A Myriad Of Government Homeworks Facing Cyber Attacks That Are Increasingly Growing

A number of BSSN personnel attended cyber management training in Jakarta, Thursday (2/1/2025). (ANTARA/HO-Humas BSSN)

JAKARTA The Indonesian government is still vulnerable to cyber attacks. The weak cyber security system has made a number of companies and even ministries target severe hackers to hack data. Throughout 2024, there have been at least three incidents of cyber attacks against Indonesian agencies, including ransomware incidents that attacked the Temporary National Data Center or PDNS.

Based on records from theCommunication and Information System Security Research Center (CISSEeC), Indonesia experienced several cyber attacks over the past year, one of which was experienced by KAI by hacker actor Stormous.

In addition, the public must still remember when PDNS in Surabaya experienced paralysis last June due to a ransomware attack. As a result, it was no joke. A total of 47 services from the Ministry of Education, Research and Technology (Kemendikbudristek) were affected by the hacking of PDNS, including scholarship systems, KIP Lectures, and film licensing services.

In addition, immigration is the most affected institution. Immigration services at a number of international airports, including Ngurah Rai Airport, Bali, have problems that cause a buildup of passengers. The paralysis was later discovered to have been caused by a ransomware attack from the hacker group Brain Cipher.

In total there are 282 government agencies whose data is stored in the Surabaya PDNS affected by the ransomware attack.

However, the series of cyber attacks that occurred in 2024 is believed not to be the last. Head of CISSReC Pratama Persadha said cyber threats would grow in 2025 in line with technological advances and their complexity.

"In 2025, of course, there will still be many cyber attacks faced by the Indonesian people," said Pratama in a statement received by VOI.

The year 2025 is predicted to be a challenging year in the realm of Indonesian cyberspace. Pratama predicts there will be at least five cyber attacks that need attention from the government this year.

The first is the emergence of AI Agentics. This happens because the development of artificial intelligence (AI) technology makes cyber threats more sophisticated and complex. Pratama explained, AI Agentik will emerge as a new opportunity that is of interest to everyone, and a new potential cyber threat sector.

This AI agency can automate cyberattacks, reconnaissance, and exploitation so as to increase the speed and accuracy of attacks. In addition, bad AI agents can adapt in real time, break through traditional defenses and increase attack complexity," said Pratama.

The second threat that Indonesia needs to be aware of is AI-based fraud and social engineering. This artificial intelligence has the potential to increase fraud such as first aid (long-term financial fraud) and voice phishing (vishing) so that social engineering attacks are increasingly difficult to detect.

"The advanced deepfake produced by AI and synthetic sounds will also allow identity theft, fraud, and security protocol disruptions," he said.

With this technology, cybercriminals can easily imitate the identities of others to commit fraud that is difficult to detect.

The third is a ransomware attack that is growing with the use of AI. According to Pratama, cybercriminals will prepare post-quantum cryptography by adapting ransomware capabilities for future resilience so that attacks like this are increasingly difficult to track and overcome.

Fourth, supply chain attacks will also pose a serious threat in 2025. Hackers will target open-source ecosystems and exploit code dependencies to disrupt organizations. Cloudan environment is the main target as attackers exploit weak points in the complex supply chain of clouds.

"In addition, hackers will target third-party companies as entry points for attacks on large companies they are targeting," Pratama explained.

Finally, Pratama predicts that cyber warfare driven by ideological or political agendas will increase following the campaign action of espionage by "Big Four" actors, namely Russia, China, Iran, and North Korea.

"Cyber attacks driven by ideological or political agendas will increase, targeting critical governments, businesses and infrastructure," he added.

Facing increasingly complex cyber threats, Pratama encouraged the Indonesian government to fix a number of crucial homeworks that must be completed by 2025 in order to strengthen protection against digital infrastructure and public data.

One of the priorities is the establishment of a Personal Data Protection Agency (PDP) as a concrete manifestation of the implementation of the Personal Data Protection Law.

"This institution is expected to have a strong independent structure and capability to monitor compliance with regulations, handle data violations, and impose sanctions on those who violate it," Pratama explained.

In addition, the completion of Government Regulations as a derivative of the PDP Law is an important step to provide clear operational guidelines for various parties, both in the public and private sectors, in the management and protection of personal data. This regulation, according to Pratama, must include relevant technical and legal aspects, such as data security standards, incident reporting procedures, as well as dispute resolution mechanisms.

The government must also accelerate the discussion of the Draft Law on Cyber Security and Resilience, which has become part of the National Legislation Program (Prolegnas). This regulation is needed to provide a more comprehensive legal framework in dealing with increasingly complex and organized cyber threats, as well as strengthening cross-sectoral coordination in overcoming cyber incidents.

In the institutional context, strengthening the functions and authorities of the National Cyber and Crypto Agency (BSSN) is urgent. The government needs to ensure that BSSN has adequate human resources, technology, and budget to carry out its duties, including in the field of detection, response, and recovery of cyber incidents.

"BSSN must also be empowered to play a central role in securing national critical infrastructure, such as energy, transportation, and telecommunications," he said.

Finally, strengthening cyber security and defense within the government must be the main focus. This includes the implementation of strict cybersecurity policies in all government agencies, integration of interoperable security systems, and increasing human resource capacity through intensive training and certification in the field of cybersecurity.

"This effort will be an important foundation for Indonesia in facing the challenges of the digital era and maintaining sovereignty in cyberspace," said Pratama ending.