To prepare for the growing threat of hacking and other cyber attacks, Johnny G. Plate, Minister of Communication, and Informatics emphasised that all Electronic System Operators (ESO) must prepare a comprehensive security system for processing personal data. As controllers and processors of personal electronic transaction data, private and public ESO are at the forefront mechanism.
To reduce the threat of hacking, I remind all Electronic System Operators must strictly follow the provisions of the Personal Data Protection Act, he said. The government regulates the rights of subjects, the processing of personal data, and the obligations of data controllers and processors, following Law Number 27 of 2022 concerning Personal Data Protection.
“One of ESO’s responsibilities is to train a data protection officer (DPO). So please be prepared because the DPO is the person in charge of the overall management of personal data in every Electronic System Operator,” Johnny cautioned.
To increase the reliability of fintech services, the Minister of Communication and Informatics encourages fintech players to use electronic authentication services provided by Electronic Certification Operators (ECO). “Authentication by ECO is critical to meeting transaction trust standards, particularly at the international level.”
According to Minister Johnny, the Ministry of Communication and Informatics has declared nine qualified ECOs after a lengthy audit. The nine ECOs are made up of both government and private institutions. “So, if we talk about electronic signatures, they will be included in the ECO,” he said.
The Minister of Communication and Informatics also invited financial institutions to collaborate in encouraging the use of electronic certificates and intensifying education to realise more secure and reliable financial transaction services. “I invite you to join me in supporting digital space management efforts and the full implementation of the PDP Law,” he said.
Indonesia continues to strengthen its cyber-security resilience through a diverse array of efforts. For example, the country has established the Indonesian Aviation Sector Computer Security Incident Response Team (IAS-CSIRT) to strengthen cybersecurity in the aviation industry. The aviation industry requires a dedicated cybersecurity team to anticipate system vulnerabilities, identify opportunities for bad actors to exploit, and reduce the risk of cyber incident threats.
The CSIRT will regularly publish information on vulnerabilities, security, and new technology trends. The team is also ready to face escalating challenges and will report to the Director General of Air Transportation at the Ministry of Transportation. In addition, CSIRT will use cyber drills and workshops to train members.
The team is responsible for receiving, reviewing, and responding to cyber incident reports and activities and providing reactive services such as incident coordination, incident triage, and incident resolution.
The aviation industry increasingly relies on digital technology for flight operations, ground services, communications navigation and surveillance, airport infrastructure, air traffic management, and supply chain.
Therefore, Markos, the Deputy for Cybersecurity and Economic Cryptography of the National Cyber and Crypto Agency (BSSN), hopes that the IAS-CSIRT can have a role, particularly in cyber incident handling and recovery. In addition, the team will be able to collaborate, synergise, and share information with various stakeholders and other cybersecurity constituencies in Indonesia.
Budi Prayitno, Director of Aviation Security at the Ministry of Transportation, emphasised the importance of cyber defence, pointing out that cybercrime has resulted in significant losses across industries. As a result, cybercrime prevention and management are critical for various stakeholders, including aviation service providers.
Moreover, BSSN encourages other sectors to form their CSIRTs. Following the issuance of Presidential Regulation 82 of 2022 concerning the Protection of Vital Information Infrastructure, the IAS-CSIRT was established for the first time (IIV). Because it manages various strategic information assets related to community survival, national stability, and sovereignty, Sector IIV prioritises the CSIRT.
