Blackout prompts Indonesia to ramp up cyber security efforts

Blackout prompts Indonesia to ramp up cyber security efforts

Millions of Indonesians found themselves starved for cash over a two-day period in early August 2019 when a massive blackout shut down ATMs and other digital banking services in the capital city of Jakarta and other nearby cities. While power and banking services, along with traffic lights, public transit and telecommunications were fully restored by August 6, 2019, the event left lawmakers calling for the swift passage of cyber security legislation to keep digital systems functioning and secure.

Speaking at a public discussion about the proposed cyber law a week after the blackout, Hinsa Siburian, head of the country’s National Cyber and Encryption Agency (BSSN), called for its passage in 2019. “Indonesia must not be left behind and must move quickly to build security and resilience of the cyber realm,” Hinsa said. “Sovereignty is not only physical but also nonphysical.”

(Pictured: An electricity outage in Jakarta left many downtown buildings in the dark.)

Rising threats from both nonstate and state actors make the proposed cyber security and resilience law (CRL) necessary, cyber security experts Curie Maharani and Renie Prihandoko of Jakarta-based Pokja 8 defense and security working group told FORUM. “The government needs to have rigid nationwide cyber security strategies and policies, which include comprehensive steps such as countermeasures to cyber attacks, along with the assessment of the level of threats and its escalation.”

Indonesia experienced 12.9 million cyber attacks in 2018, BSSN reported, mostly from malware, but also phishing and distributed denial of service, among others. The country’s 171 million internet users make it a favorite target for cyber attackers, Hinsa said.

The CRL’s current draft is designed to protect against cyber threats to the digital economy and e-governance. It maps out entities defined as “national cyber interests” and describes specific threats by type and scope. It also specifies how threats can be prevented and mitigated. Moreover, it promises to “strengthen the ecosystem of cyber governance” by complementing existing laws governing telecommunications and electronic information and transactions.

The proposed law defines responsibility for enforcing cyber security on the regional and national levels and specifies the role played by BSSN, Indonesia’s top government cyber agency, to support the national police in enforcing the law. The CRL defines six other government entities to assist BSSN on cyber security, including the ministries of defense, communication, foreign affairs; the national police, the State Intelligence Agency and the Attorney General’s Office.

The Jakarta government is asking for advice from industry leaders on the content of the proposed law while welcoming international input.

“Indonesia has signed letters of intent and memos of understanding for cooperation in cyber security with the U.S., the U.K., and Australia,” Curie and Renie said. “There are several avenues of cooperation, such as regular dialogues in cyber policy and strategy development; promotion of cyber security awareness; capacity building and training opportunities in national incident management capabilities and cyber crime (forensics and investigation); as well as cooperation in the digital economy sector and multi-stakeholder partnership.”

Tom Abke is a FORUM contributor reporting from Singapore.