JAKARTA The server disruption experienced by immigration services at the Directorate General of Immigration at the Ministry of Law and Human Rights caused long queues at several international airports in Indonesia. Not only that, the New Student Registration process (PPDB) in various regions was also disrupted.
Disturbances in immigration services and a number of other agencies were caused by cyber attacks in the form of Brainchiper ransomware against the Temporary National Data Center (PDNS) located in Surabaya since June 20, 2024.
The attacker filed a charge of US$8 million or around Rp. 131 billion. Minister of Communication and Information Budi Arie Setiadi has confirmed that he will not pay the ransom demanded by hackers.
Chairman of the CISSReC Cyber Research and Communication Institute Pratama Persadha highlighted the attacks that have made a number of public services chaotic. According to Pratama, government data is one of the main targets of hackers to be attacked because of the large and critical data stored.
He also suspected that cyber attacks on the government system could be an act of espionage to steal stored confidential data.
"Without seeing the audit results and digital forensics, it will be very difficult to determine the weaknesses exploited by hackers," Pratama told VOI.
Cybersecurity Not Considered Important
Cybercrime in Indonesia is considered quite worrying. The increase in digital transformation is directly proportional to the attack on information technology security systems. The SAFEnet report revealed that digital or cyber attacks in Indonesia experienced an increase in early 2024.
The number of digital security incidents during the January-March 2024 period was 61 times with details of 13 times in January, 20 times in February, and 27 times in March. This record is almost twice as much compared to last year's incident in the same period.
Before the National Data Center became a victim of cyber attacks, a number of institutions in Indonesia experienced the same thing. The website of the General Elections Commission (KPU), for example, was difficult to access on February 15, 2024 or the day after the presidential election. The KPU later stated that the institution's website had a digital attack in the form of DDoS.
In 2018, there was a case of data leakage of electronic ID cards in Indonesia which caused the leak of personal data of 191 million residents. BPJS Kesehatan also experienced a leak of participants' personal data in 2021, then the DPR YouTube channel was hacked by hackers on September 6, 2023. This action caused the channel to broadcast a live broadcast of gambling for several hours.
Chairman of the CISSReC Cyber Research and Communication Institute Pratama Persadha said that so far Indonesia does not consider cybersecurity to be important. Pratama said, if PDN carries out security standards properly, an incident like this that harms the Indonesian people will not happen.
The main cause of the vulnerability of government technology systems usually comes from the low awareness of human resources about cybersecurity, Pratama explained.
"People must be competent people, while Indonesia admits it is still lacking, cybersecurity should be a priority," he added.
Pratama continued, cybersecurity systems cannot only be seen from one side of infrastructure and security equipment, but must also look at other aspects such as employee training on cybersecurity.
According to Pratama, this is an important point for the cybersecurity of an organization, because it is not uncommon for cyber attacks to occur starting from the hacking of employee pc/laptops or obtaining employee credentials through phishing attacks.
"Seeing the proliferation of data leaks caused by the negligence of these human resources, it should have been a warning to organizational leaders to immediately conduct training to employees/mitras who have these access how to secure themselves," he added.
Late Learning
On May 27, President Joko Widodo launched Indonesia's Government Technology (GovTech) called INA Digital at the State Palace, Jakarta. Citing the Kominfo page, INA Digital is tasked with coordinating the integrated digital services of the government, which so far have been separated in thousands of applications belonging to ministries and institutions and local governments. The integration and interoperability of digital services has become a pattern in a number of developed countries, so people do not have to bother access various government services.
"Therefore, I say that starting this year, I will stop creating new applications, stop creating new platforms. Stop it!" said President Jokowi.
On the one hand, this policy can be seen as positive, because it is a breath of fresh air for Indonesia's efforts to carry out digital transformation, especially related to public services. But on the other hand, this can actually make it easier for hackers to launch attacks, especially if they are not accompanied by strengthening cybersecurity in Indonesia.
SEE ALSO:
When a good plan is not accompanied by sufficient security, it ends up being a disaster. When everything is made digital, then cyber attacks attack repeatedly attack Indonesia, it can be destroyed," he explained.
"Don't say this is a lesson, because if you study now it's too late. This is a very, very expensive lesson," he concluded, replying to the statement of the Deputy Minister of Communication and Information Nezar Patria that the incident of cyberattack disturbances against PDNS2 was an important lesson to strengthen cybersecurity in Indonesia.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)