- We are located in Asia, Jakarta - Indonesia Western Time that is UTC +07:00.
- No daylight saving time. UTC is considered similar to GMT.
- Indonesia time format is HH:MM:SS in 24 hours notation – without AM/PM.
Time reference host:
- server 0.id.pool.ntp.org
- server 1.id.pool.ntp.org
- server 2.id.pool.ntp.org
- server 3.id.pool.ntp.org
- Please send incident related reports to incident [at] csirt.id
- Non-incident related mail should be addressed to info [at] csirt.id
Encrypted communications should use this – and only this – operational key.
All PGP keys (including the keys of individual team members) can be found at:
- Mr. Rudi Lumanto, Ph.D, as Chairman of CSIRT.ID
- Mr. Muhammad Salahuddien, as Deputy of Operation
- Mr. Dr. Bisyron Wahyudi, as Deputy of CIP and Resilience
- Mr. Iwan Sumantri, as Deputy of Research and Development
- Mr. Dr. Muhammad Salman, as Deputy of Interagency Collaboration
A preferred method to contact CSIRT.ID is through e-mail. For incident reports and related issues, please directly use incident [at] csirt.id. This procedure will create a ticket number in our tracking system and will alert officer on duty.
For general inquiries please send e-mail to info [at] csirt.id
If it is not possible to use e-mail – or advisable due to security reasons, you can contact or reach us through fixed-line – telephone and facsimile at +62 21 7918 6199.
CSIRT.ID`s operation is generally restricted to regular business hours:
- From 8:00 a.m. to 5:00 p.m. that is UTC +07:00
- Asia, Jakarta – Indonesia Western Time
- Monday through Friday, excluding National Holiday.
Note that: we will response ONLY DURING THESE HOURS.
We did not provide IVR (Interactive Voice Response) System and no recording for any communication by phone, and staffs are only available during office hours. So, please consider time differences between your area and ours, thus eliminating the possibility of a wasted call.
Otherwise, please use email and or our online incident reporting form (for members).
CSIRT.ID is a non-government initiative and independent cybersecurity incident response team association was formed by professionals, expert, and academia to assist communities and private sector in Indonesia to proactively contributing and strengthening national cybersecurity and resilience.
CSIRT.ID constituencies are:
- ICT Community, which is IT-security teams, professionals, and academia.
- Local CSIRT’s in Indonesia, especially the private sectors and non-government.
- Internet Core Infrastructure owners, which are Network Access Provider (NAP), Internet Service Provider (ISP), Internet Exchange and Data Center Operator (LEO), others Critical Infrastructure operators related to Cyber Security resilience.
For awareness purposes, pro-active educational material will be provided to the constituencies, and the general public as well.
CSIRT.ID founders: see 2.9 and former ID-SIRTII/CC members and staff.
CSIRT.ID co-founders are not mentioned directly due to some exceptions and restrictions reason. Including individual experts, academia, other Non-Government Agencies.
CSIRT.ID is not registered in any regional organization or initiatives membership yet, and no sponsors and affiliations available as at present time.
CSIRT.ID is an independent organization. Which means, it is fully funded by private donors and membership. We did not perform any kind of government function and services, particularly or in general.
Our accountability and responsibility are to the constituencies.
CSIRT.ID`s main purpose is to help coordination amongst local incident response initiatives to handle any kind of incidents at constituency level based on terms and conditions within NDA. This includes communication with counterparts and initiates collaboration as needed. In such, we only advise constituencies to take immediate action. WE DO NOT MITIGATE AND REMEDIATE directly since we do not have direct authority to its network and so on.
We did not have any authority over internet infrastructure yet.
CSIRT.ID is authorized to address any kind of cybersecurity incidents, which occur or threaten our constituency (see section 3.2 Constituency) and its cyber strategic interest, in which required cross-organizational coordination, especially amongst members at constituency level. We will impose any precaution action needed and committed to keeping our constituency informed to any potential vulnerability.
The level of support given by CSIRT.ID will vary depending on the type and severity of the incident or issues that occurred, type of constituent, size of user or community affected, and the availability of CSIRT.ID`s resources. Special attention will be given to an event that is directly affecting members and constituency's critical infrastructure.
Please note that NO DIRECT SUPPORT WILL BE GIVEN TO END USERS. They are expected to contact their local CSIRT or security team (if any), or system administrator, network administrator and department head for assistance.
CSIRT.ID cooperates with other organizations in the field of cybersecurity resilience and Internet infrastructure. Those engagements often require data or information exchange regarding incidents and issues. Nevertheless CSIRT.ID committed to protect the privacy of its constituency and therefore (under normal circumstances) only pass on limited and anonymized information to other parties, unless some contractual agreements apply, for example, Non-Disclosure Agreement (NDA).
We operate under restrictions imposed by applicable Indonesian law regarding information classifications and protection. This involves handling procedures of personal data as required by the Indonesian Data Protection law, but it is may be forced to disclose such information due to LEA investigation or by court`s order.
For usual communication, not containing sensitive information, CSIRT.ID will use conventional methods like unencrypted e-mail or facsimile.
For secure communication, PGP-Encrypted e-mail or telephone/fax will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing peers of trust (e.g. FIRST, APCERT, OIC-CERT, others recognized CERT/CSIRT teams) or by other methods like a callback, mail-back or even face-to-face meeting if necessary.
We response the incidents through (online) public reporting procedures, which are:
- Determining whether an incident and the reporter are authentic.
- Assessment related information and prioritizing the incident.
- Determine any involved organizations and gather related information.
- Contact the person in charge to investigate and take appropriate action.
- Facilitate contact with other parties that can help to resolve the incident.
- Send reports to other related CERT’s, parties, or LEA if it is needed.
- Advise security teams involved within constituencies to take appropriate actions.
- Follow up progress, ask for reports, report back, and escalated to a higher authority.
- CSIRT.ID assists the security team within constituencies in technical and management aspects of incidents as needed. Particularly, we provide assistance or advice upon request. Technically we do not directly engage in any kind of mitigation and remediation process.
- CSIRT.ID collect incidents statistics form its constituency periodically, based on NDA.
- Conducting cybersecurity research and development and collaboration program through various activities: e.g. Digital Forensic, Malware Analysis, Network Security, Data Mining, Honey Net, etc.
- Providing security-related information, alert and advisory to general public based on related incident reports, actual monitoring events, and research analysis results.
- Providing advisories, consultancy, clinic, technical assistance to strategic institutions and agencies (upon request or as mandated by regulation).
- Conducting Threat Visibility and Information Sharing Center for constituencies – to detect and prevent major disruption.
- Conducting Coordination Center (CC) only at the constituency level. Liaison provided as a Single Point of Contact temporarily for constituencies if needed (upon request).
- Organized socialization program and other related events to raise public awaren ess and to the constituencies, related parties. Including providing cybersecurity training, seminars, and cyber competition regularly.
If possible, please make use of our Incident Reporting Form.
The current version is available from https://csirt.id/incidents/
While every precaution will be taken in the preparation of (those) information, alerts, and notifications, CSIRT.ID assumes will not take any responsibility for errors, omissions, or damages resulting from the use of the information contained within.
This information should be solely used only as mentioned.