In August 2018 an MOU was signed between Australia and Indonesia to work together on cyber-security. Such agreements are of course, not legally binding, and some question their relevance. But in cultures that highly value trust, an MOU provides the framework for relationship building. It is up to the two countries to work on that relationship.
In the “areas of cooperation” there is a section outlining where business can work together in the digital economy space.
“Participants will support business to business connections and growth of digital economy and innovation. And sharing of national policies, best practice and strategies to support the digital economy.”
A visit by a group of Australian cyber security companies, organised by Austrade, to Jakarta, showed where some business solutions could work. The delegation consisted of companies that had systems for data protection, encryption and testing.
On day one they heard from the Deputy Director of Identification and Vulnerability Assessment with Indonesia’s National Cyber Agency (BSSN) Nur Achmadi, on the work being done to “stress-test” government systems, including in regional ares. Mr Achmadi has been working with Australian officials and was in Canberra in 2018 for the bilateral agreement on cyber cooperation.
One of delegates, Andrew Muller, the Managing Director of Ionise, says that Australia has some advantages that it could work with in the market, and needs to recognise where Indonesia has moved ahead.
“It is the case in that we do have more advanced legislative and regulation around our industry. We’ve gone through and dealt with some of the problems that Indonesia is yet to experience but by and large they are pretty much up to speed with the rest of the world, both with their skills and knowledge of the technology and implementation. I think they’re doing quite well.”
Research has found that attacks by unknown hackers are the number one source of security incidents in Indonesia (at 49%) with estimates that billions of dollars have been lost to cyber attacks.
Indonesia has made great strides in reaching the unbanked and giving them a platform for better financial inclusion and choice. It’s e-commerce growth has the attention of the giant firms such as Alibaba, and the national government expects a high level of data protection compliance (ISO 27000).
However as the delegates heard, the growth in online usage in the public and private realms has not always been matched with an understanding of the need to have strong data protection and/or the tools that come at a reasonable cost to implement it.
According to Nur Achmadi, the two countries have much to learn and offer each other. For instance, developing the use of digital certificates in import and export trading to meet international standards. This kind of cooperation shows what problems can be solved and the kind of training that’s required in Indonesia to build human capacity.
The delegates also heard that while local governments have a budget for their online and digital development, they are still learning about cyber security and how it would protect the data that is increasingly being collected.
For Andrew Muller, the visit showed that having a great cyber-security product is not enough.
“I think the depth of the relationship to be developed, the requirement for that. I didn’t really quite appreciate that and I don’t think our approach previously was really cutting the mustard in that sense. So developing far more deeper relationships with our potential partners and clients here in Indonesia.”
The visit is part of the work being done between the two countries which includes a policy dialogue, (with the second dialogue held in Jakarta in mid-2018) and a cyber capability program for Indonesian officials.