Vital Object and Corporations Strengthen Network Security

PT Pertamina (Persero) and PT Perusahaan Listrik Negara (Persero; PLN) see cyber attacks as a real and potential threat. Both state-owned companies (BUMN) control vital objects across Indonesia. Pertamina controls oil wells and fuel terminals; PLN controls power plants that are vital objects.

“The potential of cyber attacks will always exist and we are continuing with the internal protection. This measure is our main priority because in this digital era, technology and information are the backbone of a company. This also applies to companies that control vital objects,” said Pertamina Vice President Corporate Communication Adiatma Sardjito.

PLN’s corporate communications head I Made Suprateka said that during a past cyber attack, PLN took swift action. One of the responses taken was to secure their internal digital system by switching off all computers for the durationof the cyber attack on several countries.

Special division

To protect corporate digital data, Adiatma explained that the division in charge of technology and information continually updated the company’s digital security system. They also maintain security standards and perform regular network security audits. PLN also works with third-party digital security experts.

“We also raise awareness among all employees on how to secure their digital data related to the company,” Adiatma said.

Meanwhile, Made said that since the security of information technology systems was a focus of corporate security, PLN always reminded employees to maintain their individual digital data security. PLN’s digital security, with its layered approach, was believed to be strong enough to address the threat of cyber attacks on PLN vital objects.

“The digital data security for power generators is strong. The security is in layers,” Made said.

Blibli.com Senior Marketing Communications Manager Lani Rahayu said her office ran a special division for information technology security systems. The division members work according to the existing standards of IT security.

“They work with other division members and company partners so that the standards are attainable,” Lani said.

Blibli.com’s security division implements three main ethics, namely data secrecy, integrity and availability. Data secrecy relates to controlling access, while data integrity emphasizes that only an authorized person may alter data that will be saved or distributed.

“We regularly provide education on the safe use of the internet to employees and consumers. We also disseminate the latest information on data security systems to them,” Lani said.

Cooperation with hackers

Separately, head of Uber User Trust Wui Foo said the company worked with independent hackers and researchers at the Hacker One platform to settle all cyber attack cases. The cooperation was considered an investment of sorts.

During the Oct. 11-27 period in 2016, online travel agent Tiket.com, which is connected to PT Citilink Indonesia (Citilink), was hacked. The suspected hacker tried to enter Citilink servers by using an account name and password belonging to Tiket.com in an attempt to obtain Citilink ticket booking codes to be sold to customers.

As a result of the incident, Tiket.com co-founder and Chief Operational Officer Gaery Gunarsa said their digital security system was improved. To access the website, the company applies several layers of firewall and a load balancer system.

“Following the incident, we pay hacker institutions or organizations to attack our security system, and they report the weaknesses in our system. We do this regularly,” Gaery said.

President Director Hendra Lesmana at PT Dimension Data Indonesia, an information technology solutions provider, said the financial sector was the sector that frequently received threats to data security.

(MED/APO/EDN/FER)