Cyber Security in Indonesia Post Establishment of The Personal Data Protection Law
--
Using the fishbone data analysis technique or fishbone diagram analysis according to Prunckun to assess the cause and effect of a problem can then help to become a guide in collecting the data and information needed in this research.
III. RESULT AND DISCUSSION
Leakage of Personal Data After the Enactment of the Personal Data Protection Act
Before the existence of the Personal Data Protection Act, regulations or laws regarding personal data protection were divided and scattered in several laws and regulations which in fact could not be said to be specific and comprehensive so they still needed special laws regarding personal data protection. These laws include Law Number 11 of 2008 and Law Number 19 of 2016 concerning Information and Electronic Transactions (ITE), Law Number 39 of 1999 concerning Human Rights (HAM), Law Number 14 of 2008 concerning Public Information Disclosure, as well as Law number 23 of 2006 and Law number 24 of 2013 concerning Population Administration [4]. Also Law number 36 of 2009 concerning Health states that every individual has personal rights and personal data protection, Law number 57 paragraph 1 number 36 of 2009 which contains that every individual should participate in protecting people’s data [5].
Since the enactment of the Personal Data Protection Law on October 17, 2022, it is known that Indonesia has received 46,994,562 attacks in the period from October 2022 to July 2023. Data obtained from the Honeynet map page of the National Cyber and Crypto Agency shows that Indonesia received more attacks compared to a superpower like the United States which received 42,537,733 attacks, The recipient of cyber attacks in third place was India which received 42,090,699 attacks, fourth place China received 27,758,546 attacks, and Fifth place is South Korea which received 15,860,207 attacks [6].
During this period, the region in Indonesia that was in the red zone, namely the recipient of the most cyber attacks, was Riau Province with a total of 115,736,475 attacks. Followed by DKI Jakarta Province with 40,683,588 attacks, Central Java
Province with 37,774,936 attacks, West Kalimantan Province with 23,566,241, East Java Province with 22,409,586, Bali Province with 20,822,614 attacks, West Java Province with 18,204. 613 attacks, Gorontalo Province with 11,127,916 attacks, Aceh Province with 10,572,024 attacks, South Sumatra Province with 10,215,026 attacks, Banten Province with 5,810,746 attacks, North Sumatra Province with 2,486,656 attacks. Other regions such as the Riau Archipelago Province, Bengkulu, Lampung, Central Kalimantan, East Kalimantan, South Kalimantan, North Sulawesi, South Sulawesi, West Nusa Tenggara, and East Nusa Tenggara and West Irian Jaya received less than one million attacks. Meanwhile, the provinces of West Sumatra, Jambi, Bangka- Belitung, West Sulawesi, Central Sulawesi, Southeast Sulawesi, North Maluku, and Maluku did not receive cyber attacks during this period [6].
Even though the Personal Data Protection Law has been formed, it was found that in the period I, namely from January to June 2023, there has not been a single case that was sanctioned in the form of a fine as a result of the leakage of personal data. In about six months, it is known that there have been 35 cases of personal data leaks, the most leaks occurred in June, namely 15 cases of data leaks. So far the government has resolved data leak cases in previous years in the form of recommendations and written warnings. Based on a statement from Samuel Abrijani Pangerapan, Director General of Applications and Informatics of the Ministry of Communication and Informatics, sanctions in the form of new fines can be imposed at least since October 2024, which is exactly two years since the Personal Data Protection Act was passed, or since the socialization and trial period this law ends. This is related to the absence of government regulations (PP) regarding the application of fines in cases of personal data leaks that occur [7].
The Condition of Cyber Security in Indonesia After the Enactment of the Personal Data Protection Act
The condition of Cyber Defense in Indonesia, especially in the context of protecting personal data, still requires real action, especially from the Indonesian government. The cyber realm is part of the territory of the Republic of Indonesia which, although its territory is not visible, has a very important role and position in national security and defense. The resilience of the cyber area will not be built properly if it only relies on laws that incidentally cannot be implemented because of the absence of an institution responsible for this area, especially in the field of personal data protection. What needs to be considered is the absence of an institution that is directly responsible for personal data issues in Indonesia is clear evidence of the absence of integration from the Indonesian government to seriously deal with cyber problems that continue to batter Indonesia’s sovereignty. In fact, institutions such as the National Commission for Personal Data Protection should be the driving force and person responsible for the Personal Data Protection Law, without this commission the Personal Data Protection Law is just a text without the ability to protect the rights of the Indonesian people or defend the national cyber area. Protection of personal data is the beginning of the formation of a national cyber security system that is able to protect the people and other data subjects who are part of the Republic of Indonesia.
The existence of the Personal Data Protection Law is not the end of the struggle to maintain national cyber sovereignty, the creation of a national cyber area that is safe and responsive to potential cyber crimes requires cooperation from various parties, both government and non-government. For the sake of strong state sovereignty in the cyber area, Indonesia still needs time for a socialization period or trial period for the Personal Data Protection Law that has been passed. In interviews conducted by researchers, experts in the realm of cyber security still have high hopes for the successful contribution of the Personal Data Protection Law to national cyber security and defense.
Data leaks, which are now a major issue in the realm of national cyber security, are not only experienced by Indonesia but also other countries almost all over the world. However, what makes the difference is the complexity of the cyber attack or data leak. According to Faisal Yahya, a country’s cyber resilience is not only assessed from the state’s side but from the entity that manages and owns cyber facilities which must be strengthened and increase awareness regarding potential cyber attacks. Both the public and data managers in the private sector and government agencies have the same responsibility for cyber security awareness
. It was emphasized that the current reality shows that society dominates as a human factor in the realm of cyber security , the phenomenon of work from home or work from anywhere after the Covid-19 pandemic has created a new environment in the world of work, where indirectly the responsibility regarding cyber security is held by control. each personnel who accesses the online realm with personal devices in their activities. Even though institutions or companies have provided devices with cyber security to personnel, if this is not accompanied by cyber security awareness then the potential for cyber crime will continue to occur, because according to Faisal Yahya, ” the next version of cyber security is inside the people’s head ” therefore education regarding cyber security awareness must be the main basis for activities in the cyber area [8].
Pratama Dahlian Persada stated that the condition of misuse of personal data in Indonesia has entered a critical stage, there are almost no boundaries between which parties may be able to access public personal data for illegal activities. With regard to defense and cybersecurity, Indonesia is also in a bad condition due to the absence of supporting features that are no less important in order to create a cyber space that can withstand threats. According to Pratama, there are at least seven important issues that need to be resolved intensively by the Indonesian government, namely: