Budi Arie Setiadi was sworn in on July 17, 2023 as the new Minister of Communication (Menkominfo) to replace Johnny Plate who was entangled in the Base Transceiver Station (BTS) case in May 2023, with a heavy burden to address national cyber security.
Immediately, he is faced with the challenging task of improving Indonesia’s cybersecurity as another data leak occurs.
Recently, as many as 337 million civil registration data were leaked and sold in forums for hackers. This recent incident underlined how bad Indonesia’s cybersecurity.
Cybersecurity remains as toughest challenge for new ministers
According to the National Cyber Security Index (NCSI), Indonesia is ranked 47th out of 176 countries with 63.64 points out of 100, and digital development with 47.41 points out of 100.
The country has suffered several data leak cases from government and private institutions such as Population and Civil Registration (Dukcapil) data, passports data, social insurance data, the Peduli Lindungi (SatuSehat) data, and the General Election Commission (KPU) data.
Such data leaks also target data from major corporations such as MyIndihome, Tokopedia, Lazada, and others.
Pratama Persadha, Chairman of Communication and Information System Security Research (CISSReC) said that cyber security is a very serious problem and is homework that must be completed by the new Minister of Communication and Information.
“Cybersecurity will be one of the benchmarks for the success of the new Menkominfo work program,” said Pratama, on July 17, 2023.
Cyber security is an important matter because the Ministry of Communication and Informatics is one of the institutions responsible for cyber security in Indonesia together with the National Cyber and Crypto Agency (BSSN) and the State Intelligence Agency (BIN).
337 million civil registration data leaked and sold
On Friday, July 14, 2023, an account registered as ‘RRR’ at Breach Forums, posted a thread offering 337 million of civil registration data belonging to Indonesian citizens. The post also include 1 million sample for interested buyers.
This leak was uncovered from the Twitter social media account @DailyDarkWeb which uploaded a screenshot of the original post by ‘RRR’.
The leaked data consists of hundreds of information on NIK, place and date of birth, religion, marital status, divorce certificate, mother’s name, occupation, and passport number.
Kominfo and the National Cyber and Encryption Agency collaborates to take preventive measures
Teguh Setiabudi, Director General (Dirjen) Dukcapil Kemendagri said the ministry had acted quickly to audit the leaked data and launch and investigation to ensure the security of the data being managed.
Meanwhile, preventive measures were carried out in coordination with the BSSN and the Ministry of Communication and Information (Kemenkominfo).
Information system security institution underlines weak regulatory implementation
Pratama Persadha, Chairman of Communication and Information System Security Research (CISSReC) said the government must show its commitment in implementing laws and regulations related to Personal Data Protection (PDP).
Various parties must be held responsible for data leaks including companies as data controllers or processors, as well as cybercriminals to be prosecuted.
He considered that the Data Protection Law had not been implemented optimally due to several obstacles. Pratama explained that the Data Protection Law, which has been in effect since 2022, still provides a transitional period of 2 years until 2024, and application of the law is still difficult because no commission has been formed.
“It should have been faster if the government had formed its related institutions and derivative implementing regulations,” said Pratama.
The establishment of an institution or authority will facilitate law enforcement and the imposition of administrative and legal sanctions, with the aim that incidents of personal data leakage can be properly resolved and prevented.
