•  
  •  
 

GOVERNING CYBERTERRORISM IN INDONESIA: RESILIENCE AND GAPS IN THE DRAFT CYBERSECURITY LAW (RUU KKS 2025)

Abstract

Indonesia’s accelerating digital transformation and persistent terrorist threats expose both resilience gains and governance gaps in its cybersecurity framework. This article examines the Draft Law on Cybersecurity and Resilience (RUU KKS 2025), which consolidates the authority of the National Cyber and Encryption Agency (BSSN) and strengthens protections for critical information infrastructure. While the bill enhances technical resilience and institutional coordination, it remains silent on cyberterrorism, leaving statutory, institutional, and international gaps. Drawing on cybersecurity theory, securitization theory, and hybrid warfare theory, the study argues that resilience without terrorism-specific provisions is strategically insufficient. Comparative analysis with the United Kingdom’s Terrorism Act, the European Union’s NIS2 Directive, Singapore’s Cybersecurity Act, and Australia’s Security of Critical Infrastructure Act highlights Indonesia’s progress in resilience but also its lag in criminalizing and governing cyberterrorism. Empirical evidence from interviews with policymakers, security officials, and civil society confirms the persistence of normative ambiguity and institutional overlap. The article concludes that unless amended, the RUU KKS risks creating a governance system that is technically robust but strategically incomplete. To address this, three measures are recommended: (1) introducing a statutory definition of cyberterrorism; (2) institutionalizing inter-agency coordination; and (3) pursuing international alignment with regional and global best practices. Together, these reforms would enable Indonesia to move toward a multidimensional governance framework capable of addressing the evolving threat of cyberterrorism.

This document is currently not available here.

Share

COinS