Collaboration is the key to Indonesia cyber resilience: BSSN

Indonesia’s cyber resilience strategy relies on a collaborative approach that involves all stakeholders, including the government, academia, businesses, and communities, said National Cyber and Crypto Agency's (BSSN) Deputy for Cybersecurity Operations, Bondan Widiawan.

“Segregation of duty is the most important. With clear divisions of roles and responsibilities between electronic system providers (PSEs), including the government, industries and communities, we can work together to overcome various threats in cyberspace.” 

Widiawan delivered these remarks in his keynote speech titled Securing the future: Crafting a 20-year government cybersecurity plan to boost growth at the Digital Transformation Indonesia Conference & Expo (DTI-CX) 2025 event held in Jakarta in August. 

According to him, cyberattacks are more complex and dangerous than ever because all sectors, from public services to financial systems, are interconnected. If a single weak point is compromised, it can trigger a domino effect across the entire ecosystem. 

“Collaboration enables us to draw on diverse perspectives, exchange ideas and best practises, and create a better understanding of the threat landscape faced by organisations, and even individual,” he added. 

Widiawan highlighted that Indonesia’s cyber landscape has reported 3.8 billion traffic anomalies over the past five years. The data is based on monitoring by the National Security Operation Center (NSOC) – a BSSN unit at the frontline of cyber threat detection. 

In 2025 alone, anomalous traffic has already exceeded 3.6 billion activities, nearly surpassing the anomalies of the past five years, signalling that cyber threats this year are particularly challenging, he noted. 

“So, the question is not whether cyberattacks will occur, but whether we are ready to face them.” 

The crucial foundation of Indonesia’s digital economy 

Cybersecurity is not only about protecting servers or networks but is also a vital foundation for digital economic growth, Widiawan explained. 

He cited the 2023 Google-Temasek report, which projected that Indonesia would lead the Southeast Asian digital market with an economic value of US$109 (S$140.40) billion by 2025, nearly tripling to US$360 billion by 2030. 

Yet, behind these promising figures, threats continue to loom. 

To subscribe to the GovInsider bulletin, click here. 

Widiawan reminded that potential losses from cyberattacks reached US$12.5 billion in 2023, which could undermine consumer, investor, and market confidence.  

He also referred to the Indonesia Cybersecurity Landscape Report 2024, which projected cyberattacks in 2025 to include stealer malware, ransomware, and website defacement through various methods, increasingly involving artificial intelligence (AI).  

“The public service, government, and financial sectors are the most vulnerable targets for cybercriminals,” he said, adding that the government will continue to ensure protection for its citizens through regulations and legislation. 

To improve national cybersecurity coordination, the government has issued the National Cybersecurity Strategy (SKSN) through Presidential Regulation No. 47 of 2023. 

The SKSN highlights eight focus areas: governance, risk management, preparedness and resilience, protection of critical information infrastructure, national cryptography independence, capability, capacity and quality development, cybersecurity policy, and international cooperation. 

“Through collaboration and by prioritising our respective roles and responsibilities across each of these focus areas, Indonesia can stand firm in the ever-evolving digital landscape,” he added. 

Developing the CSIRT ecosystem 

Speaking at another keynote session, BSSN’s Deputy for Cybersecurity Policy and Strategy, Air Vice Marshal Tjahjo Khurniawan, highlighted that it is crucial for electronic system operators (PSEs) to be prepared for security incidents and act quickly when they occur.

As the national cybersecurity coordinator, BSSN has established Computer Security Incident Response Teams (CSIRTs) in various government institutions, both central and regional, with the aim of preventing, handling, and recovering from cyber incidents within organisations.

The CSIRT team consists of representatives from BSSN, organisation, and academia, and is supported by cybersecurity professionals and information security experts who have undergone training and certification by BSSN. 

“The establishment of CSIRTs will create a fast and coordinated cyber incident response ecosystem,” Khurniawan said. 

Since 2024, BSSN has also expanded this structure to the local government level, assisting regional administrations in analysing, handling, and recovering from breaches of electronic systems. 

Currently, 537 CSIRTs have been formally registered with BSSN. 

BSSN is encouraging private PSEs to set up their own CSIRTs and register them with BSSN. 

“Collective efforts from all elements of community and industry are crucial to strengthening national cybersecurity,” he said.