Academics Urge Swift Passage of Cyber Security and Resilience Bill, Citing Threats to Public Sector

The Indonesian House of Representatives (DPR RI) has officially received a Presidential Letter regarding the Cyber Security and Resilience Bill (RUU KKS) in March 2026. Academic and defence policy expert Aris Sarjito hopes that the government and DPR will promptly enact the RUU KKS into law.

“The RUU KKS needs to be swiftly passed into law; it should not be delayed any longer. This vulnerability has persisted for too long, and the Cyber Security and Resilience Law will guarantee protection across many sectors, including for every Indonesian citizen,” he told CNNIndonesia.com on Wednesday (29/4).

According to Aris, the RUU KKS was developed to tackle critical issues, particularly the absence of a comprehensive and cohesive national legal framework to manage cyber threats.

Currently, Aris noted, regulations are scattered across various sectoral rules. As a result, coordination between institutions remains suboptimal. This situation persists even as cyber attacks occur rapidly, cross borders, and affect multiple sectors, ultimately harming the public.

The RUU KKS, Aris added, emphasises the protection of critical information infrastructure, including sectors such as energy, transportation, finance, healthcare services, telecommunications, and essential public services.

Attacks on these areas would have impacts beyond economic consequences and could also affect national security.

“Imagine a scenario where airport operations are paralysed, electricity supply is cut off, financial transactions halt, or healthcare services fail. The country could descend into chaos without a single bullet being fired,” he said.

It could threaten citizens’ lives

Aris regrets the lingering perception that cyber threats are merely technical issues limited to computers and networks. In his view, the consequences are far broader and could even threaten lives.

“Leaks of personal information such as ID numbers, e-KTPs, BPJS Health data, and civil registry data can erode public trust. Cyber attacks on hospitals can endanger lives. Disruptions to transportation, energy, or banking infrastructure can trigger national hysteria,” said Aris.

He also revealed that cyber attacks are often used as tools of geopolitical strategy. Many countries exploit them for purposes such as espionage, sabotage, intelligence gathering, and applying diplomatic pressure.

“All of this without needing direct military action,” he explained.

Indonesia must not lag behind

Aris explained that major countries have long recognised cyberspace as a new strategic domain, on par with land, sea, air, and space. Therefore, they have established cyber commands, electronic warfare divisions, and doctrines for offensive and defensive cyber operations.

Among them are the United States through the United States Cyber Command (USCYBERCOM), China with the Strategic Support Force (SSF), and the United Kingdom with the National Cyber Force.

As Southeast Asia’s largest democracy and a central point in international trade routes, Indonesia must regard cyber security as a strategic imperative.

The RUU KKS, according to Aris, must serve as the foundation for creating a national cyber defence framework that integrates ministries, agencies, the National Cyber and Crypto Agency (BSSN), the Indonesian National Armed Forces (TNI), the Indonesian National Police (POLRI), major state-owned enterprises, the private sector, academic institutions, and the general public.

“National defence today is not only guarded at land or sea borders but also in data centres, undersea cables, satellite networks, national clouds, and citizens’ digital devices,” he concluded.

Aris acknowledged that Indonesia is on track to become a significant digital power. However, without adequate protection, this digital strength will instead heighten vulnerabilities.

He warned that delays in enacting the Cyber Security and Resilience Law would have long-term impacts, including the failure to uphold human rights, as citizens continue to be harassed by cybercriminals.

“Therefore, the Cyber Security and Resilience Law is not just a legal obligation but also a strategic investment for the nation and the foundation of Indonesia’s digital sovereignty,” he said.

In his closing remarks, Aris also hoped that Indonesia could increase the number of cyber professionals, including security analysts, ethical hackers, digital forensics specialists, security operations centre personnel, and even national cyber policy developers.