Minister of Bureaucratic and Administrative Reform Yuddy Chrisnandi said the government will hand over cyber surveillance responsibilities to the State Cryptography Agency.
After attending a meeting in the Kemenko Polhukam building on June 21, Minister Yuddy said that the government is imposing a moratorium on the establishment of new governmental bodies, which is why the government looked for an existing agency with adequate facilities and human resources to be given the job of cyber surveillance.
The plan for the National Cyber Agency was previously said to be going through the process of being established, when Yuddy delivered the information regarding its cancellation.
If the government decided to hand over the task to the State Cryptography Agency, it will revitalize the Agencys original purpose.
In order to achieve efficiency in cyber surveillance, the State Cryptography Agency will be assisted by the Ministry of Communications and Informatics, as there is a division within the ministry that deals with online applications.
Further, Coordinating Minister for Political, Legal and Security Affairs Luhut Binsar Panjaitan said that the plans for the National Cyber Agency have not been cancelled. In fact, he stated that the planning will undergo its finalization by June 27.
With that said, the Coordinating Minister was reluctant to comment on the development of the Agency. He reiterated that the budget for the creation of the agency is being organized gradually and, until now, there have not been any significant problems.
"We are not releasing any information at the moment. We will make an announcement once it is ready," said Luhut, when asked about assigning the work to the State Cryptography Agency.
The Agencys establishment has been discussed since Luhuts predecessor, Tedjo Edhy Purdijanto, announced plans for its creation in March 2015. The agency is a result of the organizational development of the Ministrys Cyber Desk, that has been planned for approximately three years.
At the time, Tedjo said the Cyber Agency will protect all governmental institutions from wire tapping, including the President, himself.
This matter was reflected in a number of confidential documents obtained by former US Central Intelligence Agency (CIA) employee Edward Snowden, in which it was reported that Australia and New Zealand have been tapping in to the biggest cellphone network provider in Indonesia, as well as the telecommunication system of a number of smaller countries in the Pacific Islands.
Luhut, who replaced Tedjo in a Cabinet reshuffle, said the National Cyber Agency is his to prioritize during his time in office.
The formation of the National Cyber Agency can be the parent to cyber boards, and it need to involve many policy makers from the government, practitioners, academics, and the public. Other than Kemenko Polhukam, the governmental bodies that can be involved include the Communications and Informatics ministry, State Police, State Cryptography Agency and Indonesia-Security Incident Response Team on Internet Infrastructure.
There are a number of Agencies made up of various governmental elements, including the National Agency for Placement and Protection of Migrant Workers (BNP2TKI), which was established under Presidential law number 81, 2006 about BNP2TKI, and as directed in Act number 39, 2004 about the placement and protection of migrant workers overseas.
BNP2TKI consists of different divisions from the Foreign Ministry, Health Ministry, State Secretariat Ministry, Manpower Ministry and the State Police Headquarters.
The urgency of having an optimal cyber board was expressed by Ruby Zukri Alamsyah, an Indonesian digital forensic expert. The Bandung Technology Institute alumni is the first Indonesian national to become a member of the International High Technology Crime Investigation Association (HTCIA).
Indonesia is one of the countries with the highest number of internet users, which goes hand in hand with the countrys vulnerability to cyber crimes targeting government, corporations and individuals.
Especially now that the government is rapidly developing online governmental networks, the creation of a cyber agency has become a priority.
Many countries, including those neighboring Indonesia, have established their own cyber agencies, although the number of internet users is smaller compared to Indonesia. The absence of an optimal cyber agency may lead to the leak of confidential government data to hackers and foreign cyber attacks.
Ruby said that a tangible online threats comes from cyber crime conducted by a group named Nigeria Scammer. According to his data, Indonesia suffers a 150 to 200 billion rupiah loss per year from crimes carried out by this group.
The Digital Forensic Analyst also said that most cyber crimes attack economic data, such as financial statements, citizenship reports, government auction activity data, E-commerce and payments.
He said he realizes that the government has established institutions that resemble the functions of the National Cyber Agency, such as the Communications and Informatics Ministry and the State Cryptography Agency. However, the functions of these two bodies do not focus on cyber issues.
Consequently, the existence of the cyber agency does not conflict with the two existing bodies, rather, it will focus on cyber issues, which have not been a priority for the Ministry and the Cryptography Agency.
The formation of the National Cyber Agency has taken a long time, considering its establishment was announced three years ago. Based on his observations, Ruby said that delays may have been related to political matters and bureaucracy. Exact regulations are necessary when it comes to setting up an agency, he noted.
The decision to continue is, in fact, based upon how important the agency actually is. The government is currently sizing down the number of institutions in the country. Those deemed unnecessary might be downsized due to plans for the formation of new bodies.
A cyber crime threat exists within Indonesia, as reported by the Ministry of Communications and Informatics through ID-SIRTII. In 2014, for example, there were 48.8 million cyber attacks, 12,007,808 of which were caused by malware, 24,168 were due to security gaps, and 5,970 were caused by the leaking of records.
Other types of cyber crime attacks were the result of password harvesting or phising, with 1,730 cases listed. There were 215 cases of cyber crimes involving domain leaks. From those numbers, ID-SIRTII stated that the majority of the target pages were addressed go.id, meaning they belonged to the government.
Cyber threats have become complicated, involving individual players, hacker groups, even criminal organisations and terror groups who utilise social media to convey their propaganda, and even attack orders to vital infrastructures.
The dynamics of cyber danger continues to increase rapidly, which is why there need for specific legislation that deals exclusively with cyber issues, said Andi Widjojanto, a member of Kemen Polhukam, who is also part of the Cyber Agency formation team.
The former Cabinet Secretary further emphasized that the online network has spread out in a number of instances in Indonesia. For example, cyber defense divisions are present in the Defense Ministry and the State Military, intelligence signal functions in the Communications and Informatics Ministry, as well as the State Police Headquarters. Also, cryptography functions to protect the countrys communication activities are found in the State Cryptography Agency, and cyber protection functions in the ID ï¿½SIRTII, which reports cyber activities to the Ministry. Lastly, there is the internet filtering function in the Communications and Informatics Ministry.
Although these functions have been around for some time, they exist without being integrated, which is why the government has considered creating the National Cyber Agency.
The formation of the Agency is currently being evaluated by the Ministry of Politics, Legal and Security Affairs. Only time will tell whether it will actually be established, or merged into an existing body.(*)