The EU can be to Indonesia’s cybersecurity preparedness what the United States has been to its maritime security training.
Key Takeaways:
-
Indonesia frequently experiences cyberattacks and is still struggling to deal with its cybersecurity challenges, particularly the ones directed at its government institutions.
-
Brussels might have a chance at addressing Indonesia’s president-elect’s open antipathy to the West by helping the country with its cybersecurity weakness.
-
The EU’s cybersecurity strategy can use the recent policy planning development between Germany and Indonesia as a blueprint for deeper engagement with Indonesia that will eventually allow the EU to help shape the cybersecurity strategy of a rising power in the Indo-Pacific, thus improving Brussels’ credibility as a security actor in the region.
With Prabowo Subianto just being sworn in as Indonesia’s new president on October 20, 2024, Brussels may face a challenge in dealing with the former general. Subianto has a contentious reputation in the West, having stated in 2023 that Indonesia no longer needs Europe, citing global economic shifts. However, cybersecurity could allow Brussels to foster deeper bilateral engagement with Jakarta.
In 2021, the EU released its Indo-Pacific strategy, which was well-received as a sign of its intention to engage more with the region. However, by 2024, the strategy has yet to deliver significant strategic reorientation. Even the EU’s third Indo-Pacific ministerial meeting in February 2024 highlighted the divide between Brussels and many Indo-Pacific nations, including Indonesia, on issues like the Russo-Ukrainian war and the Israeli-Palestinian conflict. As a result, the EU’s goal of becoming a constructive actor in the Indo-Pacific remains elusive—a point underscored by Josep Borrell, the EU’s then-foreign policy chief, who noted that the EU is still largely seen as an outsider in the region.
Scaling back the EU’s international engagement to focus on protecting its key interests would likely accelerate its decline in the eyes of many Indo-Pacific nations. Instead, the EU needs to accept its reputation in the region and use it as motivation to become a real force for reform. One way to do this is by engaging more deeply with Indonesia, often referred to as Asia’s greatest geopolitical prize due to its strategic position between the Indian and Pacific oceans.
Despite Subianto’s open antipathy toward the West, his time as defense minister saw improved defense ties with France. From the signing of a defense cooperation agreement in 2021 to a 2024 deal for 42 French Rafale fighter jets, Subianto has demonstrated a willingness to work with Western powers like France when it serves Indonesia’s interests. This pragmatism suggests that the EU could improve its standing with Jakarta under Subianto’s presidency by helping address one of Indonesia’s major vulnerabilities: cybersecurity.
Indonesia’s cybersecurity challenges
Indonesia’s cybersecurity market was valued at $1.15 billion in 2023 and is expected to grow to $3.39 billion by 2028, according to Mordor Intelligence. As an emerging economy, Indonesia’s cybersecurity readiness is critical to attracting foreign investment. Yet, in 2017, it was reported that Indonesia faced billions of daily cyberattacks. According to Cisco’s 2024 Cybersecurity Readiness Index, only 12% of Indonesian organizations are equipped to defend against modern cyber threats. In 2023, Indonesia ranked 8th globally in data breaches, making it Southeast Asia’s most targeted country for data hacks.
In June 2024, Indonesia’s Temporary National Data Center was hit by a ransomware attack known as Brain Chipper. Around 210 agencies, including several ministries, were compromised, and the attackers demanded an $8 million ransom from the Indonesian government to release the data they had taken hostage and provide the key to unlock it. This attack occurred only a year after a separate breach in 2023, in which the personal data of 34 million Indonesian passports was leaked and sold online.
It is well-known within Indonesia’s hacking community that private enterprises generally better protect their data than government institutions. Indonesia’s cybersecurity landscape is governed primarily by two bodies: the Ministry of Information and Communications (MIC) and the National Cyber and Crypto Agency (NCCA). However, the country’s cybersecurity regulations have been so ineffective that they create fragmented responsibilities across different institutions, leaving Indonesia vulnerable to cybercrime. Many key positions in Indonesia’s cybersecurity governance are held by officials lacking in technological expertise, further weakening the country’s defenses.
Indonesia has also been criticized for its outdated approach to cybercrime. For instance, after a hacker named Bjorka infiltrated IT systems in 2022, the government focused more on tracking down the individual than addressing the institutional and technical shortcomings that allowed the breach to happen in the first place, treating the case as if it were a simple act of theft or robbery. Compounding these issues is a severe shortage of cybersecurity experts. In an increasingly connected digital world, cyberattacks pose a serious threat to national security, and Indonesia is currently ill-prepared to address them. In July 2024, Indonesia’s Minister of Communication, Budi Arie Setiadi, acknowledged the severity of the situation, stating that Indonesia ranked 10th globally as the most targeted country for cyberattacks, according to data from Kaspersky.
