Indonesia and Global Cyber Norms
From this year until 2021, Indonesia is one of 25 countries to sit in the UNGGE on Developments in the Field of Information and Telecommunications in the Context of International Security (UNGGE).
Early December 2019 is a busy time for Indonesia’s cyber diplomacy. From this year until 2021, Indonesia is one of 25 countries to sit in the United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UNGGE).
The first UNGGE meeting took place from Dec. 9-13, preceded by an informal meeting a few days earlier. Indonesia was represented by diplomats from the Directorate General of International Security and Disarmament at the Foreign Ministry. They negotiated how the arrangement of the cyber sphere began to be armed.
Before getting deeper into the negotiations that will take place at the UN headquarters in New York, it is important to explain why Indonesia needs to play a role in establishing international cyber norms and rules.
Read more : High Hopes for the Omnibus Law
Impacts on Indonesia
As a vast archipelagic country, the use of information technology and telecommunications is a way to bridge physical distances. Moreover, President Jokowi\'s government has issued a 2016 e-government road map that will improve government services through digital channels. According to a Kompas Research and Development article published in September, the number of internet users in Indonesia was 171 million, or 65 percent of the total population, and coverage had reached 79 percent of the regencies across the archipelago.
If Indonesia covers the entire region with digital technology, according to management consultancy firm McKinsey, its gross domestic product (GDP) will grow by 10 percent or US$150 billion. Unfortunately, one investment aspect that is often neglected in the digitization process is awareness of cybersecurity. According to data from the National Cyber and Encryption Agency (BSSN), Indonesia experienced more than 230 million cyberattacks with losses totaling Rp 478 trillion in 2018.
When compared with countries in Southeast Asia, AT Kearney said, Indonesia\'s cybersecurity capabilities were far below the Philippines, Thailand and Malaysia, let alone Singapore. If corrected now, Indonesia can only reach a safe level in 2025.
Indonesia\'s challenge in increasing its cybersecurity capacity lies in the lack of digital policy supervision, the poor distribution and qualification of experts as well as the lack of awareness of the importance of cybersecurity. One consequence of this is that a lot of account information is easily hacked.
This is worsened by the relatively small investment spent on buying genuine software. The problem with pirated software and/or software that is not updated regularly is that it makes electronic devices vulnerable to viruses that affect performance or can even see computers controlled remotely from connected systems.
This can become an international problem when, for example, a computer network in a secondary school in a regency or regional government body in some corner of Indonesia becomes a springboard for cyberattacks on other countries\' strategic infrastructure and incidents with fatalities occur in that country.
So far, there is no global agreement preventing states from retaliating to cyberattacks with physical attacks. Imagine what would happen if the target country tried to stop a cyberattack against it by sending a missile to a school considered the source of attack.
This is because there is no agreement on cyberconflict, even though the laws of war and the Geneva Convention prohibit attacks against noncombatants, civilian facilities and hospitals. There is no international law that protects victims of cyberincidents whose devices are used without the owner\'s knowledge to attack other facilities connected through the internet.
UNGEE forum
As a country that is still developing its cyber capacity, Indonesia needs cyber diplomacy to explain its vulnerable conditions and declare a commitment to safeguard the security and stability of cyber space.
The way to regulate cyberspace multilaterally is by campaigning for norms of responsible state behavior. This has already been discussed at the United Nations. One of the ways to do this is through the UNGGE mechanism for cybersecurity.
Indonesia has played an active role in the UNGGE negotiation process when elected to represent the Asian region in 2012-2013 and 2016-2017. Unfortunately, the wider community tends not to be familiar with Indonesia’s diplomatic efforts in the area of cyberspace.
One of the biggest achievements of the UNGGE meeting is the emergence of 11 norms of responsible state behavior in cyberspace. These norms are classified into eight major groups.
The first group is cooperation; countries work together to improve stability and security in the use of information technology and exchange information to stop crime and terrorism in the cyber world.
Second, there is a need for the state to ensure that its territory is not used for destructive information technology.
Third, in the field of human rights, the state respects individual rights on the internet, including the rights to privacy and freedom of expression.
Fourth, with regard to critical infrastructure, the state must not damage critical infrastructure; the state must strive to protect critical infrastructure and respond to requests for assistance from other countries where infrastructure has been exposed to cyber incidents.
Fifth, in dealing with cyber incidents, the state must consider all relevant information before blaming the alleged source of the incident.
According to Digital Watch, 23 countries are proven to have cyberattack capabilities
Sixth, it is prohibited to endanger the cyber emergency response team.
Seventh, the state must secure the technology network so as to prevent it from serving dangerous functions.
Finally, the state must support the reporting of information technology vulnerabilities and share information so that vulnerabilities can be overcome.
These cyber norms are voluntary and reflect a commitment and a sense of state responsibility in international politics. In a state of peace, there are expectations that these norms will be upheld.
UN Secretary-General Antonio Guterres has expressed numerous concerns. More and more countries are developing cyberattack capabilities. According to Digital Watch, 23 countries are proven to have cyberattack capabilities. As many as 30 other countries are indicated to be developing similar capabilities.
Australia is one of the countries that have claimed ownership of offensive cyber weapons since 2016. Indonesia must optimally use the UNGGE forum to discuss security arrangements and stability of cyberspace.
Chances
So far there are no international rules governing countries in developing and exploiting cyberweapons, in contrast to nuclear weapons, where international treaties limit ownership.
The next two years are an opportunity for Indonesia to play an active role in UNGGE negotiations to determine world policy in creating cyber norms, support the extent of international cooperation and decide on what conditions and how cyberweapons can be used.
It must be remembered that, at the UNGGE meeting, Indonesia represents the voices of Asian countries and developing countries, where technical, financial, network infrastructure and cybersecurity capabilities are still limited. Through the UNGGE, Indonesia needs to fight for the intention to protect weak groups from cyber incidents, encourage capacity building for these groups and, most importantly, build trust among countries to prevent cyberwarfar.
Fitriani, International Relations Department, Centre for Strategic and International Studies (CSIS) Indonesia.