Authors: Hafidh Fikri Rasyid, Jennis Polin Situmorang, Yolanda Purnama Sari Damanik
Reviewers: Farid Al-Firdaus, Dwi Martutiningrum, Dinda Ganisawati Javada
Digital technology is now an integral part of people’s lives. The 2015 to 2023 survey compiled by the Indonesian Internet Service Providers Association (APJII) shows that the number of Indonesian internet users increased from 110.2 million to 215.63 million. The most significant increase was during the COVID-19 pandemic when most people worked in private rooms and relied on the Internet.
Cybersecurity threats are also increasing as Indonesia’s internet users increase. The National Cyber and Crypto Agency (BSSN) noted that cyber attacks in 2021 reached 1.6 billion, an increase of 231% from the previous year, 2020, which amounted to 495 million. The report also detected 2,549 cases of phishing emails, 79,439 accounts that experienced data breaches, and 9,749 web defacements, with the academic sector having the most cases in 2021.
According to the findings of a Frost and Sullivan study conducted by Microsoft in 2018, potential economic losses in Indonesia caused by cybersecurity incidents could reach USD 34.2 billion. This amount is equivalent to 3.7 percent of Indonesia’s total GDP in 2018, which was USD 932 billion. Therefore, cybersecurity is a priority issue in Indonesia to achieve the Golden Indonesia Vision 2045, which strengthens human development and mastery of technology for all Indonesians.
Issues & Challenges
In order to overcome cyber threats, it is necessary to strengthen cyber security because the level of urgency of cyber security is directly proportional to the level of dependence on utilization in cyberspace. However, in practice, Indonesia still needs to be improved by challenges such as the lack of government budget support, low public awareness of cybersecurity, unsupportive policies/regulations, lack of human resource competence, limited technological development, and lack of synergy in handling cybercrime.
The leading cause of the increase in cyber attacks that coincides with the increase in internet users is the low public awareness of cybersecurity. It is proven by the results of a digital security survey in 2022 in rural areas of Indonesia that only about 30% of people can independently distinguish which emails contain spam/virus/malware. This does not rule out the possibility of spam/virus/malware/fraud cases in short messages such as ticket messages, but the ticket is in the form of .apk, which turns out to suck money.
In addition, the punishment for cyber criminals in Indonesia is weak and lacks a deterrent effect. According to the Chief Analyst of the Cyber Crime Investigation Center, Muhammad Yunnus Saputra, online criminals often receive only 6-month prison sentences. Upon release, they frequently reoffend. Supreme Court Regulation No. 2/2012 allows crimes with losses below IDR 2,500,000 to be processed through a summary mechanism, resulting in lighter sentences of up to 3 months. Fraudsters exploit this loophole to commit numerous small-scale frauds, affecting many victims.
Due to low public awareness of cybersecurity and the lack of comprehensive laws, schools and universities in Indonesia have not integrated cybersecurity into their curricula. Although these institutions play a crucial role in developing competent human resources, cybersecurity education has not been prioritized. As a result, schools and universities have not become significant components in fostering cybersecurity awareness and skills.
Learning from America and Singapore
In developed countries such as the United States and Singapore, education to foster cybersecurity awareness has been carried out at the primary education level with the help of state agencies. In the United States, the Department of Homeland Security launched an initiative called the Cybersecurity Education and Training Assistance Program (CETAP). This initiative aims to build and strengthen human resources in cybersecurity through cybersecurity education at the primary and secondary levels and support teaching cybersecurity skills at the primary and secondary education levels.
One of CETAP’s program implementations is funding the creation of a platform containing cybersecurity teaching materials that teachers can download and study before being taught to school students. This can empower teachers to teach credible and up-to-date cybersecurity material in schools.
Meanwhile, in Singapore, a state cybersecurity agency called Cyber Security Agency of Singapore has a role in protecting and improving cybersecurity. The agency has the SG Cyber Safe Students program, which Singapore’s Ministry of Education supports, to develop an initiative and resources to educate people on the dangers in the cyber environment and how to stay safe in cyberspace. The SG Cyber Safe Students program is similar to the Cybersecurity Education and Training Assistance Program (CETAP) of the United States, except that the support provided by the SG Cyber Safe Students program has the advantage of lending game devices that can be played by students at school and holding activities or events aimed at raising awareness of cybersecurity.
