Cybersecurity Weakness Exposed by Attack on National Data Center (PDNS) 2 Surabaya
The cyberattack targeting the Temporary National Data Center 2 (PDNS 2) in Surabaya has revealed significant vulnerabilities in Indonesia’s cybersecurity infrastructure, particularly in combating evolving malware. Desi Albert Mamahit, Chairman of the Indonesian Cybersecurity Entrepreneurs Association (Hipkasi), stated that the attack on the National Data Center exposed critical weaknesses in the country’s cyber defense systems.
In June 2024, the hacking group Brain Cipher breached PDNS 2 Surabaya using the Lockbit 3.0 ransomware variant. The attack left hundreds of government services crippled after Indonesia’s cyber defenses were compromised. "The severe weakness in Indonesia’s cybersecurity systems poses a threat to national stability," Mamahit said on Friday (November 8, 2024).
For context, ransomware is a type of malware that can lock files on devices such as smartphones, laptops, and other gadgets. During the attack, approximately 282 government agency services were affected. Of these, 239 agencies experienced prolonged recovery times due to a lack of backups, while the remaining 43 agencies recovered more quickly thanks to their backup systems. Mamahit emphasized the need for the government to raise awareness about cybersecurity threats as a crucial first step, from the individual to the national level.
"The importance of secure gadget and internet use, from smartphones to computers, cannot be overstated. In workplaces, all staff, including leadership, must understand this," Mamahit stated. He also highlighted the need for a collaborative approach to strengthening national cybersecurity. Traditional antivirus technology must be complemented by advanced malware analysis tools to achieve optimal threat detection. Integration between various security software and cross-sector collaboration is expected to enhance Indonesia's capacity to address evolving cyber threats over time.
Reza Maulana, Vice Chairman of the Hungary-Croatia Bilateral Committee of the Indonesian Chamber of Commerce and Industry (Kadin), stated that the government must address cybersecurity across personal, organizational, and national levels. He suggested fostering international cooperation through knowledge transfer and strengthening Indonesia's cybersecurity ecosystem to counter cyberattacks.
Meanwhile, the National Cyber and Encryption Agency (BSSN) has urged the House of Representatives (DPR) to prioritize the Cybersecurity and Resilience Bill in the national legislative agenda (Prolegnas).
Hinsa Siburian, Head of BSSN, emphasized the agency's commitment to supporting President Prabowo Subianto's eight-point vision, Asta Cita. As part of this vision, BSSN will enhance the connectivity and security of information technology and telecommunications against cyber threats. One key initiative is completing the academic study and drafting the Cybersecurity and Resilience Bill within the first 100 days of President Subianto’s term.
"In line with this vision, BSSN will undertake activities to finalize the academic study, academic paper, and draft of the Cybersecurity and Resilience Bill," Hinsa said during a working meeting with Commission I of the DPR on Thursday (November 7, 2024).
Hinsa added that once the academic draft is complete, it is hoped the Cybersecurity and Resilience Bill can be included in the priority legislative agenda. "If this proposal is accepted, we recommend that the DPR include the Cybersecurity and Resilience Bill in the priority national legislative program," he concluded.