In recent years, Indonesia's critical infrastructure systems have been targeted by a wide range of cyberthreats that usually aim to gain control of and deny access to critical systems, or to encrypt, delete or steal important data in the systems. These attacks can cause financial losses to the country's economy and disrupt essential services.

From 2017 to 2018, massive ransomware attacks hit many hospitals in Indonesia, rendering patients’ data inaccessible when needed. In 2022, a hacker with the pseudonym Bjorka claimed that it had gained the personal data of millions of Indonesian citizens from various electronic systems. Recently, the customer data of Bank Syariah Indonesia (BSI), the largest Sharia bank in Indonesia, was stolen in May 2023 through cyberattacks conducted by the so-called LockBit group.

Critical infrastructure systems are vulnerable to a wide range of cyberthreats due to their complexity and interconnectedness. Among the most common vulnerabilities are outdated software and weakly secured network ports, which can create security gaps that hackers can exploit. Another common vulnerability is human error, such as employees falling for phishing scams or using weak passwords.

Moreover, many critical infrastructure systems are connected to the internet, making them accessible to attackers from anywhere in the world. These vulnerabilities highlight the growing need for a robust multilayered cybersecurity strategy to protect Indonesia's critical infrastructure.

A multilayered cybersecurity strategy is crucial for protecting critical infrastructure systems from cyberthreats, reducing weak links in the systems and mitigating the impacts of such attacks. This approach involves implementing multiple layers of security measures to detect, prevent and mitigate the impacts of different types of attacks that target each layer of a cybersystem.

For example, network security measures such as firewalls and intrusion-detection systems can prevent unauthorized access to critical systems. Effective monitoring and incident-response protocols can detect and respond to attacks in real time, minimizing the damage caused. Imposing robust encryption on sensitive and valuable data and information in the system can prevent hackers from understanding and utilizing its content for their benefits.

A multilayered cybersecurity strategy should include several key components to be effective. First, it should involve regular security assessments and risk management to identify vulnerabilities and prioritize security efforts.

Second, it should include robust network security measures in the physical and logical components of the network, such as putting physical access controls in place, closing unused network ports, frequently updating security patches on the software and applications and installing intrusion-detection systems in the network.

Third, it should include effective monitoring and incident-response protocols to detect and respond to cyberthreats in real time and recover from the impacts as soon as possible. Fourth, it should also have stringent protection measures in place for important and sensitive data and information that are stored, processed and exchanged in the system.

Fifth, it should involve regular employee awareness campaigns, education and training to prevent human error and educate employees on cybersecurity best practices. Sixth, there should be sound legal bases and operational standards in place that promote stringent measures on cybersecurity and high inter-stakeholder collaboration, both at national and international levels in dealing with cyberthreats that target high-stake critical infrastructure.

As technology continues to evolve, the cybersecurity landscape for critical infrastructure systems will continue to develop. One emerging trend is the use of artificial intelligence and machine learning to detect and respond to cyberthreats in real time.

Additionally, the rise of the Internet of Things (IoT) will create new vulnerabilities that stem from the more complex interconnectedness of systems and devices. There will be a growing need for collaboration and information sharing among government agencies, critical infrastructure operators and other stakeholders at national and international levels to effectively combat cyberthreats.

Implementing a multilayered cybersecurity strategy can be challenging, particularly for critical infrastructure operators who may lack the necessary resources and expertise. Resistance to cybersecurity practice improvement may also come from employees or stakeholders who are accustomed to traditional security practices or who lack cybersecurity awareness.

Finally, coordinating cybersecurity efforts across multiple organizations and agencies with diverse interests and concerns can be difficult, particularly in countries with complex regulatory environments.

In recent years, the government has taken steps to improve cybersecurity regulations and standards for critical infrastructure systems.

In 2018, the National Cyber and Crypto Agency (BSSN) was established to oversee cybersecurity efforts across the country. In 2022, Law No. 27/2022 on personal data protection was passed as the legal umbrella for personal-data protection measures in Indonesia. In the same year, Presidential Regulation No. 82/2022 on the protection of vital information infrastructure was enacted to strengthen the measures for protecting 11 pieces of vital information infrastructure.

Additionally, the government has launched several cybersecurity-awareness campaigns to educate the public and private sectors about the importance of cybersecurity and initiated the formation of a computer security incident response team (CSIRT) for the public sector. Nevertheless, several means of cybersecurity governance still need to be installed to strengthen the cybersecurity of critical infrastructure.

Indonesia is on course to enforcing its national cybersecurity strategy as a multilayered cybersecurity strategy that focuses on cybersecurity governance, risk management, preparedness and resilience, information infrastructure protection, capacity building, policy and international cooperation. Reflecting on the recent data breaches, a holistic, collaborative and systemic approach to prevent, detect and mitigate cyberattacks on critical infrastructure is immediately required to safeguard the systems, ensure service continuity and protect the confidentiality and integrity of data and information.

As technology continues to advance, it is very important for the public and private sectors in the country to be more vigilant, proactive, and collaborative in their cybersecurity efforts. A national cybersecurity strategy and national cybersecurity law can provide a sound legal basis to enforce stakeholder compliance in implementing multilayered cybersecurity measures on their critical infrastructure.

 ***

The writers are doctoral students at the Indonesian Defense University.