Jokowi orders audit of Indonesia’s data centres after cyberattack

Indonesian President Joko Widodo ordered on Friday an audit of government data centres after officials said the bulk of data affected by a recent ransomware cyberattack was not backed up, exposing the country’s vulnerability to such attacks.

Last week’s cyberattack, the worst in Indonesia in recent years, has disrupted multiple government services including immigration and operations at major airports.

The government has said more than 230 public agencies, including ministries, had been affected, but has refused to pay an US$8 million ransom demanded to retrieve the encrypted data.

Responding to the cyberattack, Indonesia’s state auditor said the president instructed it to examine the country’s data centres.

The audit would cover “governance and the financial aspect”, said Muhammad Yusuf Ateh, who heads Indonesia’s Development and Finance Controller (BPKP), after attending a cabinet meeting led by Widodo on Friday.

Hinsa Siburian, an official who chairs Indonesia’s cybersecurity agency known by its acronym BSSN, has said 98 per cent of the government data stored in one of the two compromised data centres had not been backed up.

“Generally we see the main problem is governance and there is no backup,” he told a parliamentary hearing late on Thursday.