://bssn.go.id:

Exchange, C. C. T. (2022). About CCTX : Canada’s Only Cyber Threat Collaborations Forum and Source of Cyber Threat Intelligence. Retrieved from https://cctx.ca/about-cctx/

Federation, G. R. (2021). A Year In Review - OT ISAC. Retrieved from

Fernández Vázquez, D., Acosta, O., Brown, S., Reid, E., & Spirito, C. (2012). Conceptual framework for cyber defense information sharing within trust relationships.

Ghernaouti, S., Cellier, L., & Wanner, B. (2019, 23-25 Oct. 2019). Information sharing in cybersecurity : Enhancing security, trust and privacy by capacity building. Paper presented at the 2019 3rd Cyber Security in Networking Conference (CSNet).

Government, A. (2020). The Australian Government’s Critical Infrastructure Resilience Strategy: Plan.

Infrastructure, C. f. t. P. o. N. (2021). Critical National Infrastructure. Retrieved from https://www.cpni.gov.uk/critical-national-infrastructure-0

Kolini, F., & Janczewski, L. (2021). Exploring Incentives and Challenges for Cybersecurity Intelligence Sharing (CIS) across Organizations: A Systematic Review. Communications of the Association for Information Systems, 50. doi:10.17705/1CAIS.05004

Kominfo, H. (2018). Perkuat Pertahanan Siber, Kominfo Bentuk CIIP ICT Sector. Retrieved from https://www.kominfo.go.id/content/detail/14509/perkuat-pertahanan-siber-kominfo-bentuk-ciip-ict-sector/0/berita_satker

Landis, J. R., & Koch, G. G. (1977). An application of hierarchical kappa-type statistics in the assessment of majority agreement among multiple observers. Biometrics, 33(2), 363-374. doi:10.2307/2529786

Lewis, R., Louvieris, P., Abbott, P., Clewley, N., & Jones, K. (2014). Cybersecurity information sharing: A framework for information security management in UK SME supply chains. ECIS 2014 Proceedings - 22nd European Conference on Information Systems.

Luijijf, E., & Kernkamp, A. (2015). Sharing Cyber Security Information - Good Practice from the Dutch Public Private Participation Approach. Clobal Conference on Cyber Space

McHugh, M. L. (2012). Interrater reliability: the kappa statistic. Biochemia Medica, 22, 276 - 282.

MITRE. (2017). Building a National Cyber Information Sharing Ecosystem. In.

Nevill, L. (2017). Cyber Information Sharing : Lesson For Australia. Retrieved from

Office, U. C. (2022). National Cyber Strategy 2022 : Pioneering a cyber future with the whole of the UK. UK Cabinet Office

Osmani, O. Critical Information Infrastructure Protection (CIIP) - ITU Perspective.

Pöyhönen, J., Nuojua, V., Lehto, M., & Rajamäki, J. (2019). Cyber Situational Awareness and Information Sharing in Critical Infrastructure Organizations. Information & Security: An International Journal, 43, 236-256. doi:10.11610/isij.4318

Right, H. M. Q. i. (2009). Canada National Strategy for Critical Infrastructure.

Schatz, D., Bashroush, R., & Wall, J. (2017). Towards a More Representative Definition of Cyber Security. Journal of Digital Forensics, Security and Law, 12, 53. doi:10.15394/jdfsl.2017.1476

Shah, M. M., et al. (2020). The Development Impact of PT. Medco E & P Malaka on Economic Aspects in East Aceh Regency. Budapest International Research and Critics Institute-Journal (BIRCI-Journal) Volume 3, No 1, Page: 276-286.

Singapore, C. S. A. o. (2020). Singapore Cyber Landscape 2020. Retrieved from

Singapore, G. o. (2022). CSA Singapore : Our Organization. Retrieved from https://www.csa.gov.sg/Who-We-Are/Our-Organisation

Standarization, I. O. f. (2012). ISO/IEC 27032:2012 - Information Technology - Security Technique - Guidelines for Cybersecurity. In. Switzeerland: ISO

Sugiyono. (2015). Metode Penelitian Pendidikan : Pendekatan Kuantitatif, Kualitatif, Dan R&D. Jakarta: Panerbit Alfabeta.

Union, I. T. (2020). Global Cybersecurity Index 2020. ITU Publication

Yang, Y., Ji, G., Yang, Z., & Xue, S. (2019, 14-17 July 2019). Incentive Contract for Cybersecurity Information Sharing Considering Monitoring Signals. Paper presented at the 2019 International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).




DOI: https://doi.org/10.33258/birci.v5i3.6297

Article Metrics

Abstract view : 75 times
PDF - 34 times

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

 

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.