Earlier this month, Indonesia announced that it would form a National Cyber Agency (NCA) to coordinate an integrated defense against rising cyber attacks.
The move is long overdue given the country’s vulnerability. For much of 2013 and 2014, Akamai Technologies, a U.S.-based firm, found that Indonesia consistently ranked as one of the world’s top three sources of cyber attacks. The country’s own communications and information ministry corroborates this data, revealing, for instance, that a staggering 36.6 million cyber attacks were recorded in the country in the past three years.
The problem has reportedly worsened since Indonesia’s new president Joko “Jokowi” Widodo, took office in October last year. Muhammad Salahuddin, the vice chairman for operations and network security at the Indonesia Security Incident Response Team on Internet Infrastructure (ID-SIRTII), told FutureGov magazine recently that attacks have doubled just in the last four months. The risk for Jokowi, Muhammad says, will only increase as his administration plans on bringing several critical services online in fields such as infrastructure and healthcare. Just last month, Jokowi’s defense minister, Ryamizard Ryacudu, warned that Indonesia was on the brink of nothing less than a cyber war. Scholars might quibble with his terminology, but the urgency that he attempted to communicate was unmistakable.
The Jokowi administration appears to have concluded that enough is enough. At a meeting at the presidential office between Jokowi, his communications and information minister Rudiantara, and coordinating political, legal and security affairs minister Tedjo Edhy Purdijatno, the three agreed that the current approach was not working. They decided that the country’s vulnerability required the formation of a strong body that will marshal an integrated cyber defense. The proposed NCA will coordinate the strategies of cyber security units in different areas in the public and private sector such as defense, business, and finance. Officials say it is expected to be operational from 2016 and report directly to Jokowi.
While few would argue with the need for an integrated cyber defense, there are several challenges to achieving it. As with many things in the world’s fourth largest country, which also has the sixth most Internet users in the globe across an array of industries (over 80 million, according to the country’s Central Bureau of Statistics), coordination is easier said than done. For instance, Indonesia’s defense ministry recently formed a Cyber Operations Center (COC) with the goal of having individual cyber units in the army, navy, and air force and teams with specific tasks from analyzing threats to preventing actual intrusions. Though the COC is still very much a work in progress, ensuing that it avoids overlap – even competition – with the proposed NCA will be a critical step, says Bantarto Bandoro, senior lecturer at the Indonesian Defense University.
The country also still lacks the necessary resources to man such an effort. Building the infrastructure for an integrated cyber defense requires funding for technology, which officials say Indonesia does not have. “The technology is costly and we don’t have much money,” Brigadier General Jan Pieter Ate, the head of the defense ministry’s Defense Management Center, bluntly told The Jakarta Post last month. But the main obstacle may be the country’s lack of human resources. Budi Rahardjo, a security expert at the Bandung Institute of Technology, told the 2014 Indonesia Cyber Crime Summit in October that the country needs at least 7,000 information and technology experts and is nowhere close to that number. Developing such expertise is not easy either, considering the sophistication of some of the technologies involved.
Since Jokowi’s inauguration, experts have been calling on the president to lead a national movement against cybercrime. The NCA is a step in the right direction, but it is only the beginning of a long road ahead.