Indonesia’s national cybersecurity strategy

The National Cybersecurity Strategy provides a comprehensive, multi-dimensional framework for enhancing Indonesia’s cybersecurity resilience. It aims to align national policy, build capacity, and ensure preparedness in the face of growing digital threats.

1. Objectives (Article 4)

The strategy pursues four key objectives:

• Achieve national cybersecurity resilience.
• Protect the digital economic ecosystem.
• Strengthen reliable and resilient cybersecurity capabilities.
• Prioritise national interests and contribute to a global, open, stable, and responsible cyberspace.

2. Strategic Components (Article 5)

The strategy consists of two main components:

• Focus areas – outlining the main pillars of national cybersecurity.
• National Cybersecurity Action Plan – a 5-year roadmap to operationalise the focus areas.

Focus Areas of the Strategy (Articles 6–14)

Eight focus areas serve as pillars of Indonesia’s approach to cybersecurity:

a. Governance (Article 7)

• Improve the cybersecurity ecosystem, including human resources, processes, and technology.
• Enhance synergy and collaboration across institutions for unified cybersecurity efforts.

b. Risk Management (Article 8)

• Optimise risk identification, analysis, and mitigation strategies.
• Strengthen collaboration between stakeholders in implementing risk-based policies.

c. Preparedness and Resilience (Article 9)

• Build effective incident response capabilities.
• Establish and implement contingency plans for cyber crises.
• Enable emergency response operations and enhance secure information exchange.

d. Protection of Critical Information Infrastructure (Article 10)

• Ensure the protection of vital information infrastructure (VII).
• Improve guidance and oversight mechanisms in accordance with relevant laws.

e. National Cryptography Sovereignty (Article 11)

• Formulate national cryptographic policy.
• Support R&D and innovation in cryptography.
• Promote domestic cryptography industries and integrate national policy among stakeholders.

f. Capability, Capacity, and Quality Improvement (Article 12)

• Integrate cybersecurity into educational curricula from early childhood to higher education.
• Promote skills development, continuous training, and public awareness.
• Support R&D in cybersecurity and provide targeted programs for vulnerable sectors.

g. Cybersecurity Policy Development (Article 13)

• Conduct policy analysis and evaluation.
• Issue evidence-based policy recommendations.
• Promote legal literacy and law enforcement related to cybersecurity.

h. International Cooperation (Article 14)

• Establish priorities for international cybersecurity collaboration.
• Strengthen Indonesia’s role in bilateral, regional, and multilateral forums.
• Share best practices and improve crisis response through joint initiatives.

National cybersecurity action plan (Articles 15–16)

The Rencana Aksi Nasional Keamanan Siber is a structured 5-year plan that translates the focus areas into concrete initiatives. It includes:

• Clear activities, success indicators, timelines, and responsible actors.
• Alignment with national development goals, technological progress, and evolving strategic contexts.
• Periodic review to accommodate changing threats and priorities.

The BSSN is responsible for:

• Drafting the action plan with involvement from other ministries and agencies.
• Coordinating, monitoring, evaluating, and reporting progress to the President annually or as needed.

All government institutions are obliged to implement the action plan, with support from relevant stakeholders.