Indonesia to boost cybersecurity in healthcare sector

British Embassy Jakarta invites bids to help create a Health Data and Cyber Security Coordination Group to boost cybersecurity in the country.

The British Embassy in Jakarta is working to boost cybersecurity in Indonesia with the creation of a health ministry Computer Emergency Response Team and a Health Data and Cyber Security Coordination Group.

The establishment of a health ministry Computer Emergency Response Team (CERT) and a multi-agency Health Data Protection and Cyber Security Coordination Group, will act as a focal point for strategic risk management relating to healthcare data and systems, an area "which is currently lacking and undermines operational planning and incident response capability," according to the embassy. 

CERTs usually provide a combination of reactive services (e.g. alerts, warnings, incident response coordination) and proactive services (e.g. announcements, security assessments, development of tools).  The Strategic Coordination Group will agree a terms of reference with key government stakeholders and support in setting up appropriate cross departmental governance structures focused on incident response strategies and threat intelligence sharing.

The embassy said in a statement: "Bids are welcomed from not-for-profit organisations including academia, NGOs, inter-governmental organisations and not-for-profit arms of commercial entities.

"Many capacity building projects cannot be fully delivered by a single implementer as the capability and skills required may only be found in a consortium. We therefore welcome bids from consortia, with a clear non-for-profit prime or lead implementer. Commercial organisations are permitted to join consortia as part of a bidding team. However, the commercial element of the proposal, which would be sub-contracted by the not-for-profit, must be proportionate."

Cybersecurity in Indonesia 

In 2019, the Indonesian National Cyber and Crypto Agency (BSSN) reported 290 million cases of cyberattacks. That was 25% more than the previous year, when cybercrimes had caused losses of USD 34.2 billion for Indonesia. The Covid-19 pandemic in 2020 triggered a significant increase in phishing attacks, malspams and ransomware attacks, adding to the urgency of establishing a well-functioning infrastructure for cybersecurity in Indonesia.

According to the Centre for Indonesian Policy Studies, Indonesian cybersecurity laws and regulations created fragmented responsibilities across different ministries and they remain ineffective in preventing cyberthreats and cybercrime. A comprehensive regulation on cybersecurity is urgently needed in Indonesia.

The Indonesian parliament has been discussing an overarching Cybersecurity Bill but the process did not involve the private sector. As a result, the Bill contained provisions that were overly cumbersome and costly for businesses, requiring certifications, accreditations, and approval from BSSN for developing services and products. Local content requirements added further risks to Indonesia’s cybersecurity. The Bill was heavily criticized and later withdrawn from the parliamentary agenda in 2020 and 2021.

 

Share

Featured Articles

Testing time for British intelligence search for girl power

More than 8,700 girls set to take part in a contest which seeks to inspire young women to pursue cyber careers and create lasting change in the industry

One in five business leaders fear cybersecurity “inside job”

Business leaders worry about the threat from within, with 71% convinced their next big cybersecurity event will be caused by an employee, new survey claims

GCHQ says UK under attack from groups in Russia and Iran

The UK’s National Cyber Security Centre has exposed details of malicious campaigns against targets of interest across specified sectors, including academia

ICYMI: Spoofing plane dangers and “terrorism on steroids”

Network Security

FBI turns tables on hackers in ransomware “cyber stakeout”

Network Security

Klamath Falls calls on ZeroEyes to spot and stop shooters

Operational Security