IDCI Encourages Digital Trust Sovereignty Through National CA Roots
JAKARTA - The Indonesia Digital Cyber Institute (IDCI) emphasizes the importance of controlling the national Root Certificate Authority (Root CA) as the main foundation of Indonesia's digital belief system. In its latest study, IDCI stated that without control of Root CA, Indonesia will continue to depend on digital trust infrastructure controlled by foreign parties.
"Zero trust will not be meaningful without anchor trust controlled by the state itself. Root CA is a digital architecture foundation that ensures the validity of identity in all national electronic systems," said IDCI senior researcher Taufiq A. Gani, in his statement, Sunday, July 20.
The study states that until now, there are still many government institutions that use digital certificates from foreign providers such as Let's Encrypt, DigiCert, or GlobalSign. This dependence is considered a high risk because it places system validation control on foreign entities that are not in national jurisdiction.
IDCI encourages the Draft Law on Cyber Security and Resilience (RUU KKS) to become the legal basis that explicitly stipulates Root CA as a legal and operational component of the national cyber defense architecture.
"Without clarity on the structure of the command, our cyberspace will remain an area without control. Each institution may run, but without a mutually agreed direction," continued Taufiq.
According to IDCI, current regulations such as Article 13A of the 2024 ITE Law and PP Number 71 of 2019 have not substantially touched on national command arrangements for Root CA. In fact, countries such as the United States and the Netherlands have placed the Root CA authorities under legitimate and transparent government agencies.
IDCI also highlighted the need for institutional strengthening, increasing human resources, and harmonizing regulations between agencies. Consolidation of the role of the National Cyber and Crypto Agency (BSSN) as the main authority in managing digital trust is considered a strategic step that must be realized immediately.
SEE ALSO:
"Stipulating the national CA Root is not just a technical issue, but a political and strategic decision about who has the right to regulate trust in this country," said Taufiq.
This release is part of IDCI's efforts to encourage regulations that strengthen national cyber sovereignty through full control over digital trust infrastructure.