Recommendations
Compared to the previous two countries in cybersecurity education, Indonesia still experiences many challenges. Among the most important of these challenges is the poor cybersecurity literacy condition of the community, characterized by Indonesia’s low digital security index in 2023, which is 3.29 on a scale of 5. To overcome this condition, the Indonesian government has yet to provide cybersecurity education that can specifically address this problem. There are only a few universities that teach more about cybersecurity education at a certain level, including the National Password College (STSN), Gunadarma University, and the University of Indonesia. Seeing this condition, the government needs to make many improvements, especially in cybersecurity education, so that Indonesia can catch up with the digital safety index and reduce the number of financial losses the public feels from scams on the internet.
Firstly, the government can incorporate cybersecurity education into the elementary school curriculum and lectures. Government institutions such as the Ministry of Education and Culture and the Ministry of Communication and Information are expected to collaborate with international organizations such as UNICEF and private institutions such as Ruangguru to form cybersecurity curricula and socialization for schools in Indonesia. The curriculum must implement the four pillars of digital literacy into student learning, namely digital skills, culture, ethics, and safety, to produce digitally capable Indonesian children. The government needs to pay more attention, especially to digital safety, because according to Databoks 2023, the digital safety index is the lowest among the other four pillars.
Furthermore, to design this education to be sustainable and reach the wider community, the government needs to collaborate in research with countries that have good-quality cybersecurity education, such as the United States and Singapore. This research aims to produce effective cybersecurity education for the Indonesian people, able to adapt to the diverse learning culture of the community and prepare the community to face the types of cybercrime that will increasingly develop.
Conclusion
In conclusion, Indonesia faces increasing cybersecurity threats as internet penetration becomes more widespread, requiring better education and cyber awareness solutions. Efforts to address this issue require full support from the government in providing budgets, the integration of the cybersecurity curriculum at all levels of education, and the development of a supportive regulatory framework. Taking examples from developed countries such as the United States and Singapore, where cyber education has been effectively integrated since the primary education level, Indonesia can build a generation skilled in facing future cyber challenges. These steps will mitigate current risks and support Indonesia’s vision of safe and sustainable digital development.
References
Cybersecurity Education and Training Assistance Program. (2024, April 18). National Initiative for Cybersecurity Careers and Studies. https://niccs.cisa.gov/cybersecurity-career-resources/cybersecurity-education-and-training-assistance-program
Devananta, Aria. (2021). Implikasi Cyber Crime Pada Bisnis Digital di Indonesia. Jurnal Litbang Polri, Desember 2021, 140-141.
https://jlp.puslitbang.polri.go.id/jlp/LitbangPOLRI/article/download/157/131
Databoks. (2023). Indeks Literasi Digital Indonesia Terus Meningkat sampai 2023. https://databoks.katadata.co.id/datapublish/preview/2023/12/14/indeks-literasi-digital-indonesia-terus-meningkat-sampai-2023
Jakarta. Asosiasi Penyelenggara Jasa Internet Indonesia. (2016). Survei Internet APJJI 2016. https://survei.apjii.or.id/survei
Jakarta. Asosiasi Penyelenggara Jasa Internet Indonesia. (2017). Survei Internet APJJI 2017. https://survei.apjii.or.id/survei
Jakarta. Asosiasi Penyelenggara Jasa Internet Indonesia. (2018). Survei Internet APJJI 2018. https://survei.apjii.or.id/survei
Jakarta. Asosiasi Penyelenggara Jasa Internet Indonesia. (2020). Survei Internet APJJI 2019-2020.
https://survei.apjii.or.id/survei
Jakarta. Asosiasi Penyelenggara Jasa Internet Indonesia. (2022). Survei Internet APJJI 2022.
https://survei.apjii.or.id/survei
Jakarta. Asosiasi Penyelenggara Jasa Internet Indonesia. (2023). Survei Internet APJJI 2023.