Yogyakarta, 23 August 2018 - Interconnectivity and network integration have put the user under the threat of cybercrime. The national government around the world has focused themselves into building cybersecurity regulation to protect their citizensThis issue was brought to the public by CfDS young researchers in Difussion #6 last Thursday (23/8).
Data Protection in Trade War Between US-China
Cybersecurity is not merely about advanced technology, but also a complex strategy ensuring minimum risk of cyber-attack and data exploitation by suspected individuals or organizations. It becomes a prominent concern of the US government these days as one of the countries which prioritize on the privacy protection and security network. Especially regarding the economic head-to-head confrontation with China recently.
At the end of April 2018, Trump’s administration banned ZTE’s communication technologies sales in America. ZTE is one of the biggest telecommunication equipment manufacturer in China. US Federal Communication Commission decided to disallow the circulation of devices produced by Huawei. Huawei is now heading out of the US market following the ban. US Intelligence Agencies are concerned about the risk of potential espionage and data mining at US consumers. Although this issue is seen as a mere national security concern, the instructions coincide US-China trade relations constraint that has been going on for a while, generating suspicion as to a trade war strategy.
“Data security and privacy are still a heavily contested topic in the US after the case of the data breach that occurred to Facebook. It is possible that this ban is a form of government paranoia about trade rivalry between Huawei and ZTE with two US telecommunications giants: Google and Apple. Both of them also carry out data restorations, but there is no meaningful sanction,” said Arumdya who carried out this research.
Challenges in Institutionalizing Cyber Security in ASEAN
ASEAN is currently very aggressive in building cybersecurity projects in the region. Mobile phone use in Southeast Asia reaches more than 90%, while internet and social media penetration have exceeded the global average. Later, the ASEAN Economic Community is building an integrated payment system. These facts add to the urgency of ASEAN to immediately institutionalize cybersecurity to prevent spillover effects in the event of an attack in one of the member countries.
ASEAN already has the initiative to create cybersecurity standards similar to Network and Information Security Directives (NISD) by the European Union. However, compared to NISD, the ASEAN strategy is still very normative. ASEAN can make the NISD pilot model to make detailed rules including security network standards in each country, network governance, risk management and penalties in the event of the violation,” said Ellyaty, CfDS researcher on cybersecurity in ASEAN. “Currently Singapore and Malaysia are the two countries which invest heavily on cybersecurity infrastructure. Eight other member countries need to do the same. If Indonesia wants to join MEA integrated market, then it is necessary to standardize cyber security network to protect us from attacks due to this interconnectivity.
Cooperation between the government and private sector is one of the solutions to develop cybersecurity quickly in the ASEAN region. Private companies have more sophisticated technical capabilities, a comprehensive understanding of network risks and vulnerabilities. These form of collaboration can be an alternative to bypass constraints of policy formulation at the regional level.
Security in Indonesian Digital Banking
The Cases of ATM accounts burglary and skimming are rampant in Indonesia throughout 2017. Those crime does not only occur in Indonesia, but the perpetrators are also even involved in global account theft syndicates. This case raises public questions regarding the security measurement of the banking infrastructure in Indonesia. Anggika, CfDS’ researcher, tried to answer the question through her research.
Although digital banking such as internet banking and mobile banking use multiple layers of security, it is not uncommon for relevant information such as passwords to be stolen through different methods. One of the state-owned banks, BRI, then initiated a collaboration with the State Cyber and Code Agency (BSSN) to create a digital signature for authentication process when opening an account. This policy is part of the government's commitment to improving the digital economy in the financial world. "Customers can later open a virtual account if they have received digital signature issued by BSSN. The certificate contains two security systems, namely two-step authentication using private and public keys. Currently, other banks have also made similar initiatives. For example, banking security cooperation between BCA and Cisco and PrivyID, digital signature services which serves banking clients including Mandiri Bank, "said Anggika.
Most banks in Indonesia, both state-owned and private banks, have included digital initiatives as part of the company's strategy. Banking authoritative institution (OJK) plans to create financial information services that can accelerate recovery in the event of cyber-attacks and establish training institutions for handling cyber-attacks. There are still many cybersecurity challenges facing the financial sector in Indonesia, but these initiatives prove that Indonesia is on its way to digital transformation.
Note: this article has been edited due to misinformation about PrivyID. We are sorry for the inconvenience.
Reporter: Nabiila Nurfitri