Meet GI's Cybersecurity Champion: Istiqomah, Head of CSIRT & PDP, Ministry of Health, Indonesia

This interview is part of GovInsider's inaugural Cybersecurity Champions report featuring public sector cybersecurity officials around the world.

Please give a brief description of your job function as a cybersecurity professional, as well as what your organisation does.

As Head of the Cybersecurity Incident Response Team (CSIRT) and Personal Data Protection, I collaborate with the infrastructure team to manage cybersecurity for systems within the Ministry of Health environment. 

This team is supported by a Security Operations Centre (SOC) that continuously monitors cybersecurity 24 hours a day.   

This team is under the Centre for Data and Information Technology (Pusdatin) and acts as the coordinator for cybersecurity management within the Ministry of Health and the healthcare sector.  

Pusdatin also coordinates with the National Cybersecurity Agency (BSSN), the National Intelligence Agency (BIN), and the Ministry of Communication and Digital Affairs (Komdigi) in managing and enhancing cybersecurity capabilities. 

What kind of cyber threats does your organisation face on a regular basis? 

In the past year, the most common cyber threats to the Ministry of Health environment were malware infections (69.6 percent), data leaks (26.6 percent), and defacement (1.9 percent). 

In your view, what are the biggest threats and challenges (be it in the network layer, and/or in areas such as scams, phishing and identity theft) in the public sector cybersecurity scene globally? 

The biggest threats and challenges in cybersecurity are social engineering, which are attacks that exploit human weaknesses. 

Humans are the weakest link in cybersecurity. Human negligence and lack of awareness can open security gaps in even the most robust defence systems. This is especially true in the public sector, which prioritises public service.   

Another challenge is balancing the convenience of public services with the fulfilment of security standards. In some cases, security measures are perceived as slowing down and complicating service processes.

To subscribe to the GovInsider bulletin, click here.  

Many say that we are entering an age of AI-driven cyberwarfare where both hackers and cybersecurity professionals use AI tools for attack and defence. What is your view? 

AI is an evolving technology that can be positive when used properly. Conversely, AI can also be negative when used for malicious purposes. 

Both hackers and security professionals can utilise AI technology. In its implementation, the use of

AI requires ethical guidelines to ensure that it is used responsibly for the common good and does not harm others.  

The Ministry can incorporate these ethical guidelines into regulations aimed at ensuring that AI is used properly, beneficially, and does not harm others. 

Cybersecurity is often described as a team sport whereby a network's vulnerability is often defined by its weakest link. In this context, how important is having a whole-of-government or whole-of-country cybersecurity posture? 

It is very important to have an ideal cybersecurity posture. We must know what strengths we have, both in terms of policy and controls established in several aspects related to security to protect data and information assets.  

The stronger the cybersecurity posture, the more prepared we will be to face cybersecurity threats. 

An often-repeated point in the cybersecurity sector is what your Plan B is after your network is breached. Can you share your point of view on this aspect? 

Zero trust is a security approach that assumes that nothing is inherently secure by default. Everything has potential risks that must be managed, both before and during an incident.  

We must start by identifying potential risks and incidents that may arise from the assets we manage. Next, we must develop a mitigation plan in the event of a security incident, considering various situations and conditions, and simulate them so that when an incident does occur, services do not come to a complete halt, and we can minimise the resulting losses.  

If your organisation gave you an unlimited budget for cyber defence, what would you spend it on? 

In addition to purchasing the latest and best technology tools, it is equally important to invest in people, whether they are security managers, application managers, or users.

No matter how advanced the security tools are, they still require humans with strong analytical skills and sensitivity to manage security. The same applies to applications supported by strict security systems. If users lack understanding in maintaining access and protecting their assets, then security defences may be rendered ineffective.   

Therefore, in addition to purchasing the most advanced technology, unlimited budgets will also be used to enhance the capabilities of security managers and increase awareness among application users.  

What brought you to this profession and what do you love the most in your job and what would you like to improve?   

Security is an effort to protect what is valuable not only for oneself but also for others. Maintaining security means safeguarding the interests of many parties.

Equally important is how we can help others understand the importance of protecting data from potential cyber threats. Because even the slightest negligence can potentially lead to significant threats.   

The skills I want to improve further are identifying and mitigating potential risks (risk management), as well as advocating and raising awareness about information and cyber security.  

The lack of qualified cybersecurity professionals is a global problem. How do you think this can be overcome? 

In the face of increasing threats, coordination with other cyber incident response agencies and the establishment of a cyber security communication forum comprising experts and practitioners are essential for exchanging experiences. Experience is the easiest knowledge to learn and can be directly implemented. 

If you had a chance to restart your career from scratch, would you still want to be cybersecurity professional and why? 

Yes. Because managing cybersecurity indirectly also safeguards data security. In the healthcare field, data is extremely important, so safeguarding data means we are helping to protect patient safety.