Heaptalk, Jakarta — Responding to the latest issue regarding ransomware attacks on the National Data Center (PDN), the Southeast Asia Freedom of Expression Network (SAFEnet) affirmed the significance of the national cloud and data center players’ involvement in developing infrastructure, which is expected to cease this issue.
According to SAFEnet, several critics from the House of Representatives and industry players regarding the lack of transparency in planning and weaknesses in handling cyber threats emerged, and the involvement of foreign funding as well as the process from the top to the bottom of PDN establishment, whereby the government manages itself instead of involving the national cloud and data centers player.
Furthermore, the disruption of the National Data Center (PDN) indicated the need for more government consistency in implementing the development process of critical technology infrastructure, which has long been claimed to be safe, reliable, and up to high standards.
“Regarding planning and building critical vital infrastructure, the PDN has faced a Single Point of Failure (SPOF). In effect, there is nothing that the agencies storing data in the PDN, such as immigration and airport services, can do except wait,” The Executive Director of SAFEnet, Nenden Arum, said.
This severe data leakage of society in government institutions has undermined public trust. For this reason, SAFEnet calls on the government to hold multiple moves:
- Provide an official statement transparently regarding the current cyber attack at the National Data Center (PDN), declare responsibility, and apologize for the negligence that has paralyzed multiple public services and the risk of leaking personal data on vital critical infrastructure.
- Guarantee the protection of users’ data contained in PDN and carry out procedural and accountability steps following the principles of Personal Data Protection (PDP)
- Review the tender process and construction of PDNs, both temporary and permanent PDNs that are still to be built, by strictly implementing incident management scenarios and transparent and accountable business continuity.
- Spread information and solicit suggestions from other stakeholders regarding national data, such as the technical community, academics, and civil society organizations.
- Provide opportunities for the national cloud/data center industry to participate in infrastructure and business development matters outside governance, where the Ministry of Communication and Informatics is the regulator.
- Guarantee that similar issues do not occur and be willing to take responsibility for all incidents that occur.
As one of the local players, the CEO of desktopIP also underscored the significance of the national players’ contribution in the digital space to minimize similar trouble. He argued that the Indonesian government needs to reconsider its approach, ensuring the local tech companies are involved and supported in clearing up the problem.
“I have observed that Indonesia’s concept of digital sovereignty only lies in the physical location of data storage within the country. If we develop the technology independently, we could decisive hackers by choosing diverse locations, even overseas, to store critical data. It is all about the strategy and mindset in risk mitigation. The National Data Center will never be entirely secure if our way of thinking and mentality do not change,” Phidi affirmed.
