The BSSN’s 2021 Cybersecurity Monitoring annual report stated that 1.6 billion network traffic anomalies were detected in 2021. However, PSEs did not significantly follow up on the notifications they received
By
KURNIA YUNITA RAHAYU
·3 minutes read
KOMPAS/IRENE SARWINDANINGRUM
One of the hacks on the local government website by the Kakegurai hacker account is stored in the mirroring zone-h.org archive, Thursday (28/10/2021).
JAKARTA, KOMPAS – We need to look back and evaluate our cybersecurity governance in order to handle data breaches. The National Cyber and Encryption Agency (BSSN) has stated that reported cyberattacks in 2021 had received minimal follow-up by the relevant ministries and agencies.
From the beginning of this year to 13 Sept., the BSSN sent a total of 1,261 notifications to ministries and agencies regarding attempted breaches, but only 72 notifications, or 6 percent, received a response.
Wahyudi Djafar, the executive director of the Institute for Policy Research and Advocacy (ELSAM), said on Thursday (15/9/2022) that the lack of a response from ministries and agencies to warnings about potential cyberattacks indicated a problem in cybersecurity governance. He explained that government administrators and electronic systems operators (PSE) should comply with Presidential Decree (Perpres) No. 95/2018 on electronic government (e-government) systems.
The Perpres recognizes the BSSN as the institution in charge of the security of e-government systems. In addition, the BSSN is also responsible for coordinating on cybersecurity for government institutions and agencies.
If the BSSN’s warnings about cyberattacks were being ignored, then a separate issue existed that needed to be evaluated. “This means there are problems in the government’s cybersecurity management, which makes it look like the BSSN is not carrying out its duties optimally,” he said.
Cyberattacks
BSSN deputy head Comr. Gen. Luki Hermawan said that from January up until 13 Sept., 852.2 million network traffic anomalies or suspected attempts to breach cybersecurity had been reported.
To follow up, BSSN sent 1,261 notifications to the ministries and agencies that had reported the anomalies. The government sector received the largest number of notifications with a total of 761, while the education sector received 345 notifications.
“Out of all the notifications sent, only 72 [notifications], or 6 percent, received a response,” said Luki.
KOMPAS
Data theft in cyberspace continues to occur. The targets are very diverse, ranging from residents to officials. Now, the act of hackers Bjorka into the spotlight.
Moverover, the BSSN’s 2021 Cybersecurity Monitoring annual report stated that 1.6 billion network traffic anomalies were detected in 2021. However, PSEs did not significantly follow up on the notifications they received (Kompas, 14/9/2022).
According to Luki, cybercriminals had taken advantage of stakeholders’ complacency in responding to these notifications and used it to disrupt their electronic systems.
However, he continued, ministries and agencies showed a change in attitude only after the account of hacker “Bjorka” had leaked the data of several government agencies.
“The notifications we had sent so far were largely ignored, but [now] praise God, the responses are much better. In the future, they cannot be underestimated,” said Luki.
He added that the government had now issueed Perpres No. 82/2022 on the protection of vital information infrastructure, which regulated the implementation of cybersecurity in strategic sectors to protect vital information infrastructure.
House of Representatives Commission I member Muhammad Farhan, who hails from the NasDem faction, added that the personal data protection bill would also push PSEs to tighten cybersecurity. The bill contained a number of articles obliging PSEs to comply with security standards for storing data. The bill was currently waiting to be passed into law during the House plenary session.
Chairman Ardi Sutedja of the Indonesia Cyber Security Forum (ICSF) stressed that increasing human resource capacity at each agency was also necessary, especially when employees in charge of cybersecurity lacked adequate competency.