Indonesia’s recent cyber attacks that caused widespread disruption to its national data systems have prompted the country to strengthen its cyber resilience and reassess its digital technology policies.Indonesia’s recent cyber attacks that caused widespread disruption to its national data systems have prompted the country to strengthen its cyber resilience and reassess its digital technology policies.
Indonesia’s Coordinating Minister for Political, Legal and Security Affairs Hadi Tjahjanto said on Friday the government will implement digital security improvements and strengthen system capabilities at the national data center, according to Xinhua News Agency.
“We are building data centers that have multiple backups, tiered backups with good security. We want it to be an unhackable system. This will continue to be the case to support the government’s performance in providing services to the people,” Tjahjanto said at the press conference.
Indonesia’s Ministry of Communications and Information Technology is currently preparing to implement what it is calling a “tenant realignment” to improve digital security in governance through stricter standard operating procedures. “This will be implemented in August-September 2024,” the ministry’s director-general for information applications, Ismail Ismail, said on Thursday.
The ransomware attack that targeted Indonesia’s national data center and caused a massive data crisis began on June 17 and lasted for almost a week. Hackers initially demanded a ransom of $8 million.
According to the Ministry of Communications and Information and the National Cyber Encryption Agency, the attack disrupted at least 282 institutions, including the Immigration Bureau, whose systems were affected, causing long queues at airports. The attack also disrupted education institutions as students were enrolling for the new semester.
Following the incident, many Indonesians reportedly called for the resignation of the Minister of Communications and Information Technology for failing to protect citizens’ data.
As the institution most vulnerable to hackers, Indonesia’s financial industry is continuously strengthening its cybersecurity capabilities, from complying with cybersecurity standards to simulating what it takes to face cyberattacks and anticipate cyber threats.
The Financial Services Authority, the government body that regulates and supervises Indonesia’s financial services sector, on Tuesday released cybersecurity guidelines specifically designed for all financial sector innovation organizers in the country.
By prioritizing the principles of cooperation and information exchange, the guidelines provide for a cyber capacity building programme that includes data protection, risk management, incident response, maturity assessment, training and awareness raising.
Meanwhile, the Indonesian Internet Service Providers Association (APJII) said it is preparing to form a task force to focus on cybersecurity, especially to prevent the negative effects of large-scale technological innovation.
“We want to bring together existing relevant stakeholders to provide information to the government, especially in cybersecurity-related cases,” APJII Chairman Muhammad Arif said on Wednesday.
He also said APJII, which currently has 1,087 member internet service providers across Indonesia, has begun to roll out assistance to keep cyberspace safe.
Riddi Ferdiana, a software expert at the Faculty of Engineering at Gadjah Mada University in Indonesia’s Yogyakarta province, said the recent ransomware attacks should serve as fodder for the government to improve its information system architecture, security procedures and computer security network.
“To prevent the National Data Center’s servers from being exposed to cyber attacks again, several cybersecurity measures can be taken, such as developing regular inspection procedures for security flaws, implementing network security procedures for the public and data centers, and conducting regular maintenance to check the suitability of security perimeters and procedures,” Ferdiana said.
He said governments should design highly available cloud infrastructure based on disaster recovery plans to speed up data recovery.
“We also recommend that national data centres implement row-field security or file-level encryption in transit or at rest to ensure that stolen data cannot be read in the event of a ransomware outbreak,” he added.
