The British Embassy in Jakarta is working to boost cybersecurity in Indonesia with the creation of a health ministry Computer Emergency Response Team and a Health Data and Cyber Security Coordination Group.
The establishment of a health ministry Computer Emergency Response Team (CERT) and a multi-agency Health Data Protection and Cyber Security Coordination Group, will act as a focal point for strategic risk management relating to healthcare data and systems, an area "which is currently lacking and undermines operational planning and incident response capability," according to the embassy.
CERTs usually provide a combination of reactive services (e.g. alerts, warnings, incident response coordination) and proactive services (e.g. announcements, security assessments, development of tools). The Strategic Coordination Group will agree a terms of reference with key government stakeholders and support in setting up appropriate cross departmental governance structures focused on incident response strategies and threat intelligence sharing.
The embassy said in a statement: "Bids are welcomed from not-for-profit organisations including academia, NGOs, inter-governmental organisations and not-for-profit arms of commercial entities.
"Many capacity building projects cannot be fully delivered by a single implementer as the capability and skills required may only be found in a consortium. We therefore welcome bids from consortia, with a clear non-for-profit prime or lead implementer. Commercial organisations are permitted to join consortia as part of a bidding team. However, the commercial element of the proposal, which would be sub-contracted by the not-for-profit, must be proportionate."
Cybersecurity in Indonesia
In 2019, the Indonesian National Cyber and Crypto Agency (BSSN) reported 290 million cases of cyberattacks. That was 25% more than the previous year, when cybercrimes had caused losses of USD 34.2 billion for Indonesia. The Covid-19 pandemic in 2020 triggered a significant increase in phishing attacks, malspams and ransomware attacks, adding to the urgency of establishing a well-functioning infrastructure for cybersecurity in Indonesia.
According to the Centre for Indonesian Policy Studies, Indonesian cybersecurity laws and regulations created fragmented responsibilities across different ministries and they remain ineffective in preventing cyberthreats and cybercrime. A comprehensive regulation on cybersecurity is urgently needed in Indonesia.
The Indonesian parliament has been discussing an overarching Cybersecurity Bill but the process did not involve the private sector. As a result, the Bill contained provisions that were overly cumbersome and costly for businesses, requiring certifications, accreditations, and approval from BSSN for developing services and products. Local content requirements added further risks to Indonesia’s cybersecurity. The Bill was heavily criticized and later withdrawn from the parliamentary agenda in 2020 and 2021.