by Nurul Fitri Ramadhani
JAKARTA, Jul 12 (NNN-XINHUA) – The recent cyber attack in Indonesia, that massively disrupted its national data system, has urged the country to strengthen its cyber resilience and evaluate its digital technology policy.
Indonesian Coordinating Minister for Political, Legal and Security Affairs, Hadi Tjahjanto, said today that, the government would carry out digital security improvement and strengthen the system capabilities of its national data centre.
“We are making the data centre with the ability to have multiple back-ups, layered back-ups with good security. We want it to be a system that cannot be hacked. This will continue to be done to support the government’s performance in serving the public,” Tjahjanto said in a press conference.
Indonesia’s Ministry of Communication and Informatics, is currently preparing to execute what it calls as “tenant redeploy,” improving the digital security in governance in accordance with stricter standard operating procedures. “We’ll execute it from Aug to Sept, this year,” the ministry’s Director General of Informatics Applications, Ismail, said yesterday.
The ransomware attack that targeted Indonesia’s national data centre and created a massive data crisis started on Jun 17, and went on for almost one week, with the hacker initially asking for a ransom of eight million U.S. dollars.
According to the Ministry of Communication and Informatics, and the National Cyber and Encryption Agency, at least 282 institutions were disrupted by the attack, including the immigration services, which caused long queues at the airports, due to system bottlenecks at the immigration checkpoints. The attack also disrupted educational institutions, as the country was currently holding a student enrollment period, ahead of the new academic year.
Reports said that, following the incident, many citizens in Indonesia demanded the Communication and Informatics Minister to step down, due to his failure in protecting the public’s data.
The financial industry in Indonesia, as the institutions that are most vulnerable to hackers, continues to increase its cybersecurity capacity, in an effort to anticipate the threat of cyberattacks, ranging from fulfilling cybersecurity standards to simulations in facing cyberattacks.
Indonesia’s Financial Services Authority, a government agency that regulates and supervises the financial services sector, launched on Tuesday, cybersecurity guidelines that were specifically designed for all financial sector technology innovation organisers in the country.
The guidelines provide a cyber capacity-building programme that includes data protection, risk management, incident response, maturity assessment, training and awareness, by prioritising the principles of collaboration and information exchange.
Meanwhile, the Indonesian Internet Service Providers Association (APJII) said, it was preparing to form a task force that would focus on cybersecurity, particularly to prevent the negative impacts of increasingly massive technological innovation.
“We want to gather existing related stakeholders to provide inputs to the government in any case, especially for cases related to cybersecurity,” APJII Chairman, Muhammad Arif, said on Wednesday.
He also said that APJII, which currently has 1,087 members of Internet service providers across Indonesia, had begun to develop support for maintaining the security in cyberspace.
Ridi Ferdiana, a software expert from Faculty of Engineering of the Gadjah Mada University in Yogyakarta province, said, the recent ransomware attack should be a self-reflection for the government, to improve the information system architecture, security procedures and computer security networks.
“There are several cybersecurity measures that can be taken to prevent the national data centre server from being exposed to cyberattacks again, including developing routine inspection procedures related to security gaps, implementing network security procedures for the public and the data centre, as well as, conducting regular maintenance to review the security perimeter and suitability of procedures,” Ferdiana said.
The government, he said, should design high-availability cloud infrastructure, based on disaster recovery plans to speed up the data recovery.
“We also advise that the national data centre implement encryption at the row field security or file level, either in transit or at rest, so that even in the event of ransomware, the stolen data cannot be read,” he added.– NNN-XINHUA
