Indonesia's Coordinating Minister for Political, Legal and Security Affairs Hadi Tjahjanto said on Friday that the government will carry out improvements in digital security and strengthen the system capabilities of its national data center, Xinhua news agency reported. .
"We are creating a data center with the ability to have multiple backups, layered backups with good security. We want it to be a system that cannot be hacked. This will continue to be done to support the government's performance in the service . to the public," Tjahjanto said at a news conference.
Indonesia's Ministry of Communications and Information Technology is currently preparing to execute what it calls "tenant relocation," improving digital security in governance through stricter standard operating procedures. "We will run it from August to September 2024," the ministry's IT Applications Director General Ismail said on Thursday.
The ransomware attack that targeted Indonesia's national data center and created a massive data crisis began on June 17 and lasted almost a week, with the hacker initially asking for an $8 million ransom.
According to the Ministry of Communication and Information Technology and the National Encryption and Cyber Agency, at least 282 institutions were affected by the attack, including immigration services, which caused long queues at airports due to bottlenecks in the transportation systems. immigration control. The attack also affected educational institutions, as the country was currently holding a student registration period ahead of the new academic year.
Reports say that after the incident, many citizens in Indonesia demanded that the Minister of Communications and IT resign due to his failure to protect public data.
Indonesia's financial industry, as an institution most vulnerable to hackers, continues to increase its cybersecurity capacity to anticipate the threat of cyberattacks, ranging from compliance with cybersecurity standards to simulations to deal with cyberattacks.
The Indonesian Financial Services Authority, a government agency that regulates and supervises the financial services sector, on Tuesday released cybersecurity guidelines specifically designed for all technological innovation organizers in the country's financial sector.
The guidelines provide a cyber capability development program that includes data protection, risk management, incident response, maturity assessment, training and awareness by prioritizing the principles of collaboration and information sharing.
Meanwhile, the Association of Indonesian Internet Service Providers (APJII) said it was preparing to form a working group that would focus on cybersecurity, particularly to prevent the negative impacts of increasingly massive technological innovation.
"We want to bring together existing stakeholders to provide inputs to the government in any case, especially in cases related to cybersecurity," APJII President Muhammad Arif said on Wednesday.
He also said that APJII, which currently has 1,087 Internet service provider members throughout Indonesia, has begun to develop support to maintain security in cyberspace.
Ridi Ferdiana, a software expert at the Faculty of Engineering at Gadjah Mada University in Indonesia's Yogyakarta province, said the recent ransomware attack should be a self-reflection for the government to improve information system architecture, security procedures and computer security networks.
"There are several cybersecurity measures that can be taken to prevent the national data center server from being exposed to cyber attacks again, including the development of routine inspection procedures related to security breaches, the implementation of security procedures of the network for the public and the data center, as well as carrying out periodic maintenance to review the security perimeter and the suitability of the procedures," Ferdiana stated.
The government, he said, should design highly available cloud infrastructure based on disaster recovery plans to speed up data recovery.
"We also recommend that the national data center implement encryption at the row or file field security level, whether in transit or at rest, so that even in the case of ransomware, the stolen data cannot be read," he added. .
"We are creating a data center with the ability to have multiple backups, layered backups with good security. We want it to be a system that cannot be hacked. This will continue to be done to support the government's performance in the service . to the public," Tjahjanto said at a news conference.
Indonesia's Ministry of Communications and Information Technology is currently preparing to execute what it calls "tenant relocation," improving digital security in governance through stricter standard operating procedures. "We will run it from August to September 2024," the ministry's IT Applications Director General Ismail said on Thursday.
The ransomware attack that targeted Indonesia's national data center and created a massive data crisis began on June 17 and lasted almost a week, with the hacker initially asking for an $8 million ransom.
According to the Ministry of Communication and Information Technology and the National Encryption and Cyber Agency, at least 282 institutions were affected by the attack, including immigration services, which caused long queues at airports due to bottlenecks in the transportation systems. immigration control. The attack also affected educational institutions, as the country was currently holding a student registration period ahead of the new academic year.
Reports say that after the incident, many citizens in Indonesia demanded that the Minister of Communications and IT resign due to his failure to protect public data.
Indonesia's financial industry, as an institution most vulnerable to hackers, continues to increase its cybersecurity capacity to anticipate the threat of cyberattacks, ranging from compliance with cybersecurity standards to simulations to deal with cyberattacks.
The Indonesian Financial Services Authority, a government agency that regulates and supervises the financial services sector, on Tuesday released cybersecurity guidelines specifically designed for all technological innovation organizers in the country's financial sector.
The guidelines provide a cyber capability development program that includes data protection, risk management, incident response, maturity assessment, training and awareness by prioritizing the principles of collaboration and information sharing.
Meanwhile, the Association of Indonesian Internet Service Providers (APJII) said it was preparing to form a working group that would focus on cybersecurity, particularly to prevent the negative impacts of increasingly massive technological innovation.
"We want to bring together existing stakeholders to provide inputs to the government in any case, especially in cases related to cybersecurity," APJII President Muhammad Arif said on Wednesday.
He also said that APJII, which currently has 1,087 Internet service provider members throughout Indonesia, has begun to develop support to maintain security in cyberspace.
Ridi Ferdiana, a software expert at the Faculty of Engineering at Gadjah Mada University in Indonesia's Yogyakarta province, said the recent ransomware attack should be a self-reflection for the government to improve information system architecture, security procedures and computer security networks.
"There are several cybersecurity measures that can be taken to prevent the national data center server from being exposed to cyber attacks again, including the development of routine inspection procedures related to security breaches, the implementation of security procedures of the network for the public and the data center, as well as carrying out periodic maintenance to review the security perimeter and the suitability of the procedures," Ferdiana stated.
The government, he said, should design highly available cloud infrastructure based on disaster recovery plans to speed up data recovery.
"We also recommend that the national data center implement encryption at the row or file field security level, whether in transit or at rest, so that even in the case of ransomware, the stolen data cannot be read," he added. .
