On 24th May 2022, Indonesian President Joko Widodo issued Presidential Decree No. 82 of 2022 on the Protection of Vital Information Infrastructure, in a bid to safeguard Vital Information Infrastructure (VII) from attacks and breaches on cyber security. The decree was issued in response to contemporary challenges in cyber security.
A senior lecturer and expert of cyber security from the Faculty of Computer Sciences (Fasilkom), Setiadi Yazid, Ir., M.Sc., Ph.D., stated that the decree is something that is urgently needed, considering the increasing role of information in society.
“There had been regulations regarding national vital objects, but did not cover information infrastructure. The existence of this presidential regulation provides a legal basis for those managing VII to secure VIIs under their authority, including required budgets. Education, on the other hand, is not included in IIV, so it is back to each campus to choose to what extent the important role cyber security plays,” said Setiadi.
The main obstacle faced by the world of education regarding cyber security, Setiadi explained, is that universities do not manage data that affect the security of many people. Another obstacle faced by universities in this respect is that not much funding is alloted for activities pertaining to information security. On the other hand, educational institutes are not very attractive targets for cyber criminals because not much money flows into them.
“Therefore, cyber security in universities is often not as strong as cybersecurity in financial institutions. Besides the lack of funds, awareness and discipline in security among universities are generally low, due to the high level of creativity and culture of experimentation on campus,” Setiadi said.
Presidential Decree No. 82 of 2022, he explained, does not cover VII in universities. While infrastructures in other institutions would be strengthened by dint of the governmental protection afforded by the decree, chances of cyber attacks on IIVs in universities is expected to increase.
“Which is why universities with limited resources need to find smart solutions, including in increasing awareness for each new member. Activities such as lectures, practical work and so on can be used as a means to increase awareness on information security. Research activities, likewise, can be directed to finding appropriate security methods to be used in universities.”
