he widespread adoption of information and communication technology (ICT) in many sectors has made cybersecurity a pressing concern for many stakeholders, both in the private and public sectors. This is particularly true for critical infrastructure systems, such as power grids, healthcare services and financial institutions.
In recent years, Indonesia’s critical infrastructure systems have been targeted by a wide range of cyberthreats that usually aim to gain control of and deny access to critical systems, or to encrypt, delete or steal important data in the systems. These attacks can cause financial losses to the country’s economy and disrupt essential services.
From 2017 to 2018, massive ransomware attacks hit many hospitals in Indonesia, rendering patients’ data inaccessible when needed. In 2022, a hacker with the pseudonym Bjorka claimed that it had gained the personal data of millions of Indonesian citizens from various electronic systems. Recently, the customer data of Bank Syariah Indonesia (BSI), the largest Sharia bank in Indonesia, was stolen in May 2023 through cyberattacks conducted by the so-called LockBit group.
Critical infrastructure systems are vulnerable to a wide range of cyberthreats due to their complexity and interconnectedness. Among the most common vulnerabilities are outdated software and weakly secured network ports, which can create security gaps that hackers can exploit. Another common vulnerability is human error, such as employees falling for phishing scams or using weak passwords.
Moreover, many critical infrastructure systems are connected to the internet, making them accessible to attackers from anywhere in the world. These vulnerabilities highlight the growing need for a robust multilayered cybersecurity strategy to protect Indonesia’s critical infrastructure.
A multilayered cybersecurity strategy is crucial for protecting critical infrastructure systems from cyberthreats, reducing weak links in the systems and mitigating the impacts of such attacks. This approach involves implementing multiple layers of security measures to detect, prevent and mitigate the impacts of different types of attacks that target each layer of a cybersystem.
Every Thursday
For example, network security measures such as firewalls and intrusion-detection systems can prevent unauthorized access to critical systems. Effective monitoring and incident-response protocols can detect and respond to attacks in real time, minimizing the damage caused. Imposing robust encryption on sensitive and valuable data and information in the system can prevent hackers from understanding and utilizing its content for their benefits.
