TheJakartaPost
Please Update your browser
Your browser is out of date, and may not be compatible with our website. A list of the most popular web browsers can be found below.
Just click on the icons to get to the download page.
Cybersecurity policy responses to mitigate cyberattacks and data leaks
Cybersecurity should feature in the educational curriculum for students – digital natives – so they can practice vigilance from a young age.
Change Size
New threats: Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, uses a website that monitors global cyberattacks on his computer at his office in Dongguan, China's southern Guangdong province on Aug. 4, 2020. (AFP/Nicolas Asfouri)
News of alleged data leaks and cyberattacks have continued to make headlines in Indonesia over the past two years. Cyberattacks and data leaks have a wide-ranging impact on various sectors – from health and the digital economy to tourism. Government agencies have not been spared and are continually plagued with having to deal with cyberattacks that have been exacerbated during the long-drawn-out pandemic.
Just recently, in January 2022, the data of six million Indonesian patients was allegedly leaked after attackers targeted the Health Ministry's central computer system. Information ranging from social security data, type of lab and medical treatment, and the names of hospital employees was said to have been compromised. In the same month, there was another alleged leak of 3.5 million sets of immigration data, including foreign nationals’ passport details, from the Directorate General of Immigration, of the Law and Human Rights Ministry.
Only the cyberattackers stand to gain when a data leak occurs – at the expense of everyone else: government, institutions, the private sector, the citizens of Indonesia, and even foreigners who are resident in the country.
The National Cyber and Crypto Agency (BSSN) reported that more than 888 million cyberattacks occurred in Indonesia between January and August 2021, which is almost double the 495 million recorded throughout the whole of 2020.
Recently, Kaspersky discovered a rare and wide-ranging advanced persistent threat campaign targeting government agencies across Southeast Asia, including Indonesia's State Intelligence Agency (BIN). The threat was attributed to the HoneyMyte group, which is known to target geopolitical and economic intelligence across Asia and Africa.
The series of alleged data leaks and cyberattacks on state and private institutions in Indonesia highlights the rapidly evolving and increasingly aggressive nature of cyberattacks. To protect the government, business and the general public, we propose a combination of preventive and curative policy measures to ensure a secure digital transformation in Indonesia.
We encourage the development of the National Cyber Security Strategy and the passage of the personal data protection (PDP) bill into law. A strong legal basis is needed to strengthen cybersecurity in public and private institutions and to minimize the threat of cyberattacks and data leaks. Giving priority to this is very important, considering the significant costs incurred by cyberattacks and data leaks. The government and the House of Representatives need to reach a consensus on this matter expediently.
Cybersecurity is everyone’s problem! Everyone has a role to play in ensuring our collective cybersecurity. It is also essential to prepare the public to protect themselves against cyberthreats, for instance through national campaigns to raise cybersecurity awareness (and cyber-‘hygiene’) across the general population.
There are four primary groups such a campaign ought to target:
First, cybersecurity should feature in the educational curriculum for students – digital natives – so they can practice vigilance from a young age. This mandate should be established by law, either through the PDP bill or the National Education System Law.
Second, the general public must also be made aware of cyberthreats and how to mitigate them. This can be done through engagement with the community, events at the sub-district or provincial level, and during recess for members of the legislative body.
Third, policymakers who have the authority to pass laws and regulations and to allocate the state’s budget should be aware of the impact of cyberattacks and the need to act sooner rather than later, so we can be a step closer to making pro-cybersecurity policies a reality.
Lastly, with comprehensive and clear cybersecurity regulations, the private sector could then be encouraged to improve their baseline cybersecurity standards in their respective scopes of business.
While we can take every precaution, we must be prepared for the inevitability of cyberattacks. Response is key, and this involves raising both the capacity and capability of first responders and specialist teams. We support the government's efforts to establish Computer Security Incident Response Teams (CSIRTs) in various government agencies.
We appreciate the BSSN's steps to ensure that experts in government undergo cybersecurity training, and would encourage digital companies, which have both the bandwidth and resources, should do the same, as they tend to be custodians of valuable customer data and owners of valuable intellectual property and may therefore be prone to vicious cyberattacks.
Partnership between the government, private sector and the public is important in gaining a thorough understanding of the strengths and weaknesses in the current approach to dealing with cyberattacks, as well as to bridge any skills and resource gaps. In particular, the participation of NGOs and private companies where deep, specialized expertise may reside will help the government increase Indonesia's cyber resilience.
Closer collaboration and coordination among state institutions can also help clarify the chain of coordination and create a harmonized standard for cybersecurity across all government agencies. To support coordination among stakeholders, a well-directed and clear roadmap can be useful in setting short-term and long-term cybersecurity goals.
Cybersecurity issues are global problems that require global solutions. Cooperation at the regional level, for instance through data and intelligence sharing, can go a long way in preventing, detecting and ensuring cybersecurity. Regional and international organizations, such as ASEAN and Interpol, play a role in developing a space for cooperation in the cybersecurity sector. For instance, Interpol has a cyber capacity building program for ASEAN member states that provides a platform for countries to build relations and exchange knowledge.
***
Genie Sugene Gan is head of government affairs for Kaspersky in Asia-Pacific. Pratama Persadha is chairman of the Cybersecurity Research Institute & Communication and Information System Security Research Center (CISSReC).
