Cyber Security Policy Must Protect Human Rights

ELSAM, Jakarta- Cyber Security and Resilience Bill has been listed in the 2019 National Legislation Program (Prolegnas). The Bill is the form of response towards the legal absence of cybersecurity amid the situation in Indonesia which is vulnerable from the cyber risk.

Although the National Cyber and Encryption Body (BSSN) noted that there were 1.355 cases in the early June 2018, it needs to have balance in the Bill formulation, that is, to balance human rights protection in the cyber security measures. It also includes the distinction between the concepts of cyber security and cyber crime which are always mixed up.

In response to that, ELSAM held a public discussion entitled “ Developing Human Rights Based Approach in Cyber Security Policy Making” in Jakarta, on Tuesday (28/05/2019).

The discussion invited resource persons from business sector, government, and civil society. They are Nur Iskandarsyah as the Head of Sub Directorate of Public Information Security Protection of BSSN, Ardi Sutedja ofIndonesian Cyber Security Forum (ICSF), Zakiyah Eryunia of Grab Indonesia and Wahyudi Djafar as the Deputy Director of Research of ELSAM.

“The 9/11 ( 11 September attack in America – red) becomes pioneer of Cyber Security as the internet is used for a terrorism activity. That is a technology misuse,” Ardi Sutedja said .

According to Ardi. the security in cyber is needed as there is a digital transformation, that is, the use of technology which also changed the working culture and ecosystem further influencing the literacy and mindset of the society.
There has yet been any agreement on the definition of cybersecurity. According to Wahyudi Djafar, the cybersecurity still becomes an ambiguous term. All realm discusses and gives their own definition.

“Several experts define cyber security as a deliberate sinergy effort of the technology, process and practices to protect information and network, computer system and device and the program utilized to collect, process, store, and distribute information from the attack of destruction and illegal access. It applies especially to the infracture classified as Critical Infrastructure Sectors (CIS), such as agriculture and food, commercial facility, dam, energy, information technology, post office and shipping, banking and finance, communication, government facility, cultural heritage and national monument, transportation system, those related to chemical production, critical manufacture, emergency service, health service, nuclear material and reactor including its waste, and water,” Wahyudi explained .

Zakya from Grab Indonesia as one of the representative from business sectors classified as CIS said that company needs to promote the management coordination related to the cyber security. In contrast, she reminded that the problems of cyber security is very complex and needs huge cost in its handling.

“There are several companies which are still lack of management support and several other things the management don’t care,” Zakyah explained.

In addition to the high cost and lack of resources problems, the absence of the policy is also the challenge of cyber security, “ she continued.

Related to the state role in cyber security, BSSN has prepared a number of strategic actions, including the promotion of cyber security and resilience regulation.

“BSSN cannot work alone, and must collaborate with the available stakeholders. The next strategy is to increase the literacy. The advancement of cyberspace must be in line with the information related to the threat itself,” Nur Iskandarsyah from BSSN said .

Based on human rights perspective, a good Cyber Security Policy must put three priorities, namely, protection of network, device, and individual. It also includes a firm distinction between cyber security and cyber crime.

The emerging problem, including those in Indonesia, is that the alternately use of cyber security and cyber crime is not appropriate. Indeed, both concepts are different,” Wahyudi explained .

Cybersecurity, as Wahyudi added, uses the technical approach to secure a computer system from the attack and system failure. Meanwhile, the main principle of cybersecurity is to criminalize one illegal access to certain computer system, to prevent the damages or changes of system and data into the specified computer.

Author: Lintang