Cybersecurity Governance Needs to be Evaluated

Wahyudi Djafar, the executive director of the Institute for Policy Research and Advocacy (ELSAM), said on Thursday (15/9/2022) that the lack of a response from ministries and agencies to warnings about potential cyberattacks indicated a problem in cybersecurity governance. He explained that government administrators and electronic systems operators (PSE) should comply with Presidential Decree (Perpres) No. 95/2018 on electronic government (e-government) systems.

Also read:

> Task Force Must Conduct Thorough Investigation

> Warnings Never Followed-up

The Perpres recognizes the BSSN as the institution in charge of the security of e-government systems. In addition, the BSSN is also responsible for coordinating on cybersecurity for government institutions and agencies.

If the BSSN’s warnings about cyberattacks were being ignored, then a separate issue existed that needed to be evaluated. “This means there are problems in the government’s cybersecurity management, which makes it look like the BSSN is not carrying out its duties optimally,” he said.

Cyberattacks

BSSN deputy head Comr. Gen. Luki Hermawan said that from January up until 13 Sept., 852.2 million network traffic anomalies or suspected attempts to breach cybersecurity had been reported.

To follow up, BSSN sent 1,261 notifications to the ministries and agencies that had reported the anomalies. The government sector received the largest number of notifications with a total of 761, while the education sector received 345 notifications.

“Out of all the notifications sent, only 72 [notifications], or 6 percent, received a response,” said Luki.

Moverover, the BSSN’s 2021 Cybersecurity Monitoring annual report stated that 1.6 billion network traffic anomalies were detected in 2021. However, PSEs did not significantly follow up on the notifications they received (Kompas, 14/9/2022).

According to Luki, cybercriminals had taken advantage of stakeholders’ complacency in responding to these notifications and used it to disrupt their electronic systems.

However, he continued, ministries and agencies showed a change in attitude only after the account of hacker “Bjorka” had leaked the data of several government agencies.

“The notifications we had sent so far were largely ignored, but [now] praise God, the responses are much better. In the future, they cannot be underestimated,” said Luki.

Also read:

> President Calls for Heightened Curb Against Data Leakage

> Data Breaches Continue to Occur

He added that the government had now issueed Perpres No. 82/2022 on the protection of vital information infrastructure, which regulated the implementation of cybersecurity in strategic sectors to protect vital information infrastructure.

House of Representatives Commission I member Muhammad Farhan, who hails from the NasDem faction, added that the personal data protection bill would also push PSEs to tighten cybersecurity. The bill contained a number of articles obliging PSEs to comply with security standards for storing data. The bill was currently waiting to be passed into law during the House plenary session.

Chairman Ardi Sutedja of the Indonesia Cyber Security Forum (ICSF) stressed that increasing human resource capacity at each agency was also necessary, especially when employees in charge of cybersecurity lacked adequate competency.

This article was translated by Kesya Adhalia.