This document contains a description of CSIRT.ID according to RFC 2350. It provides basic information about the CSIRT.ID, the ways it can be contacted, describes its responsibilities and the services offered.
1.1 Date of Last Update
This is version 0.1 as of 01/06/2020. Indonesia date format is DD/MM/YYYY.
1.2 Distribution List for Notifications
There is no distribution list for notifications as of 01/06/2020.
1.3 Locations where this Document May Be Found
The current version of this document can always be found at:
https://csirt.id/about-us/rfc-2350/

2.1 Name of the Team
CSIRT.ID – Cyber Security Independent Resilience Team of Indonesia.
2.2 Postal Address
CSIRT.ID – Cyber Security Independent Resilience Team of Indonesia.
2.3 Time Zone
  • We are located in Asia, Jakarta - Indonesia Western Time that is UTC +07:00.
  • No daylight saving time. UTC is considered similar to GMT.
  • Indonesia time format is HH:MM:SS in 24 hours notation – without AM/PM.
    Time reference host:
  • server 0.id.pool.ntp.org
  • server 1.id.pool.ntp.org
  • server 2.id.pool.ntp.org
  • server 3.id.pool.ntp.org
2.4 Telephone Number
+62 21 7918 6199
2.5 Facsimile Number
+62 21 7918 6199
2.6 Other Telecommunication
Instant Messaging, Voice and Video Conferencing uses Telegram ID @CSIRTID
2.7 Electronic Mail Address
  • Please send incident related reports to incident [at] csirt.id
  • Non-incident related mail should be addressed to info [at] csirt.id
2.8 Public Keys and Encryption Information
CSIRT.ID uses this address team [at] csirt.id and signed with PGP key.
Encrypted communications should use this – and only this – operational key.
All PGP keys (including the keys of individual team members) can be found at:
https://csirt.id/about-us/signature/
2.9 Team Members
  • Mr. Rudi Lumanto, Ph.D, as Chairman of CSIRT.ID
  • Mr. Muhammad Salahuddien, as Deputy of Operation
  • Mr. Dr. Bisyron Wahyudi, as Deputy of CIP and Resilience
  • Mr. Iwan Sumantri, as Deputy of Research and Development
  • Mr. Dr. Muhammad Salman, as Deputy of Interagency Collaboration
Liaison is provided by the Department of Interagency Collaboration of CSIRT.ID.
2.10 Other Information
None.
2.11 Points of Contact

A preferred method to contact CSIRT.ID is through e-mail. For incident reports and related issues, please directly use incident [at] csirt.id. This procedure will create a ticket number in our tracking system and will alert officer on duty.

For general inquiries please send e-mail to info [at] csirt.id

If it is not possible to use e-mail – or advisable due to security reasons, you can contact or reach us through fixed-line – telephone and facsimile at +62 21 7918 6199.

CSIRT.ID`s operation is generally restricted to regular business hours:

  • From 8:00 a.m. to 5:00 p.m. that is UTC +07:00
  • Asia, Jakarta – Indonesia Western Time
  • Monday through Friday, excluding National Holiday.

Note that: we will response ONLY DURING THESE HOURS.

We did not provide IVR (Interactive Voice Response) System and no recording for any communication by phone, and staffs are only available during office hours. So, please consider time differences between your area and ours, thus eliminating the possibility of a wasted call.

Otherwise, please use email and or our online incident reporting form (for members).

3.1 Mission Statement

CSIRT.ID is a non-government initiative and independent cybersecurity incident response team association was formed by professionals, expert, and academia to assist communities and private sector in Indonesia to proactively contributing and strengthening national cybersecurity and resilience.

3.2 Constituency

CSIRT.ID constituencies are:

  • ICT Community, which is IT-security teams, professionals, and academia.
  • Local CSIRT’s in Indonesia, especially the private sectors and non-government.
  • Internet Core Infrastructure owners, which are Network Access Provider (NAP), Internet Service Provider (ISP), Internet Exchange and Data Center Operator (LEO), others Critical Infrastructure operators related to Cyber Security resilience.

For awareness purposes, pro-active educational material will be provided to the constituencies, and the general public as well.

3.3 Sponsors and/or Affiliation

CSIRT.ID founders: see 2.9 and former ID-SIRTII/CC members and staff.

CSIRT.ID co-founders are not mentioned directly due to some exceptions and restrictions reason. Including individual experts, academia, other Non-Government Agencies.

CSIRT.ID is not registered in any regional organization or initiatives membership yet, and no sponsors and affiliations available as at present time.

