Indonesia Data Centre Breach: President Joko Widodo Orders Audit of Government Data Centres After Cyber Attack
The Purported Lack of Backups Complicates the Problem
(Reuters) â Indonesian President Joko Widodo recently ordered an audit of government data centres after the much publicised Indonesia data centre breach. Officials have said the bulk of data affected by the recent ransomware cyberattack was not backed up, exposing the country’s vulnerability to such attacks.
Last week’s Indonesia data centre breach was the worst in the country in recent years and has disrupted multiple government services, including immigration and operations at major airports.
The government has said more than 230 public agencies, including ministries, had been affected, but has refused to pay an USD $8 million ransom demanded to retrieve the encrypted data.
Responding to the cyberattack, Indonesia’s state auditor said the president instructed it to examine the country’s data centres.
The audit would cover “governance and the financial aspect,” said Muhammad Yusuf Ateh, who heads Indonesia’s Development and Finance Controller (BPKP), after attending a cabinet meeting led by Widodo on Friday.
Indonesia Data Centre Breach Might Be Worse Than Initially Reported
Hinsa Siburian, an official who chairs Indonesia’s cyber security agency known by its acronym BSSN, has said 98% of the government data stored in one of the two compromised data centres had not been backed up.
“Generally we see the main problem is governance and there is no back up,” he told a parliamentary hearing late on Thursday.
Some lawmakers dismissed the explanation.
“If there is no backup, that’s not a lack of governance,” said Meutya Hafid, the chair of the commission overseeing the incident. “That’s stupidity.”
A BSSN spokesperson did not immediately respond when asked whether it would be possible to recover the encrypted data after the Indonesia data centre breach.
Budi Arie Setiadi, Indonesia’s communications minister, said the ministry had backup capacity at the data centres, but it was optional for government agencies to use the service.
He said government agencies did not back up the data due to budget constraints, adding this would soon be made mandatory.