Proposal for Draft Law on Cybersecurity and Resilience

The Draft Law on Cybersecurity and Resilience is currently being formulated. Pratama Persadha, Director of Communication & Information System Security Research Center, believes that Indonesia needs a strong legal foundation in managing and protecting its national digital ecosystem.

He proposed several points within the regulation framework. First, the National Cyber and Crypto Agency has limited authority in handling cyber incidents, particularly in enforcement and cross-sectoral coordination.

“This law must grant stronger authority to BSSN, while still harmonizing its role with other institutions such as the police, the Ministry of Defense, and telecommunications authorities to ensure there is no overlap in the execution of duties,” said Pratama to Hukumonline.

Second, there are two main approaches: focusing on the protection of Critical Information Infrastructure (CII) or including public protection. Given the high number of cybercrimes targeting the public—such as online fraud and identity theft—it would be best for this framewok to cover protection for both.

Third, this regulation must ensure that organizations related to public services and critical systems are required to have a strong cybersecurity strategy, with regular audits to assess their readiness in facing cyber threats.