Several nations in Asia are on the cusp of a digital transformation, pushing for new infrastructure and technology advancements to boost their economic capabilities. Alongside these positive developments lies the real and present need to protect the output and assets that result from digitization from ever-evolving threats.
Indonesia’s digital space is vastly different from that of the world’s digital superpowers. Indonesia is a net information exporter with information highways pointing west, carrying the data of millions of residents. Indonesia also has one of the highest number of internet users globally, with over 80 million active users accessing online services across multiple devices.
With little-to-no control over the hardware used by Indonesian “netizens”, as well as the information that is carried through them, Indonesia’s national security architecture is susceptible to multiple kinds of digital intrusions, from espionage, cybercrime, cyber-attacks and even cyber warfare.
A national cyber security agency is the first line of defense, protecting a country’s interests and businesses by protecting the personal data of customers and employees — a focus for lawmakers around the world. Having an effective cyber security strategy requires a balance of individual rights. It is a challenging equilibrium to achieve, between the interests of public safety and national security.
The first step would be for officials to set an agenda and outline a robust national cyber security strategy. Secondly, the government needs to define the roles and responsibilities within the newly introduced national cyber security agency; assessing just how much risk a nation can afford and determine what the residual risk is by not taking on certain cyber-related responsibilities.
The government needs to establish and drive the national standards for cyber security. The new agency needs to establish standards for protecting and communicating cyber threats across the national landscape — whilst ensuring that these standards don’t block or slow good data that impedes commerce.
It needs to be housed with highly skilled staff that are technically proficient in cyber operations, both reactive and proactive. If Indonesia’s cyberspace has built-in vulnerabilities, it also has a highly skilled IT workforce, which should be harnessed by the government for strategic use.
It needs to establish roles and responsibilities for critical infrastructure providers, regulators and law enforcement, military and intelligence, and the private industry. With a framework in place, it needs to coordinate with national service providers and provide technical guidance.
There needs to be national cyber security situational awareness amongst the military, law enforcement, intelligence, internal security, private and critical sectors — a coalition of sorts.
A good example of a government driven agency would be Singapore’s Cyber Security Agency (CSA) — a national agency that is part of the prime minister’s office, overseeing cyber security strategy, operations, education, outreach and ecosystem development across the government, industry and public.
Singapore’s CSA has absorbed talents from various government agencies, as well as private industry. It is also active in ecosystem development to purposefully nurture and embed cyber resiliency into the economy, so that Singapore remains a safe and secure place to live and do business with.
Besides holding multi-sector cyber simulation exercises and sector specific cyber war-games amongst competing companies that normally would not come together in increase the national resiliency and preparedness, the CSA is also spearheading one of the world’s first cyber security bill (draft). The bill will legislate a framework for pro-active oversight over 11 key sectors that are designated as Critical Information Infrastructures (CIIs) in response to the potential that sophisticated cyber-attacks may cause disruption or cripple Singapore’s economy.
Cyber security is a shared responsibility, and greater collaboration internally between government and private sector companies is needed to share information, best practices, as well as potential threats. Banks, airports, hospitals, small-to-medium businesses, even utilities services, all need to be protected from cyber-attacks.
Regulation alone is not enough. There is an opportunity here for an agency to protect, educate and train, so that the public and businesses are better able to protect themselves in this new digital world. The explosion of new technologies has made this world more interconnected with individuals and businesses becoming entirely reliant on them before ensuring their security. As a result, Indonesia needs to be a safe place for companies operating in the country, entering the country, and those shifting focus overseas. A national cyber security agency, once established, needs to track, learn and innovate in a safe way.
Future attacks are imminent with the even greater use of cyber-space. Recent incidents across Indonesia and the rest of Asia have proved it and this trend will only grow. Cyber security is not only a determinant of stability, but it also provides a key pillar for prosperity, stability and economic development.
This is the reason why cyber security must be treated not only as a necessity, but also as a strategic action and an opportunity.
The writer is vice president at Booz Allen Hamilton Singapore and president director PT BAHI, Indonesia.
Disclaimer: The opinions expressed in this article are those of the author and do not reflect the official stance of The Jakarta Post.