summary
In June, several Indonesian government agencies were hit by a series of cyberattacks, including a ransomware attack on the country’s temporary national data center. The attacks exposed vulnerabilities in Indonesia’s data security systems and prompted calls for the resignation of the Minister of Communications and Information Technology.
These breaches have raised new questions about Indonesia’s cybersecurity posture and could make it less attractive to foreign investors, especially if Jakarta does not show it is taking steps to bolster its cyber defenses.
The Indonesian government plans to review cybersecurity measures at its data centers around the world, including in Canada, to strengthen defenses against future cyber attacks.
overview
- On June 20, the Indonesian Provisional National Data Center I compromised. The attack was carried out by the hacker group BrainCypher. The resulting data loss disrupted services at around 300 central and local government agencies, including immigration departments and major airports. The hacker group demanded a ransom of 11 million Canadian dollars to unlock the data, but the government refused to pay. (In a mysterious development, BrainCypher said Apologized and release We will provide the decryption key for free on July 3rd.
- On June 22, the Indonesian Automated Fingerprint Identification System (INAFIS) HackedThen, on June 24, the Indonesian Armed Forces Strategic Intelligence Agency was hacked. The data leaked from INAFIS, which is managed by the Indonesian National Police, was old, but fingerprint images and email addresses were stolen.
- This series of hacks and the resulting lack of protocols Backing up your data This is embarrassing for the Indonesian government, given other major cyber attacks it has experienced in recent years. By 2023, 1.5 terabytes of data will be lost. was Stolen Personal information of customers and employees, including contact details, financial documents, card details and passwords, was leaked from the state-run Indonesian bank Syariah. In 2022, the country’s central bank Faced Ransomware attacks have occurred but did not appear to affect public services, although in 2021 the Indonesian Ministry of Health was hacked, exposing the personal data and health status information of 1.3 million people.
- by 2020 Global Cybersecurity Index In the Global Cybersecurity Index (GCI), which measures each country’s efforts to address cyber challenges, Indonesia ranked 24th out of 194 countries, ahead of Vietnam (25th), Thailand (44th), and the Philippines (61st).
Implications
There are likely to be political repercussions. Since the June cyberattack, the appointment of Minister of Communications and Information Budi Ali Setiadi has been in the public eye. He said:Give waySetiadi was appointed to the position despite having no technical knowledge because of his political ties to President Joko Widodo, known as “Jokowi.” Setiadi led a group that supported Jokowi’s presidential bid in 2014 and 2019. Resignation,and Plea A campaign calling for his resignation has garnered more than 20,000 signatures.
Indonesia’s cybersecurity situation is unstable due to government efforts and transparency In managing these cyber breaches. It could also have a negative impact on the government’s reputation and its ability to attract and retain talent. Foreign Investment In the technology industry, Microsoft announced in late April Announced The company said it would invest C$2.3 billion in cloud and artificial intelligence infrastructure to strengthen Indonesia’s digital economy. But the investment could be thwarted if the country’s cybersecurity remains weak and data breaches and business interruption problems continue. That could erode investor confidence in the country’s ability to protect information, deterring new investment.
What’s next?
1. Further support and cooperation from Canada
In response to the recent data leaks and public backlash, the Ministry of State Security and Bureaucratic Reform Announced Benchmark the data protection practices of Canada, India and other countries and consider their applicability to Indonesia’s national data center. (Canada was ranked 8th in the 2020 GCI report.)
Canada is part of its Indo-Pacific strategy Assigned Canada will spend C$47.4 million over the next five years to strengthen cyber capabilities and regional cyber cooperation in the Association of Southeast Asian Nations (ASEAN), of which Indonesia is the largest member. Canada plans to do so by assigning “dedicated cyber attachés” to potential partner countries, including Indonesia. The specific roles these attachés will play have not yet been made clear.
2. New president, new cybersecurity policy?
Prabowo Subianto is set to become Indonesia’s next president in October, which could be an opportunity to make cybersecurity a top priority. Prabowo served as defense minister from 2019 to 2024. implementation Cybersecurity education was established as a research field at the Indonesian National Defense University under the Indonesian Ministry of Defense. During the presidential election, was suggested Integrate cybersecurity education into school and university curricula nationwide.
• Editors: Erin Williams (Senior Program Manager, Asia Competencies), Ted Fraser (Senior Editor)
