Cyber security: Indonesia’s Challenges and Opportunities to move forward

Introduction
Indonesia has announced the plan to create a National Cyber Agency (NCA) to
coordinate an integrated safeguard system against cyber-threats or cyber-attacks in public
sectors including defense, business and finance. This announcement is a logical decision
because an increase of cyber dependency means an increase in risk. The decision also marked
a move forward, albeit small one for Indonesia to start prioritizing cyber security domestically
and protecting its citizen from cyber threats; it is also a step forward to have an institution which
focuses on national policy in cyber protection.
But the question now is how Indonesia is going to build cyber security infrastructure, and
how Indonesia can prioritize cyber security internationally.

Challenges for Indonesia

Indonesia has been targeted by cyber-attacks for long, in 2013-2014, Akamai
Technologies; a U.S.-based firm found that Indonesia consistently ranked as one of the world’s
top three sources of cyber-attacks. Indonesian Ministry of Communications and Information
corroborated that 36.6 million cyber-attacks were recorded in Indonesia the past three years.
But it is still a challenge to build infrastructure as well as the right approach on how to protect
the general public from cyber-attack, because a national policy will not be effective without the
right mind set and understanding of such attacks.
As an archipelagic state, the fourth largest population and the sixth most Internet users
in the globe (over 80 million) coordination is a rare commodity. Therefore it’s important for NCA
to formulate activities as coordinating body and create guidelines which separate its position
 Cyber security: Indonesia’s Challenges and Opportunities to move forward

with other entities in Indonesia to avoid overlap. It is also central to understand what you want to
protect and how the threat will have impact to our national interest.
Challenges also arise in necessary resources to implement cyber security effort,
because building an integrated cyber security infrastructure requires funding for technology,
which we lack of. Another crucial fact that we lack of is human resources, according to Budi
Rahardjo, a security expert at the Bandung Institute of Technology, we needs at least 7,000
information and technology experts but we have less that that at this point.
But the most challenging is implementing awareness1 in public sector and general public
on basic fraud schemes. Public awareness is as important as public involvement in cyber-risk
management and it can be the key element to an effective cyber security strategy. NCA should
promote cyber security understanding with a bottom-up approach, rather than imposing it from
above. The objective is to familiarize people with cyber-security issues, and to adopt a security
attitude when using the Internet. Cyber security is significant in supporting defence and
economic activities to optimize social development, therefore public interest in economic and
social sectors should be at the centre of NCA’s operation, and it should engage public and
private sectors to establish interaction and cooperation.

Opportunities of International Cooperation

Opportunities of international cyber security cooperation are abundance. Regional and
multilateral cooperation is especially important to establish norms setting, protections, and
standards as the world grows more interconnected. Asia has become the focus of cyber conflict,
and the lack of international agreement on shared norms for state behavior and international law
raises further the possibility of conflict. It is important for ASEAN to have a common position to
promote dismissal of aggression and threats which is inconsistent with international law.
ASEAN member can consider possible confidence building measure and preventive
diplomacy activities, such as exchange of military officials or academician to avoid conflict.
ASEAN could also strengthen its relation with dialogue partners and international community by
tackling cross border cyber challenges in an informal approach such as dialogues to discuss
possible cooperation.
In multilateral cooperation, Indonesia has also recognized the need to establish
international norms on cyber security, by participating in a 15-member UN group examining

1
The concept of a “cyber-security mindset” introduced by William Dutton, the coprincipal of the Global Cyber Security Capacity
Centre at the University of Oxford, could be fortified as the rationale in developing a cyber-security policy. “As a mindset, the need
for security would be unquestioned or not continually revisited. It would be seen not as an optional burden, but as a cost of doing
business. For the users, it would not be an ad hoc criterion of choice, but a routine and learned as an almost instinctual response
set”.
 Cyber security: Indonesia’s Challenges and Opportunities to move forward

norms and state behavior, which resulted in UN Resolution 57/239 on Creation of a Global
Culture of Cyber Security 2003, the member agreed to a consensus report, stating that
international law applies to state actions in cyberspace. This consensus represents an
important achievement for the maintenance of international peace and stability in this new area.
By acknowledging the full applicability of international law to state behavior in cyberspace, and
extending traditional transparency as well as confidence-building measures, and by
recommending international cooperation and capacity building to make information and
communications technology (ICT) infrastructure more secure around the world2.
In bilateral level, there are a lot of possible cooperation in cyber security, such as cyber
workshop and partnership; one example is The U.S.-Indonesia Comprehensive Partnership
which includes some initial mechanisms for bilateral cyber security cooperation. The US has
used the ASEAN Regional Forum (ARF) to engage countries on cyber-threats and security to
conduct a series of cyber workshops that would help boost Jakarta’s cyber security efforts while
building on regional norms and engagement.
But in the end, whatever forms its cyber security takes, education and awareness are
most important for Indonesia. Comprehensive education of government officials3 on basic
security techniques and preventative measures will go a long way toward establishing basic
security, as would education for the general population on safe Internet practices. No security
system will ever be perfectly secure, but Indonesia can develop one that allows it to manage
attacks, mitigate risk, and prevent most infiltration and insecurity.

2
On June 7, the group of experts agreed on a substantial report to UN Secretary-General Ban Ki-moon. The report, publicly
released August 9, is entitled “On the Developments in the Field of Information and Telecommunications in the Context of
International Security.” In 2012, Ban appointed the group of 15 experts from the five permanent members of the UN Security
Council plus Argentina, Australia (the chair), Belarus, Canada, Egypt, Estonia, Germany, India, Indonesia, and Japan to carry out a
mandate from the UN General Assembly to “study possible cooperative measures in addressing existing and potential threats”
related to the use of ICTs. This mandate was more specific than those for expert groups on the topic established in 2005 and 2010,
as it explicitly highlighted the need to elaborate confidence-building measures and “norms, rules or principles of responsible
behaviour of States.” UN member states have contributed in varying degrees to requests by the General Assembly to report on their
views on international law and cooperation to prevent destabilization of state relations in cyberspace. According to a recent study by
the UN Institute for Disarmament Research, more than 40 states have now developed some military cyber capabilities, 12 of them
for offensive cyber warfare

3
Indonesia’s Cyber Challenge Under Jokowi : On the brink of a cyber war, the country is forming a national cyber agency,
By Prashanth Parameswaran, January 21, 2015, The Diplomat