This interview is part of GovInsider’s inaugural Cybersecurity Champions report featuring public sector cybersecurity officials around the world.
Please give a brief description of your job function as a cybersecurity professional, as well as what your organisation does.
As Chief Digital and Information Technology at State Electricity Company (PT PLN), I am responsible for the strategy and operations of information technology systems to support electricity supply throughout Indonesia.
This includes developing a five-year Information Technology Master Plan (ITMP), creating applications, purchasing laptops, and securing information technology systems, which within our organisation is more commonly referred to as “kamsiber” (an abbreviation for cyber security).
This responsibility requires me to ensure that the national electricity system operates efficiently, reliably, and is protected from cyber threats. Furthermore, under Presidential Regulation No. 82 of 2022 on the Protection of Vital Information Infrastructure, the electricity sector is classified as the most critical sector, as failures in the electricity sector can lead to systemic failures in other sectors.
What kind of cyber threats does your organisation face on a regular basis?
Based on data from our Security Operations Centre (SOC), active and passive scanning often ranks first among cybersecurity events. Although these cybersecurity events do not necessarily pose a threat, they could be reconnaissance, which is the first step in a cyberattack.
Phishing attacks and human error are the most common threats we encounter. It cannot be denied that the weakness of all systems lies in human factors, so human-driven threats will always pose a threat to cybersecurity over time.
Are there other types of threats at PLN?
Of course, for a company of PLN’s scale, there are always individuals who attempt to launch ransomware attacks, DDoS attacks, exploit vulnerabilities, leak data, and steal identities. However, in terms of numbers, these are still outweighed by phishing attacks.
In your view, what are the biggest threats and challenges (be it in the network layer, and/or in areas such as scams, phishing and identity theft) in the public sector cybersecurity scene globally?
Cybersecurity in the public sector faces two main challenges, not only in Indonesia but worldwide.
From external sources: 1) The increasing number of attacks based on artificial intelligence (AI), which makes attacks more sophisticated and increasingly difficult to detect; 2) The computational capacity of quantum computing, which threatens current encryption technology like a child’s toy that can be easily cracked in minutes.
From external sources: 1) The increasing number of attacks based on artificial intelligence (AI), which makes attacks more sophisticated and increasingly difficult to detect; 2) The computational capacity of quantum computing, which threatens current encryption technology like child’s play which easily cracked in minutes.
From internal sources: 1) The difficulty of eliminating dependence on legacy systems, which often lack modern security features; 2) The paradigm of an organisation or company that views cybersecurity as a cost rather than an investment in risk mitigation.
To subscribe to the GovInsider bulletin, click here.
Many say that we are entering an age of AI-driven cyberwarfare where both hackers and cybersecurity professionals use AI tools for attack and defence. What is your view?
It is undeniable that the use of AI in the cybersecurity landscape is increasing, with hackers using AI to automate the search for security gaps and exploit vulnerabilities, including deepfakes to increase the success of phishing attacks.
If hackers are using AI, then defence mechanisms must also be equipped with AI, such as the use of Extended Detection & Response (XDR) systems to detect network anomalies based on activity, including other methods such as Zero-Trust Network Architecture (ZTNA) and User and Entity Behaviour Analytics (UEBA).
Cybersecurity is often described as a team sport whereby a network’s vulnerability is often defined by its weakest link. In this context, how important is having a whole-of-government or whole-of-country cybersecurity posture?
PLN can be divided into at least four major business processes: power generation, transmission, distribution, and retail. Power generation in western Java can only be felt by people in Bali if there is good teamwork between these four business processes to distribute electricity, ensure a stable load, and deliver it to customers.
With such a long supply chain, only teamwork can ensure the electricity system operates smoothly.
The same applies to a country, but on a much larger scale. For instance, vulnerabilities in the electricity sector can lead to disruptions in economic, social, educational, and even health activities in a region. Therefore, a mature national cybersecurity posture is of utmost importance.
An often-repeated point in the cybersecurity sector is what your Plan B is after your network is breached. Can you share your point of view on this aspect?
No system is 100 percent secure. With this in mind, planning aspects ranging from mitigation to remediation become important. Mitigation efforts include security-by-design system planning, application security testing, and the use of security devices for detection and prevention.
Almost all cybersecurity solutions offered serve to mitigate cyber incidents. However, if a network breach has occurred, it falls under the category of an incident (even a critical incident), which requires remediation efforts.
One of the most effective methods is system recovery from backups. However, it is not limited to recovery from backups but also includes the Business Continuity Plan (BCP) that each organisation has defined.
If your organisation gave you an unlimited budget for cyber defence, what would you spend it on?
Interesting question. Of course, I would equip the entire office network and all employee endpoints (work devices) with the latest AI-based solution to detect suspicious activity with all features enabled, along with an automated response system.
Trend-wise, this solution can reduce the risk of cyberattacks by up to 85 percent. If outside the system, it is mandatory to provide comprehensive cybersecurity training or certification to all employees, as well as explore subscribing to cyber insurance for PLN and all our subsidiaries.
What brought you to this profession and what do you love the most in your job and what would you like to improve?
I started my career long before cybersecurity became a major issue. However, as times have changed, cybersecurity has become a crucial factor for business continuity and even national security, especially in the electricity sector.
What I enjoy most about this work is the challenge of continuously evolving to respond to evolving threats. I aim to continuously enhance the resilience and reliability of systems at PLN to remain relevant and robust in the face of threats and negative abuse cases.
The lack of qualified cybersecurity professionals is a global problem. How do you think this can be overcome?
Increasing the number of employees who have received formal education and certification related to cybersecurity is a major driving force. In addition, the development of cybersecurity communities also plays an important role in building capacity and knowledge informally.
Policy, investment, and research are also key determinants, making collaboration between the government, industry, academia, and cybersecurity service providers crucial.
If you had a chance to restart your career from scratch, would you still want to be cybersecurity professional and why?
If my career were to start over from the beginning, it seems that the demands of the times would likely lead me down this same path. Cybersecurity is not only a rapidly growing field but also has a significant impact on business and national resilience. Its dynamic challenges make this work consistently intriguing, and I wish to continue contributing to building a stronger digital defence.
