PDN Hacked: Major Failure of Indonesia's Cyber Security System
Indonesia has just been faced with one of the major cyber attacks that rocked national digital stability. The National Data Center (PDN), which is supposed to be the foundation of public data security, was hacked by ransomware, exposing the weaknesses of the country's cybersecurity system and raising serious questions about our readiness to face future digital threats.
In June 2024, attacks began with the disabling of Windows Defender, the primary defense tool on the Windows operating system on PDN. Hackers then launched a ransomware attack on PDN and demanded a ransom of 8 million US dollars or around IDR 131 billion.
The National Cyber and Crypto Agency (BSSN) reported that this attack affected data from 44 government agencies, forcing the government to move data to a temporary data center in an emergency. Even though recovery efforts have been carried out, disruption to public services is still felt.
These attacks not only disrupt public services, but also have far-reaching impacts on sectors such as immigration and education. Students who receive Smart Indonesia Card (KIP) assistance experience difficulties in accessing their aid funds, while the potential for personal data leakage raises concerns in the community.
Although the government made great efforts to deal with the impact of the attacks, their response was seen as lacking coordination. Criticism of PDN management which is considered unprofessional is increasingly emerging, questioning the reliability of the system and readiness to face cyber attacks.
Cyber security experts such as Ridho Rahman Hariadi from ITS and Prof. Dr. Ir. Ridi Ferdiana, S.T., M.T., from UGM suggested concrete steps, including regular inspections of security gaps, improving information system architecture, and strengthening cooperation with cloud practitioners to build more resilient infrastructure.
Attacks on PDN must be used as momentum to strengthen national cyber security. Infrastructure improvements, developing strict security policies, and investing in advanced technology and human resource training are key to building systems that are more resilient to threats in this digital era.
The ransomware attack on PDN is a harsh warning for Indonesia. Our readiness to face cyber threats must be seriously improved. By taking lessons from this incident, Indonesia can build a strong and reliable cyber security foundation for a safer and more stable future. And, of course the officials who have the authority to manage it must be responsible.
Cybersecurity is not just a technical issue, it also concerns public trust and national stability. This incident shows the importance of a solid security system in maintaining the integrity of data and public services. Now, more than just fixing technical vulnerabilities, governments need to enforce high standards of security and transparency in public data management.
Concrete steps must be taken immediately to strengthen PDN and national security infrastructure as a whole. First, in-depth audits of existing weaknesses should be conducted regularly with the involvement of independent cybersecurity experts. This will help in early identification of security gaps and implementation of quick and effective remedial actions.
Second, the development of strict, risk-based policies to manage and protect important national data is urgently needed. The government needs to push for clear and strict regulations regarding data protection and post-attack recovery to ensure a fast and efficient response to similar threats in the future.
In addition, investment in quality human resources in the field of cyber security should not be ignored. Intensive and continuous training for officials and technical workforce will improve the ability to detect, prevent and respond more effectively to cyber attacks.
Cyber security is no longer an option, but rather a necessity for every country that wants to ensure sustainability and stability in this digital era. Indonesia, with its unique potential and challenges, must take proactive and bold steps in building a cyber security system that is strong, adaptive and responsive to ever-evolving threats.