Indonesia focused on cyber resilience, open to foreign cooperation
With one of the fastest growing populations of internet users and a still-evolving regulatory environment, Indonesia’s vulnerability to cyber-attacks is well recognised. The country is the source and target of tens of millions of attacks each year.
Concerns about protecting assets extend from government and a fast-growing e-commerce marketplace, to the spread of fake news and vote tampering.
It’s one of the reasons why up to 5000 people attended the recent Cyber Security Indonesia Conference in Jakarta (CSI2019), where the Head of National Cyber and Crypto Agency (BSSN) Lt Gen Hinsa Siburian called for input from all related parties to anticipate and solve national cyber security problems.
The BSSN was created in 2017 as the central authority to deal with the changes in digital technology and application. An extension of the long-established National Signals Agency (Lembaga Sandi Negara), its closest counterpart would be the Australian Signals Directorate.
And co-operation is already underway between the two countries, with an MOU signed between Indonesia’s BSSN and Australia’s Office of the Ambassador for Cyber Affairs at DFAT in August 2018 at the time of the first visit by Australian PM Scott Morrison.
“BSSN is open to partnering with all related parties in cyber resilience through research collaboration…, working groups and capacity building through cyber security training,” he shared when opening Cyber Security Indonesia (CSI) 2019 in Jakarta.
Opportunities for Australian expertise to be a part of Indonesia’s cyber-resilience were identified in the inaugural Indonesia-Australia Digital Forum at the start of 2018 in Jakarta. This provided a platform for profiling Australian and Indonesian digital capacity and experience in health, fintech, cyber security, linking start-up ecosystems, smart government and creative industries. However there did not seem to be a strong presence at CSI 2019 in Jakarta of Australian interests and expertise.
What threat?
BSSN is committed to dealing with all forms of cyber threats, he said, both physical and non-physical.
“Physical threats are attacks on software and hardware with the aim of disabling electronic systems, such as those behind critical national infrastructure related to energy and mineral resources, banking and finance, food security and agriculture, defense and strategic industries,” Lt Gen Siburian said.
“Besides the physical threats, non-physical threats such as fake news and hoaxes are also spread to change the opinions, motivations, or even ideology of individuals and groups,” he added. He argued that they can be even more dangerous than physical threats as they can threaten the ideology of Pancasila — the nation’s fundamental cornerstone that reflects its inherent pluralism — a threat to which undermines the territorial integrity of the nation.
Mitigation
To anticipate cyber threats, Lt Gen Siburian said that over the past three years BSSN has been focused on building national cyber resilience.
“Programs and services that have been implemented by BSSN include risk assessment, identification of vulnerabilities and ICT security audits, development of a framework for the protection of national critical information infrastructure systems, public outreach to raise cyber-security literacy and awareness, and capacity building.”
The result of the hard work by BSSN and other cyber-security stakeholders, Mr Siburian claimed, can be seen in the 2018 Global Cybersecurity Index (GCI) report from the International Telecommunication Union (ITU).
“Indonesia’s GCI ranking in 2018 rose from position 70 up to 41, out of 194 countries,” said Mr Siburian.
By way of contrast, Australia has slipped from 7 in 2017 to position 10 in 2018. In that most recent study, the top 10 nations were:
- UK
- USA
- France
- Lithuania
- Estonia
- Singapore
- Spain
- Malaysia
- Canada/Norway
- Australia
There are five pillars of the GCI rankings that have been recognised globally in efforts to maintain cyber security — legal, technical and organisational aspects; capacity building aspects; and cooperation.
“Those five pillars,” Siburian says, “form one cornerstone for developing Indonesia’s National Cyber Security Strategy.”
“[We need to] increase cyber capability and resilience, create a cyber security innovation ecosystem, and strengthen legal frameworks and international cooperation and diplomacy for cyber security.”
Since the establishment of BSSN, cyber security has been elevated to a core priority concern for Indonesia and a part of its critical infrastructure. Investment in multiple areas, including regulation, policy and corporate and workforce capability, is critical for increasing cyber resilience.
Opportunities for Australia
According to the Austrade Cyber Security Report in 2018, there are only a few domestically developed cyber-security technologies or solutions in Indonesia. This indicates that ICT is an area in which foreign businesses can succeed commercially.
This represents an interesting opportunity for enterprising Australian security companies to establish partnerships with the Indonesia digital sector, especially in financial services, start-ups and the public sector (where the demand for cyber security is high).
Beyond the main auditorium at CSI the corridor discussions were every bit as interesting. It is clear that Indonesian stakeholders, including the corporate sector but also national institutions and several provincial governments, are very keen to strengthen the integrity of their cyber systems.
CSI 2019, now in its 5th edition, is hosted by the Indonesian Telecommunication Providers Association (ATSI) and supported by BSSN. This event was attended by Cyber Security Ambassador of the United Kingdom Henry Pearson, Hungarian Ambassador Judit Pach, the Indonesian Internet Service Providers Association (APJII), various ministries, institutions and agencies, and business, community and cyber security leaders.