Implications of the Pusat Data Nasional’s Cybersecurity Infrastructure for Electronic System Providers in Indonesia

The establishment of the Pusat Data Nasional (PDN) by the Government of Indonesia marks a significant step in enhancing the country’s data management and cybersecurity infrastructure. Historically and juridically, the PDN is a data center organized by the Ministry of Communication and Informatics (Kominfo) and/or the Central Agency Data Center, which includes ministries, non-ministerial institutions, state secretariats, non-structural institutions, and other government bodies (“Central Agencies”). Additionally, it encompasses Regional Governments, including all regional government administrators.

This article aims to elucidate the implications of the Pusat Data Nasional’s cybersecurity infrastructure for Electronic System Providers (PSEs) in mitigating cybersecurity risks. By analyzing the regulatory framework, cybersecurity standards, and necessary compliance measures, the article seeks to provide a comprehensive understanding of the responsibilities and best practices for PSEs in Indonesia.

The PDN was established under Presidential Regulation No. 95/2018 on Electronic-Based Government Systems (Perpres No. 95/2018), representing a crucial component of the Electronic-Based Government System (SPBE). This regulation outlines the infrastructure necessary for SPBE, which includes hardware, software, data communication, data processing and storage, integration devices, and other electronic systems. Consequently, the PDN functions as a data center for the placement, storage, processing, and recovery of data, shared among Central Agencies and Local Governments to enhance resource efficiency. Each Central Agency and Local Government must register their capacity needs with Kominfo to utilize the PDN.

The PDN plays a pivotal role in SPBE implementation, necessitating robust data security measures to protect against cyber threats. The Government of Indonesia emphasizes risk management, information security management, data management, technology and communication asset management, human resource management, knowledge management, change management, and SPBE service management. An integrated plan map for SPBE governance, Information and Communication Technology Audit, SPBE Organizer, SPBE Acceleration, and SPBE evaluation monitoring is also developed.

According to Presidential Regulation No. 82 of 2022 on Protection of Vital Information Infrastructure (Perpres No. 82/2022), the PDN and other Central Agencies classified as Vital Information Infrastructure must implement reliable cybersecurity standards. These standards are crucial for protecting information security and supporting IT implementation, as mandated by Kominfo and the National Cyber and Crypto Agency (BSSN). PSEs must adhere to security risk management requirements, which include compliance with laws and regulations, applicable standards in each sector, and internal control systems.

PSEs are required to report the implementation of cybersecurity risk management to BSSN, as detailed in BSSN Regulation No. 8 of 2020 concerning Security Systems in the Implementation of Electronic Systems. This regulation mandates the implementation of SNI ISO/IEC 27001, other cybersecurity standards set by the State Cybersecurity Agency, and additional standards established by relevant Ministries or Agencies.

Looking ahead, Indonesia’s ability to maximize the capabilities of the Pusat Data Nasional (PDN) will be crucial for advancing its cybersecurity landscape. Continued investment in cutting-edge technologies and infrastructure upgrades for the PDN will bolster its resilience against evolving cyber threats. Moreover, fostering a culture of cybersecurity awareness and education among PSEs and the broader public will strengthen the overall cybersecurity posture of the nation.

Collaboration between government agencies, private sectors, and international partners is essential for sharing best practices, threat intelligence, and resources to effectively combat cyber threats. By adhering to stringent cybersecurity standards and proactive risk management practices, Indonesia can position itself as a regional leader in cybersecurity resilience and innovation.