Serious evaluation is needed to prevent hacking from happening again. Otherwise, it could trigger public fear of activities in cyberspace.
By
Nikolaus Harbowo
·4 minutes read
JAKARTA, KOMPAS — The hacking of the National Malware Center website belonging to the National Cyber and Encryption Agency (BSSN) again shows how easy it is for hackers to penetrate the cybersecurity system of government agencies. It is ironic, because the BSSN is the backbone of the country in countering cyberattacks. Serious evaluation is needed to prevent hacking from happening again. Otherwise, it could trigger public fear of activities in cyberspace.
The hacking, in the form of the defacement of the National Malware Center (Pusmanas) BSSN website, was visible on Monday morning (25/10/2021). As of Monday night, the Pusmanas website has not been accessible to the public. However, the appearance of the hack and its message are no longer visible.
BSSN National Cyber Security operations director Ferdinand Mahulette and BSSN spokesperson Anton Setiawan, who were contacted separately on Monday, confirmed the hacking.
According to Ferdinand, the hacking took place on Wednesday (20/10/2021). The site being hacked he claimed was a subdomain, not the core domain. The subdomain is also said to be no longer in use. “They made a website, but the site was for a transition project from the old organization. So because it is no longer updated, there may be weak points [becoming target of hacking]. And, at that time, we immediately took down the site because it was not being used,” he added.
The fact that hackers easily targeted the BSSN system is considered a concern by co-founder of the Indonesian Cyber Security Forum, M Novel Ariyadi. Moreover, what hackers have broken through is the system of a unit formed by BSSN to improve detection capabilities against cyberattacks. "This [hacking] can erode public trust in activities in the online sphere," he added.
Happened over and over
This is not the only time that a website belonging to a government agency has been targeted by hackers. Just last week, a database belonging to the Indonesian Child Protection Commission (KPAI) was breached by hackers. In mid-September, the internal network of 10 ministries/agencies was also reported to have been hacked. The pattern of hacking by changing the home page of the site has occurred twice on the official website of the Cabinet Secretariat.
Some members of House of Representatives (DPR) Commission I, which is in charge of cyber security also criticized the fact that the BSSN system was hacked easily. “This is a blow for all of us. This shows that the state entities that should have guaranteed cyber security and resilience are actually compromised," said member of House Commission I from the Prosperous Justice Party (PKS) faction, Sukamta.
A member of House Commission I from the PDI-P faction, Effendi Simbolon, urged the BSSN to evaluate its cyber security system. “Otherwise, our cybersecurity will be fragile. The public is worried because there is no guarantee of security in cyberspace," he said.
Indonesia's score is 38.96, a figure is far below a number of neighboring countries in Southeast Asia.
According to deputy chairman of House Commission I from the PKS faction, Abdul Kharis Almasyhari, the fragility of cyber security in Indonesia is not only reflected in a series of hacking cases. Citing data from the National Cyber Security Index released last September, Indonesia ranked 77th out of 160 countries regarding national cyber security. Indonesia's score is 38.96, a figure is far below a number of neighboring countries in Southeast Asia.
A member of House Commission I from the PDI-P faction, TB Hasanuddin, said that the BSSN was still weak in equipment and human resources. For the sake of strengthening the BSSN, a large budget was needed. In reality, for 2022, for example, only Rp 500 billion (US$35.3 million) is budgeted out of the Rp 3.5 trillion needed.
In addition, according to executive director of the Communication and Information System Security Research Center Pratama Persadha, it is important for every agency to periodically audit its cyber security system. This is important because in the cyber world there is no system that is 100 percent secure.
What is also important is that the government and the DPR immediately ratify the Personal Data Protection Bill. This is because it contains provisions that require all agencies to strengthen their cyber security system as well as their human resources. (BOW)