In a significant development for Indonesia’s cybersecurity preparedness, President Joko Widodo, widely known as Jokowi, has recently signed into effect a comprehensive set of regulations pertaining to national cybersecurity strategy and cyber crisis management. These regulations, formally known as Presidential Regulation or Perpres No.47/2023, are set to be implemented starting from July 20, 2023.
The primary objective of these regulations is to create a robust and effective framework for national cybersecurity, providing essential guidance to state institutions and stakeholders involved in the country’s digital infrastructure.
The ultimate goal is to bolster cyber capabilities and safeguard critical information systems to ensure cybersecurity stability, thereby protecting both national interests and citizens in the increasingly interconnected digital landscape.
Detailing the national cybersecurity strategy, the regulations outline various focal points and national action plans that will be central to the country’s cybersecurity endeavors. These areas of focus encompass a wide spectrum, including governance, risk management, preparedness, resilience, and the protection of vital information infrastructure.
Additionally, the regulations emphasize the importance of fostering national cryptographic independence, enhancing cybersecurity capabilities, building capacity, and maintaining a stringent cybersecurity policy, along with fostering international cooperation for collective security measures.
The implementation of the national cybersecurity strategy will be accompanied by a comprehensive national action plan, meticulously designed to address the intricacies and challenges of cybersecurity. This action plan will include carefully planned and measurable initiatives aimed at translating the broader cybersecurity strategy into actionable steps and results.
Among the key components of this action plan are specific activities, success indicators to gauge progress, clear timelines for implementation, and designated parties responsible for their execution.
Transparency and collaboration are integral to the development and execution of the action plan. The regulatory framework mandates the active involvement of relevant ministries and institutions during its formulation, ensuring a holistic and well-coordinated approach. Furthermore, state institutions are bound to adhere to the prescribed action plan, ensuring accountability and the collective commitment to the nation’s cybersecurity objectives.
The duration of the national action plan is set for five years, allowing for periodic review and adaptability to emerging threats and advancements in the cybersecurity landscape. This dynamic approach reflects the government’s commitment to staying at the forefront of cybersecurity and maintaining a proactive stance against cyber threats.
In tandem with the national cybersecurity strategy, the regulations also encompass the critical domain of cyber crisis management, recognizing the importance of preparedness and swift response to potential cyber crises. The cyber crisis management plan encompasses various stages, starting from pre-crisis assessment to crisis mitigation and post-crisis recovery.
Here, the involvement of electronic system providers (PSE) is emphasized, underscoring the significance of cooperation between the private sector and government in handling cyber emergencies.
To effectively tackle cyber crises, the regulatory framework calls for diligent preparations, including the development of cyber crisis contingency plans and the conducting of simulations to validate their efficacy. Importantly, state institutions are actively engaged during these preparatory phases, contributing to the formulation of these crisis contingency plans.
In terms of financing, the regulations clarify that the funding for national strategy and cyber crisis management will be sourced from the State Budget (APBN), Regional Budget (APBD), and other legitimate and non-binding sources.
This allocation of resources reflects the government’s recognition of the critical nature of cybersecurity, and its willingness to invest in fortifying the nation’s digital resilience.
