Abstract
As technology usage increases, cyberspace in Indonesia has developed significantly, including in Vital Information Infrastructure (VII) sectors such as aviation. However, this advancement introduces potential cyber threats that can disrupt operations. This research aims to design a systematic cyber risk management framework for a navigation authority within the Indonesian aviation sector using the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) as the primary standard. This research also utilizes national aviation regulations, Center for Internet Security Controls (CIS Controls) v8.0, and ISO/IEC 27002:2022 as supporting frameworks. The research employs a qualitative descriptive approach, gathering data through field observations, document analysis, and structured questionnaires with three expert respondents: two IT management staff and one navigation inspector. The results reveal that the organization's cybersecurity maturity is at Tier 3 (Repeatable). The risk management process identified 82 risk scenarios, comprising 5 medium risks, 23 low risks, and 54 very low risks. Based on these findings, control recommendations based on CIS v8.0 and ISO/IEC 27002:2022 were formulated to mitigate risks and improve cybersecurity governance.
Bahasa Abstract
Seiring meningkatnya teknologi, pemanfaatan ruang siber di Indonesia berkembang signifikan, termasuk pada sektor Infrastruktur Informasi Vital (IIV) seperti penerbangan. Namun, perkembangan ini membawa potensi ancaman siber yang dapat mengganggu operasional. Penelitian ini bertujuan merancang manajemen risiko siber yang sistematis pada otoritas navigasi di sektor penerbangan Indonesia menggunakan National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) sebagai standar utama. Penelitian ini juga menggunakan regulasi internal penerbangan nasional, Center for Internet Security Controls (CIS Controls) v8.0, dan ISO/IEC 27002:2022 sebagai kerangka pendukung. Metode penelitian yang digunakan adalah deskriptif kualitatif dengan pengumpulan data melalui observasi lapangan, analisis dokumen, serta kuesioner terstruktur bersama tiga responden ahli, yaitu dua staf pengelola TI dan satu inspektur navigasi. Hasil penelitian menunjukkan tingkat kematangan keamanan siber organisasi berada pada Tier 3 (Repeatable). Proses manajemen risiko berhasil mengidentifikasi 82 skenario risiko, dengan rincian 5 risiko tingkat menengah, 23 risiko tingkat rendah, dan 54 risiko tingkat sangat rendah. Berdasarkan hasil tersebut, dirumuskan rekomendasi kontrol berbasis CIS v8.0 dan ISO/IEC 27002:2022 untuk memitigasi risiko guna mendukung tata kelola keamanan siber
References
AeroSpace Honeywell. (2022). Aerospace Industry Focuses on Cybersecurity. AeroSpace Honeywell. https://aerospace.honeywell.com/us/en/about-us/blogs/aerospace-industry-focuses-on-cybersecurity
APJII. (2022). Laporan Survei Internet APJII 2022. APJII. https://apjii.or.id/content/read/39/559/LaporanSurveiProfil-Internet-Indonesia-2022
Azhari, M. F., Yuwono, T., & Manar, D. G. (2022). Penggunaan Aplikasi SI D’nOK oleh Pemerintah Kota Semarang dalam Mewujudkan Good Governance. Journal of Politic and Government Studies, 11(2), 148–169.
Briliyant, O. C., & Ashari, R. A. (2018). Rencana Penerapan Cyber-Risk Management Menggunakan NIST CSF dan COBIT 5. Jurnal Sistem Informasi, 14(2), 83–89.
Center for Internet Security. (2021). CIS Controls Version 8. www.cisecurity.org/controls/
CNN Indonesia. (2017). Begini Cara Hacker Bobol Situs Tiket.com. CNN Indonesia. https://www.cnnindonesia.com/teknologi/20170331145137-185-%0A204065/begini-cara-hacker-bobol-situstiketcom %0A
Hadiati, T. L., Saputra, J. D., Novitasari, A., & Fajarwati, I. (2021). Aplikasi (SI D’nOK), Peran Pemerintah dan Tingkat Kepuasan Masyarakat. Public Service and Governance Journal, 2(2), 55–64.
Harwood, S. (2022). Aviation is facing a rising wave of cyber-attacks in the wake of COVID. https://www.shlegal.com/insights/aviation-is-facing-a-%0Arisingwave-of-cyber-attacks-in-the-wake-ofcovid%0A
ISO. (2022). ISO/IEC 27002:2022 - Information security, cybersecurity and privacy protection — Information security controls. https://www.iso.org/standard/75652.html
Julianto, A. S., Hikmah, I. R., & Yasa, R. N. (2024). Cyber-Risk Management Menggunakan NIST Cybersecurity Framework(CSF) dan COBIT2019 pada Instansi XYZ. Jurnal Info Kripto, 18(2), 41–47.
Kementerian Perhubungan Republik Indonesia. (2018). Tangkal Cyber Attack di Penerbangan dengan Aviation Cyber Security. Kementerian Perhubungan Republik Indonesia. https://hubud.kemenhub.go.id/hubud/website/berita/3623
Kementerian Perhubungan Republik Indonesia. (2022). Gerakan Nasional Kembali ke Angkutan Umum. Kementerian Perhubungan Republik Indonesia. https://dephub.go.id/post/read/gerakan-nasional-kembali-ke-angkutan-umum
Peraturan Menteri Pertahanan Nomor 82 Tahun 2014 tentang Pedoman Pertahanan Siber, (2014).
Kumala, S. L. (2021). Perkembangan Ekonomi Berbasis Digital di Indonesia. Journal of Economics and Regional Science, 1(2), 109–117.
NIST. (2024). The NIST Cybersecurity Framework (CSF) 2.0. https://doi.org/https://doi.org/10.6028/NIST.CSWP.29
Paté-Cornell, M., Kuypers, M., Smith, M., & Keller, P. (2018). Cyber Risk Management for Critical Infrastructure: A Risk Analysis Model and Three Case Studies. Risk Analysis, 38(2), 226–241. https://doi.org/https://doi.org/10.1111/risa.12844
Peraturan Presiden (Perpres) Nomor 82 Tahun 2022 tentang Pelindungan Infrastruktur Informasi Vital, (2022).
Soeward, B. A. (2013). Perlunya Pembangunan Sistem Pertahanan Siber (Cyber Defense) yang Tangguh bagi Indonesia. Media Informasi Ditjen Pothan Kemhan, 31–35.
Recommended Citation
Qurota'aini, Annisa Aulia Budianti; Hikmah, Ira Rosianal; and Hikmah, Yulial
(2026)
"Design and Implementation of Cyber Risk Management in the Indonesian Aviation Sector Based on NIST CSF and ISO/IEC 27002:2022,"
Jurnal Vokasi Indonesia: Vol. 14:
No.
1, Article 2.
Available at:
https://scholarhub.ui.ac.id/jvi/vol14/iss1/2
Included in
Aviation Safety and Security Commons, Maintenance Technology Commons, Management and Operations Commons, Other Computer Engineering Commons, Risk Analysis Commons






