The immigration system at Soekarno-Hatta Airport experienced issues on Thursday, June 20, 2024, resulting in long queues for immigration processes. According to a social media post by the Directorate General of Immigration on their X account, the disruption was caused by problems with the National Data Center (PDN) server. This disruption affected not only Soekarno-Hatta Airport Immigration but also all immigration offices throughout Indonesia, and possibly other government services as well. The exact cause of the disruption is still unknown.
Several factors could cause such a total disruption, including power supply issues, server malfunctions, internet connection problems, and cyber attacks such as DDoS or ransomware. If the disruption was indeed caused by a cyber attack, the risks are even greater, as it not only disrupts services but could also lead to personal data breaches. Previously, there had been a cyber attack on the Immigration Department that resulted in the leak of 34 million passport records. More dangerously, if hackers manage to access the PDN server, the data breaches would not only affect the Directorate General of Immigration but also other institutions using PDN to store citizen data.
Looking at the pattern of the disruption, it is possible that the issue at PDN was caused by a ransomware cyber attack, similar to what happened to Bank Syariah Indonesia previously. If the issue faced by PDN were technical, it would not take as long to resolve. Power supply issues can be quickly addressed by using alternative sources or generators. Similarly, if the internet connection issue was due to a broken fiber optic cable entering the PDN, it could be swiftly mitigated using high-bandwidth Point-to-Point radio connections that are quick to install. Even a DDoS cyber attack should not take this long to resolve, as it can be mitigated using Anti-DDoS devices and collaborating with ISPs to increase bandwidth capacity and help counter the DDoS attack from the ISP side.
This incident highlights the risks of using PDN without strong security measures. Therefore, each government agency hosting on PDN must develop a robust Business Continuity Plan (BCP) to avoid relying entirely on PDN infrastructure. PDN itself must clearly explain what happened and, from the start, present a BCP for such risks. It is important to note that the current PDN only provides the infrastructure for storing data from each SPBE (Electronic-Based Government System) owner institution. Cybersecurity needs special attention because PDN management currently only guarantees the cybersecurity of PDN infrastructure, while the cybersecurity of each SPBE application remains the responsibility of the respective SPBE-owning institutions.
According to the Presidential Regulation on Critical Information Infrastructure (IIV) and the derivative regulations from BSSN (National Cyber and Encryption Agency), when identifying needs, each institution is also required to include a service continuity plan. This ensures that the government knows how each institution will maintain public services and quickly restore them in the event of a disruption.
As we know, PDN is currently used by all government agency services, where such issues should not occur in a data center like PDN, especially one used for government services. The design should consider various security factors, including redundancy in hardware like servers and storage media, power supply from multiple substations, UPS (Uninterruptible Power System), and internet connections from several ISPs.
The planned PDN locations are in four cities, but the PDN in Cikarang is still under construction and will only be inaugurated on August 17, 2024. Currently, a temporary PDN is in use, but even though it is temporary, such issues should not occur. It is hoped that this incident will prompt the government to evaluate the current PDN and make necessary improvements while waiting for the full PDN to be ready for use.
Dr. Pratama Persadha
Chairman Lembaga Riset Keamanan Siber CISSReC