CSIRT.ID is an independent organization. Which means, it is fully funded by private donors and membership. We did not perform any kind of government function and services, particularly or in general.

Our accountability and responsibility are to the constituencies.

3.4 Authority

CSIRT.ID`s main purpose is to help coordination amongst local incident response initiatives to handle any kind of incidents at constituency level based on terms and conditions within NDA. This includes communication with counterparts and initiates collaboration as needed. In such, we only advise constituencies to take immediate action. WE DO NOT MITIGATE AND REMEDIATE directly since we do not have direct authority to its network and so on.

We did not have any authority over internet infrastructure yet.

4.1 Types of Incidents and Level of Support

CSIRT.ID is authorized to address any kind of cybersecurity incidents, which occur or threaten our constituency (see section 3.2 Constituency) and its cyber strategic interest, in which required cross-organizational coordination, especially amongst members at constituency level. We will impose any precaution action needed and committed to keeping our constituency informed to any potential vulnerability.

The level of support given by CSIRT.ID will vary depending on the type and severity of the incident or issues that occurred, type of constituent, size of user or community affected, and the availability of CSIRT.ID`s resources. Special attention will be given to an event that is directly affecting members and constituency's critical infrastructure.

Please note that NO DIRECT SUPPORT WILL BE GIVEN TO END USERS. They are expected to contact their local CSIRT or security team (if any), or system administrator, network administrator and department head for assistance.

4.2 Co-operations, Interaction and Disclosure of Information

CSIRT.ID cooperates with other organizations in the field of cybersecurity resilience and Internet infrastructure. Those engagements often require data or information exchange regarding incidents and issues. Nevertheless CSIRT.ID committed to protect the privacy of its constituency and therefore (under normal circumstances) only pass on limited and anonymized information to other parties, unless some contractual agreements apply, for example, Non-Disclosure Agreement (NDA).

We operate under restrictions imposed by applicable Indonesian law regarding information classifications and protection. This involves handling procedures of personal data as required by the Indonesian Data Protection law, but it is may be forced to disclose such information due to LEA investigation or by court`s order.

4.3 Communications and Authentication

For usual communication, not containing sensitive information, CSIRT.ID will use conventional methods like unencrypted e-mail or facsimile.

For secure communication, PGP-Encrypted e-mail or telephone/fax will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing peers of trust (e.g. FIRST, APCERT, OIC-CERT, others recognized CERT/CSIRT teams) or by other methods like a callback, mail-back or even face-to-face meeting if necessary.

5.1 Incident Response

We response the incidents through (online) public reporting procedures, which are:

5.1.1. Incident Triage
  • Determining whether an incident and the reporter are authentic.
  • Assessment related information and prioritizing the incident.
5.1.2. Incident Coordination
  • Determine any involved organizations and gather related information.
  • Contact the person in charge to investigate and take appropriate action.
  • Facilitate contact with other parties that can help to resolve the incident.
  • Send reports to other related CERT’s, parties, or LEA if it is needed.
5.1.3. Incident Resolution
  • Advise security teams involved within constituencies to take appropriate actions.
  • Follow up progress, ask for reports, report back, and escalated to a higher authority.
  • CSIRT.ID assists the security team within constituencies in technical and management aspects of incidents as needed. Particularly, we provide assistance or advice upon request. Technically we do not directly engage in any kind of mitigation and remediation process.
  • CSIRT.ID collect incidents statistics form its constituency periodically, based on NDA.
5.2 Proactive Activities
  • Conducting cybersecurity research and development and collaboration program through various activities: e.g. Digital Forensic, Malware Analysis, Network Security, Data Mining, Honey Net, etc.
  • Providing security-related information, alert and advisory to general public based on related incident reports, actual monitoring events, and research analysis results.
  • Providing advisories, consultancy, clinic, technical assistance to strategic institutions and agencies (upon request or as mandated by regulation).
  • Conducting Threat Visibility and Information Sharing Center for constituencies – to detect and prevent major disruption.
  • Conducting Coordination Center (CC) only at the constituency level. Liaison provided as a Single Point of Contact temporarily for constituencies if needed (upon request).
  • Organized socialization program and other related events to raise public awaren ess and to the constituencies, related parties. Including providing cybersecurity training, seminars, and cyber competition regularly.

If possible, please make use of our Incident Reporting Form.

The current version is available from https://csirt.id/incidents/

While every precaution will be taken in the preparation of (those) information, alerts, and notifications, CSIRT.ID assumes will not take any responsibility for errors, omissions, or damages resulting from the use of the information contained within.

This information should be solely used only as mentioned.