President Jokowi Issues Presidential Regulation on Protection for Vital Information Infrastructure
President Joko “Jokowi” Widodo on 24 May 2022 issued Presidential Regulation Number 82 of 2022 on Protection for Vital Information Infrastructure.
The management of the protection for vital information infrastructure (IIV) is an implementation of one of the Government’s roles to protect public interest from various inconveniences resulting from the misuse of electronic information and transaction that cause public disturbance.
“The inconveniences of vital information infrastructure may cause serious disadvantages and impacts on public interests, public services, defense and security, as well as national economy,” according to the Presidential Regulation, which can be accessed through the website of JDIH Sekretariat Kabinet.
The management of IIV protection is aimed at protecting the sustainability of IIV implementation safely, reliably, and trustily; to prevent inconveniences, damages, and/or disintegration of IIV due to cyber-attacks, and/or other threats/fragilities; as well as to improve the preparedness in facing cyber incidents, and to carry out faster recovery from the impacts caused by cyber incidents.
“The scope of IIV protection includes identification of IIV sector and IIV, protection for IIV, fostering and monitoring of IIV protection, and coordination of IIV protection,” Article 3 states.
Meanwhile, strategic sectors included as IIV and the ministries/institutions responsible for those sectors are:
- Government administration sector by the State Cyber and Encryption Agency (BSSN);
- Energy and mineral resources sector (ESDM) by Ministry of Energy and Mineral Resources Ministry;
- Transportation sector by Ministry of Transportation;
- Financial sector by the authority that manages and monitors financial sector;
- Health sector by Ministry of Health;
- Information technology and communication sector by Ministry of Communication and Informatics;
- Food sector by Ministry of Agriculture; and
- Defense sector by Ministry of Defense.
The Presidential Regulation also stated that should there be other strategic sectors in the future, the President may stipulate it as IIV and appoint ministries/institutions responsible for those sectors.
“Other sectors stipulated by the President as implied are strategic sectors that may experience serious impacts on public interests, public services, defense and security, or national economy shall there be inconveniences, damages, and/or disintegration of IIV in those sectors,” Article 4 section 2 states.
The Presidential Regulation also stated the management of cyber incidents that will be handled by Computer Security Incident Response Team.
“Computer Security Incident Response Team as implied consists of the National Computer Security Incident Response Team, the sectoral Computer Security Incident Response Team, and the organizational Computer Security Incident Response Team,” Article 11 states.
The national computer security incident response team is formed by BSSN, the sectoral computer security incident response team by the ministry/institution responsible for IIV sector, and the organizational computer security incident response team by IIV organizer.
Presidential Regulation Number 82 of 2022 has mandated the BSSN as the coordinator of IIV protection organizer.
“The Head of the Agency submits the report of the implementation of the task as the coordinator of IIV protection organizer to the President once a year or any time needed,” as stated in the policy applied from the date Minister of Law and Human Rights Yasonna Laoly stipulated it on 24 May 2022. (Office of the Deputy Cabinet Secretary for Politics, Law, and Security Affairs/UN)(AW/EP)