THREE years after its proposal, Indonesia finally established its National Cyber and Cipher Agency this week amid concerns over the country’s alarming vulnerability to cyberattacks.
The new agency rolls together the Indonesia Security Incident Response Team on Internet Infrastructure (ID-SIRTII) and the long established State Cipher Agency into one body that reports directly to the president.
President Joko “Jokowi” Widodo had initially raised doubts on whether Indonesia needed another agency to deal specifically with cyber-crimes, arguing that the responsibility should lie with existing ministerial agencies.
But Indonesia’s fast-growing Internet penetration rate and drastic increase in cyberattacks in recent years have quickly changed the argument. Last month, two Jakarta hospitals Dharmais and Harapan Kita bore the brunt of the recent global ransomware attack.
— Ann_nt (@annnation_nt) May 15, 2017
Following the attack, the republic’s Communication and Information Ministry moved quickly, broadcasting through mobile texts and media releases steps on how to prevent similar malware attacks.
The ministry’s Information Security director Aidil Cenderamata recently told University of Indonesia students that the prompt responses, “had anticipated further spread of the attack. We received only a bit more than a dozen reports.”
A survey by the Indonesian Internet Service Provider Association (APJII) reported in 2016 that there are around 132.7 million Internet users in Indonesia, which is the equivalent of more than half the country’s population, a sharp increase from 34.9 percent in 2014.
“With the increase of Internet users, threats of cyber attacks also increase,” said Aidil.
“There is a constant discovery of weaknesses in (Internet) applications … so, quality and quantity of attacks is always increasing. ID-SIRTII reported that there was a 50 percent increase in cyberattacks in 2016 compared to the previous year,” he said.
The Government Computer Security Incident Response Team (GOV-CSIRT), a department within the Communication and Information Ministry that focuses on government information security, reported high attack incidents on government websites last year.
Data shows that 65 percent of a total 1,221 attack incidents were defacements of government websites and a significant portion involved the total 3,805 go.id domains monitored by GOV-CSIRT.
The ever increasing storm of attacks put pressure on the government to increase cybersecurity efforts. But administrators said there are challenges involved.
“We face challenges in enforcing the law. First of all because of the exponential increase of Internet access, equipment challenges, increasing number of applications and encrypted attacks,” said Aidil.
He added that “according to data that we received, 70 percent of the attacks involve insiders.”
According to Microsoft Malware Infection Index 2016, Indonesia rates high in malware encounters, second only to Pakistan. Cyberattacks in the republic have also continued to increase in sophistication, and in many cases, months went by before they were discovered.
Deputy head of ID-SIRTII, Iwan Sumantri, said part of the reason for the high incidence rate of malware attacks comes from Indonesia’s “appetite for pirated software”.
He said web defacement was the least of his concerns as global trends suggest this form of attack is on the decline.
“We are more worried about the increasing unknown attack techniques,” he said.
In 2016, the highest proportion or 33.1 percent of global attack techniques were unkown.
Iwan explained that the recent ransomware attack was not the worst.
“The recent attack demanded money, but there are other more malicious attacks – the ones that spy on you, like remote access trojans,” he said.
Remote access trojans are programs that are usually downloaded inadvertently with email attachments, or games, allowing cyberattackers unauthorised access to a victim’s computer.
Interpol recently identified nearly 9,000 command-and-control servers, or machines remotely controlled by cyberattackers, and hundreds of compromised websites, including government portals all around the Asean region.
In February this year, a few days before the simultaneous regional elections, the Election Commission (KPU) reported several attacks, prompting the government to accelerate the establishment of a national cyber body.
Experts were quick to ensure the public that the election results were unaffected and that the main KPU website remained safe, despite the attack attempts and the hoax messages that were spread like wildfire through social media.
Iwan explained that the fast spread of fake messages, also often used in phishing, or attempts to obtain sensitive information by posing as emails from legitimate sources, are caused by insecure email systems.
“Sending fake emails in an open relay system is easy. I can send emails as if it is from A to B, to get information such as passwords,” he said.
Iwan said he predicts there will be an increase of attacks in 2017, especially in more varied types of malware.