Sectoral CIRTs Must Report Cyber Incidents Within 24 Hours
Indonesia’s Cybersecurity Landscape Takes a Significant Step Forward
Indonesia has implemented new regulations requiring Sectoral CIRTs (Computer Incident Response Teams) to report cyber incidents involving Vital Infrastructure (VII) within 24 hours. The reports must also be copied to the National CIRT. This regulation aims to strengthen Indonesia’s cybersecurity posture and ensure a coordinated response to cyber threats and incidents.
Reporting Requirements
- Sectoral CIRTs must report cyber incidents affecting service continuity of at least two organizations up to half the organizations in a sector within 24 hours.
- Non-VII ESPs (Electronic System Providers) are required to report cyber incidents that impact their own electronic system services, but without a specified deadline for these reports.
Incident Reporting Requirements
- Each report must include:
- Contact information of the reporting party
- Description of the incident
- Chronology of events
- Impact of the incident
Cyber Crisis Contingency Plans
- Sectoral CIRTs and Organizational CIRTs must establish Cyber Crisis Contingency Plans by July 18, 2024.
- The plans must consider:
- National cybersecurity risk assessments
- National priority agendas
- Cybersecurity landscape
- Other relevant factors
- The plans will undergo simulations to test their practicality, validity, and quality, as well as periodic evaluations annually or as needed.
Goals of the Regulations
The implementation of these regulations aims to:
- Ensure a coordinated response to cyber threats and incidents
- Strengthen Indonesia’s cybersecurity posture
- Promote effective crisis management
About the Author
Winnie Yamashita Rolindrawan is an Associate with SSEK Law Firm in Jakarta. She specializes in corporate and commercial law, with a focus on fintech, data privacy, and pharmaceuticals and healthcare.
Contact Information
For further information, please contact:
Winnie Yamashita Rolindrawan – SSEK Law Firm winnierolindrawan@ssek.com