Current Threats:

Cybersecurity Policy
Developments in
Cyberspace

Al Araf Assadallah Marzuki, S.H., M.H.

Research Center For Law ISSH-BRIN
 According to the International Organization for Standardization
(ISO)/IEC 27032:2012, cybersecurity or cyberspace security is
an effort undertaken to:

1. Maintain confidentiality,
2. Ensure integrity, and
Definition 3. Ensure availability of information in cyberspace.

Cyberspace refers to a complex environment resulting from

the interaction between people, software, and services on the
internet, supported by information technology and
communication (ICT) devices and global network connections.
The concept of: "information
protection"
Physical Personal Operational
Security Security. Security

Communication Network
Security Security
Law Number 11 of 2008 concerning
Electronic Information and Transactions."

In accordance with Law Number 11 of 2008 in

conjunction with Law Number 19 of 2016
Article 15, paragraph 1 of the Electronic
concerning Electronic Information and
Information and Transactions Law states that
Transactions, it is stated: "Every Electronic
"Every Electronic System Provider must operate
System Provider is obliged to operate an
the Electronic System reliably and securely and
Electronic System that meets the minimum
be responsible for the proper operation of the
requirements, namely, the ability to protect the
Electronic System." This is also reflected in
availability, integrity, authenticity, confidentiality,
Article 16, paragraph (1), point b.
and accessibility of Electronic Information in the
operation of the Electronic System."
• According to the 2016 ITE Law, the government has issued technical
regulations, particularly Government Regulation (PP) Number 71 of
2019 concerning the Implementation of Electronic Systems and
Transactions. PP No. 71 of 2019 contains updates related to the
implementation of cybersecurity in electronic systems and
transactions.
Law Number 19 of 2016 concerning amendments to Law Number 11 of
2008 regarding Electronic Information and Transactions
Article 32, paragraph (1) and paragraph (3) of
the ITE Law state that any person who
intentionally, without authorization or
unlawfully, by any means, alters, adds, reduces,
transmits, damages, removes, transfers, hides, or
conceals Electronic Information and/or
Electronic Documents belonging to others or the
public.
In the articles contained within the ITE Law, the
violations committed involve the unauthorized
disclosure of confidential information or
documents through various means and efforts.
Within the scope of Cybersecurity, there are also
both confidential information and documents.
Such confidential information and documents
also have the potential to be disclosed to the
public without authorization or to experience
leaks.
 • (2) The government protects the public interest from all types of disturbances
resulting from the misuse of Electronic Information and Electronic Transactions that
disrupt public order, in accordance with the provisions of the legislation.

Article 40, • (2a) The government is obliged to prevent the dissemination and use of Electronic
Information and/or Electronic Documents containing prohibited content in
paragraphs (2a), accordance with the provisions of the legislation.

(2b), (3), (4), and • (2b) In carrying out prevention as referred to in paragraph (2a), the government is
authorized to disconnect access and/or instruct Electronic System Providers to
(5) of the ITE Law disconnect access to Electronic Information and/or Electronic Documents containing
illegal content.

state that: • (3) The government designates agencies or institutions that possess strategic
electronic data that must be protected.

• (4) The agencies or institutions referred to in paragraph (3) must create Electronic
Documents and electronic backup records and link them to specific data centers for
data security purposes.

• (5) Other agencies or institutions not regulated in paragraph (3) create Electronic
Documents and electronic backup records according to their data protection needs.
 • In the efforts to identify and detect cyber
threats, provide protection, mitigation, and
recovery, as well as monitoring and control, it
becomes the responsibility of Cybersecurity
public-private Operators to protect security objects.
Cybersecurity Operators represent the
partnership consept embodiment of the public-private partnership
concept because they are not only composed
of government authorities but also private
entities that possess critical infrastructure in
Indonesia.
 Law No. 8 of 1999 concerning Consumer
Protection

Article 1, paragraph (1): "Consumer protection is all efforts that ensure legal certainty to
provide consumer protection."

In Article 4, part (a), it states: "The right to comfort, security, and safety in consuming goods
and/or services."

This aspect applies when businesses engage in actions that cause harm to consumers. This
harm takes the form of customer data breaches due to inadequate security measures.
 Article 4 of the National Defense Law states,
"National defense aims to safeguard and protect the
sovereignty of the state, the integrity of the territory
of the Unitary State of the Republic of Indonesia,
and the safety of the entire nation from all forms of
Law Number 3 of threats."
2002 concerning
National Defense. The explanation of Article 4 of the National Defense
Law provides an explanation that a threat is any
effort and activity, both domestic and foreign, which
is considered to endanger the sovereignty of the
state, the integrity of the state's territory, and the
safety of the entire nation.
 • In the Intelligence Law, Article 6, paragraph (1) states that the
State Intelligence Agency carries out the functions of
Law Number 17 investigation, security, and gathering. Additionally, Article 6,
paragraph (5) of the Intelligence Law states that in carrying
of 2011 out its functions, it must respect the law, democratic values,
and human rights. The Cybersecurity function itself has
concerning components that essentially encompass functions of detection
and identification, protection, mitigation and recovery,
State monitoring, and control of the Cybersecurity ecosystem.
Intelligence
• Article 1, number 4 of the Intelligence Law states that a threat
is any effort, work, activity, and action, both domestic and
foreign, assessed and/or proven to endanger the safety of the
nation, security, sovereignty, integrity of the territory of the
Unitary State of the Republic of Indonesia, and national
interests in various aspects, including ideology, politics,
economics, socio-culture, as well as defense and security.
Law Number 34 of • Article 7 of the TNI Law states that the
2004 concerning main duty of the TNI is carried out through
military operations for war. Cybersecurity
the Indonesian is closely related to incidents of
cyberattacks by both state and non-state
National Armed actors, which have the potential to lead to
a state of war. Therefore, in the potential
Forces realm of Cybersecurity and Cyber
Resilience as one part of military
operations during a state of war, the
authority for controlling Cybersecurity
needs to be implemented by the
Indonesian National Armed Forces.
Law Number 2 of
2002 concerning
the State Police
• Article 15, paragraph (1), letter j of the POLRI Law states,
of the Republic "in order to carry out its duties in general, it is authorized
of Indonesia to establish the National Criminal Information Center..."
Law Number 36
of 1999 • Article 39, paragraph (1) of the Telecommunications Law
states that Telecommunication Operators are obligated to
concerning secure and protect the installations within the
telecommunications network used for telecommunication
Telecommunica services. In the Telecommunications Law, the state imposes
the duty on telecommunications operators to secure and
tions protect the installations within the telecommunications
network, thereby granting the authority and obligation to
telecommunications operators by the state to orderly and
diligently protect their infrastructure.