E

arlier this year Communications and Information Minister Rudiantara announced that the government would soon create the National Cyber Agency (NCA). Rudiantara indicated that the agency would be distinct from an existing cyber protection unit under the ministry, the Indonesia Security Incident Response Team on Internet Infrastructure (ID-SIRTII).

If the response team only functions as the public surveillance (and sensor) for Internet content, the NCA will be in charge of consolidating the cyber-safeguard for critical infrastructure, from energy to public transportation. As he stated, this formation is prompted by the need for a stronger institution that '€œnot only focuses on military defense, but also resilience in all public utilities'€. In terms of military defense itself, Indonesia already has the Cyber Operations Center within the Defense Ministry.

The inception of the NCA represents the government'€™s move to include cyber-protection on the national security agenda. It is one step further forward than the idea of a '€œcyber army'€ conveyed by Purnomo Yusgiantoro, the former defense minister, or as suggested by former communications minister Tifatul Sembiring, '€œto include cybersecurity under the National Police'€. Those two suggestions frame cybersecurity only in the dimension of defense and law enforcement.

The public is still uninformed about basic fraud schemes like phishing.

As a civilian agency conducting an integrated safeguard against rising cyber-threats in all public sectors, it is vital for the NCA to touch on the immediate interests of the general public.

Citizens rarely seem to be at the center of cybersecurity policies. The ministry'€™s directorate of information security has reported that a high number of Internet users in Indonesia were victims of cybercrime. It was reported in 2013 that most cyber-threats in Indonesia were related to web defacements and economically motivated scams, rather than politically motivated cyber-attacks. The independent Internet content watchdog DNS Nawala Nusantara revealed at least 100 new online scam websites every day.

Addressing vulnerabilities faced by users and specific technical difficulties is not usually a major concern in developing cybersecurity. For most users in Indonesia, cybersecurity seems to involve sophisticated issues exclusive to IT experts due to the vague, abstract jargon.

The public is still uninformed about basic fraud schemes like phishing or basic threats like spam and malware, let alone more cutting-edge hacking methods like keylogging or proxy hijacking. In tackling these challenges, building hardening networks or utilizing the hi-tech protection software will not be adequate. Public awareness is equally important as public involvement in cyber-risk management could be the key element to an effective cybersecurity strategy.

It would be a good idea for the NCA to proliferate the cybersecurity issue with a bottom-up approach, rather than imposing it from above. The objective is not only to familiarize people with cyber-security issues, but to foster a security attitude in the utilization of the Internet.

The concept of a '€œcyber-security mindset'€ introduced by William Dutton, the coprincipal of the Global Cyber Security Capacity Centre at the University of Oxford, could be fortified as the rationale in developing a cyber-security policy. '€œAs a mindset, the need for security would be unquestioned or not continually revisited. It would be seen not as an optional burden, but as a cost of doing business. For the users, it would not be an ad hoc criterion of choice, but a routine and learned as an almost instinctual response set,'€ Dutton wrote last year.

The idea represents an important shift to a more user-oriented approach to cybersecurity practices. Cybersecurity is internalized as a norm that is part and parcel of the use of Internet. The code of conduct in the safe use of the Internet should be made widely familiar to users. Easy actions like authenticating identity in a network, surfing the Internet safely, being alerted to spam, or equipping the device with an updated antimalware program might just be a simple form of protection. Still, many users are ignorant about its importance to prevent and reduce the risk of cyber-hazards.

A secured cyber-realm for civil society also means ensuring that cybersecurity is consistent with the rights that are essential to free and democratic societies. It is also a challenge to maintain security while preserving the openness of the Internet. In this matter, the NCA could work collaboratively with, if not oversee, the above response team as the Internet watchdog. Cybersecurity does not necessarily amount to excessive control or extensive surveillance.

The Internet now is not only significant for defense, but also essential in supporting economic activities and optimizing social development. With the public interest in economic and social sectors at the center, the notion of cybersecurity needs to be broadened. The NCA could then invite public and private sectors (such as academics, industries, bloggers, associations, Internet service providers, etc.) to establish closer interaction and cooperation. It would enable the creation of a comprehensive Internet policy that encompassed various aspects '€” including economic, social, educational, law-enforcement, diplomatic, military and intelligence-related aspects.

The NCA should emerge as the locomotive at the front line in building cybersecurity for Indonesia'€™s civil society. With this authority, let'€™s hope that its orientation leads to an open, comprehensive and democratic policy for the Indonesian cyber-realm.