With his military background, Subianto is expected to prioritize defense and security issues, including cybersecurity. In January 2024, he stated that developing Indonesia’s cyber defense would be his priority as president. This presents an opportunity for the EU to step in.
The EU Cybersecurity Strategy
According to the Cyber Defense Index 2022/23 published by the MIT Technology Review, several EU member states rank among the best in the world for cybersecurity. The Netherlands holds the 2nd position, unsurprising given that The Hague is known as Europe’s cybersecurity hub, while Poland ranks 6th. France, Italy, and Germany were ranked at 8th, 11th, and 13th, respectively. In contrast, Indonesia’s cybersecurity was ranked as the third lowest among G-20 countries, according to the 2022 National Cyber Security Index (NCSI). This significant gap in cybersecurity competence suggests that EU countries are well-positioned to guide Indonesia in improving its cybersecurity infrastructure.
This is especially relevant because, in 2022, the EU introduced its Cybersecurity Strategy to ensure technological sovereignty while fostering partnerships with nations that share its values. A 2024 update to the strategy outlines four key external areas, including partnerships, international cooperation, and leadership in setting international norms and standards. These efforts include collaboration with academics, the private sector, and civil society, as well as diplomatic outreach and confidence-building measures. In short, the EU has a real opportunity to help Indonesia develop stronger cybersecurity defense systems under Subianto’s leadership.
Learning from the United States
In 2021, the US Embassy in Jakarta and the US State Department’s Bureau for International Narcotics and Law Enforcement Affairs partnered with Indonesia’s Maritime Security Agency to build a new maritime training center in Batam, near key strategic areas like the North Natuna Sea and the Malacca Strait, where China has asserted territorial ambitions. Costing $3.5 million, the center was inaugurated in 2024 as a symbol of American commitment to supporting Indonesia’s role in regional security. Washington’s involvement in designing the capabilities of this maritime security agency demonstrates the value of such partnerships.
The EU could follow this model in the realm of cybersecurity. As of now, Indonesia lacks a comparable facility dedicated to cybersecurity training and preparedness. Notably, in June 2024—just days before the ransomware attack on Indonesia’s Temporary National Data Center—Jakarta hosted an EU-Indonesia expert workshop aimed at advancing UN norms for responsible state behavior in cyberspace. However, the subsequent cyberattack revealed Indonesia’s vulnerability and lack of preparedness. The EU could fill this gap by helping Indonesia build the necessary infrastructure to enhance its cybersecurity defenses, positioning itself as a key partner for an emerging power at the heart of the Indo-Pacific.
Steps to take
A recent development between Germany and Indonesia might provide a blueprint for deeper cyber diplomacy cooperation. In May 2024, the Policy Planning Unit of Germany’s Federal Foreign Office (Planungsstab) and Indonesia’s Foreign Policy Strategy Agency (FPSA) convened in Berlin as part of their Policy Planning Dialogue (PPD). This platform is designed for the exchange of foreign policy planning ideas and mutual strategic issues. The Planungsstab, which is also home to Germany’s cyber ambassador, could play a central role by coordinating with the German embassy in Indonesia and the EU Delegation to Indonesia and Brunei Darussalam to engage key Indonesian institutions like the MIC and NCCA in crafting a cybersecurity cooperation roadmap.
This roadmap should address Indonesia’s immediate cybersecurity challenges, including establishing a national cyber agency to bolster resilience in line with digital economic growth, promoting international cooperation to tackle evolving cyber threats, and creating grants or scholarships for cybersecurity education, especially in areas related to government data protection and critical infrastructure security. Most importantly, the EU should take bold steps toward establishing a cybersecurity training center in Indonesia, similar to the US-built maritime security center.
In essence, the EU can be to Indonesia’s cybersecurity preparedness what the US has been to its maritime security training. Subianto’s pragmatic approach and his commitment to enhancing Indonesia’s cybersecurity offer the EU a chance to build a stronger relationship with Indonesia. By helping Indonesia become a more capable actor in cybersecurity, the EU can apply its cyber diplomacy to influence the defense landscape of Asia’s most significant geopolitical prize. Both the EU and Indonesia stand to benefit from this cooperation, marking a promising start for the EU to expand its bilateral engagement across the Indo-Pacific and establish itself as a credible security actor in the region.