Indonesia’s New Cyber Military Force Idea
In recent years, Indonesia has faced an alarming surge in cyber threats, ranging from data breaches of public and government institutions to ransomware attacks. These incidents have exposed glaring vulnerabilities in the nation’s cyber defenses, prompting widespread concern about the adequacy of existing cybersecurity measures. Amidst this backdrop, Bambang Soesatyo, the Chairman of the People’s Consultative Assembly (MPR), has called for the urgent formation of a fourth branch of the Indonesian National Armed Forces (TNI) focused on cybersecurity – the Cyber Force. Minister of Communication and Informatics, Budi Arie Setiadi, expressed his support for the establishment of a cyber military force, which was proposed by Speaker of the People’s Consultative Assembly (MPR), Bambang Soesatyo on August 16, 2024.
The rationale behind this proposal is rooted in the pressing need to safeguard national security in an increasingly digital world. Cyberattacks have the potential to disrupt not only governmental operations but also the broader economy, critical services, and even public trust in state institutions. The government’s current cybersecurity apparatus, including the National Cyber and Crypto Agency (BSSN), has been criticized for lacking the robust capabilities and resources necessary to effectively combat these ever-evolving threats. By establishing a Cyber Force within the TNI, proponents argue that Indonesia could better defend its sovereignty in cyberspace, leveraging the military’s discipline, structure, and resources to create a formidable line of defense against both state and non-state actors. However, while the urgency of bolstering Indonesia’s cybersecurity is undeniable, the proposed solution – militarizing the nation’s cyber defenses – carries with it significant risks and challenges that must be critically examined.
Global Cyber Military Forces: an Overview
The establishment of military cyber forces has become a global trend as nations seek to protect themselves against the increasing threats in cyberspace. Several countries have developed specialized military units dedicated to cyber operations, each with its own organizational structure and strategic goals. The United States Cyber Command (USCYBERCOM) was established in 2009 and is one of the most prominent examples of a military cyber force. As a unified combatant command under the U.S. Department of Defense, USCYBERCOM is tasked with conducting full-spectrum military cyberspace operations to ensure U.S. and allied freedom of action in cyberspace and deny the same to adversaries. The United Kingdom’s Joint Forces Cyber Group (JFCG) was established in 2013 under the Ministry of Defence as part of the UK Strategic Command. The JFCG is responsible for defending UK military networks, conducting offensive cyber operations, and providing cyber support to military operations.Russia’s cyber capabilities are primarily concentrated within the Main Directorate of the General Staff, commonly known as the GRU. The GRU is responsible for a wide range of military intelligence activities, including cyber operations. China established the People’s Liberation Army Strategic Support Force (PLASSF) in 2015 as part of a major military reform. The PLASSF integrates space, cyber, electronic warfare, and psychological operations under a single command structure, reflecting China’s approach to integrating cyber operations into its overall military strategy.Israel’s Unit 8200, part of the Israeli Defense Forces (IDF) Intelligence Corps, is one of the most well-known military cyber units in the world. Unit 8200 is responsible for cyber defense, intelligence gathering, and offensive cyber operations.
Across these examples, military cyber forces have proven effective in achieving their respective nations strategic objectives, particularly in the areas of cyber defense, intelligence gathering, and offensive operations. The integration of cyber capabilities into military structures allows for a rapid and coordinated response to cyber threats, leveraging the resources and expertise of the military. For countries like the United States and Israel, this integration has been particularly successful due to strong ties between military cyber units and the civilian technology sector.
However, the effectiveness of these forces is often undermined by challenges related to coordination and jurisdictional overlap. The primary issue is the division of responsibilities between military and civilian agencies. In many cases, military cyber forces must operate alongside civilian cybersecurity agencies, intelligence services, and law enforcement, leading to potential conflicts over jurisdiction and authority. This overlap can result in inefficiencies, delays in response, and even the failure to adequately address cyber threats. For example, in the United States, the overlapping responsibilities of USCYBERCOM, the FBI, and DHS have sometimes led to confusion and gaps in the nation’s cyber defense posture.
Comparative Lessons and Challenges
As Indonesia contemplates the establishment of a dedicated Cyber Force within its military structure, there are significant lessons to be learned from the experiences of other countries that have already ventured down this path. The comparative analysis of military cyber forces across nations like the United States, United Kingdom, Russia, China, and Israel reveals both the potential benefits and critical challenges associated with militarizing cyber defense. For Indonesia, particularly the Indonesian National Armed Forces (TNI), these lessons are invaluable in shaping a cyber force that not only enhances national security but also integrates seamlessly with the existing cybersecurity landscape.
1. The Coordination Challenge: A Bureaucratic Quagmire
One of the primary challenges in creating a Cyber Force within the TNI is the complex web of coordination that would be required across existing government agencies. Indonesia already has several bodies responsible for cybersecurity, such as the National Cyber and Crypto Agency (BSSN), the Ministry of Communication and Informatics (Kominfo), intelligence services, and the police force. Introducing a new military branch into this already crowded landscape would further complicate the delineation of responsibilities, leading to potential jurisdictional conflicts. Each of these entities currently has distinct roles and mandates in securing the nation’s cyber infrastructure, and the addition of a military-led force could exacerbate competition for control and resources, creating a bureaucratic quagmire that hampers rather than enhances cybersecurity efforts. The resulting overlap in authorities and confusion over operational boundaries could lead to inefficiencies and, in the worst-case scenario, critical gaps in the nation’s cyber defense strategy.
One of the most consistent challenges faced by military cyber forces globally is the issue of overlapping authority with civilian agencies. In the United States, for example, the coexistence of USCYBERCOM with civilian agencies like the Department of Homeland Security (DHS) and the FBI has led to jurisdictional confusion, inefficiencies, and at times, critical gaps in response. Similarly, in the United Kingdom, the division of responsibilities between the Joint Forces Cyber Group (JFCG) and the National Cyber Security Centre (NCSC) has required careful coordination to avoid redundancy and conflict.
To avoid these pitfalls, it is crucial that Indonesia clearly defines the roles and responsibilities of the proposed Cyber Force relative to existing agencies like the National Cyber and Crypto Agency (BSSN), the Ministry of Communication and Informatics (Kominfo), and law enforcement bodies. Establishing a robust framework for inter-agency cooperation and delineating clear jurisdictional boundaries will be essential to prevent the kind of bureaucratic quagmires seen in other countries.
2. Implications for Democracy: A Militarization of Cyberspace
The creation of a Cyber Force within the military raises critical questions about the militarization of cyberspace and its implications for democracy. In democratic societies, cybersecurity is typically managed by civilian institutions to ensure transparency, accountability, and respect for civil liberties. However, the introduction of a military-led cyber unit risks expanding the military’s authority beyond its conventional domain, encroaching on civilian areas. This expansion of power could lead to the militarization of issues traditionally handled by non-military entities, with the potential for overreach and abuse of power. There is a real danger that such a force could be used not only for national defense but also for internal surveillance or control, especially in a country where the boundaries between state power and civil liberties are not always clear-cut.
Moreover, shifting cybersecurity responsibilities to a military entity may fundamentally alter the approach to digital threats, making it more aggressive and defense-oriented. This shift could undermine the balanced and nuanced strategies that are essential for dealing with the complexities of the cyber domain, where not all threats are state-sponsored or require military intervention. Instead of fostering a secure and open digital environment, a military-dominated approach might escalate tensions and lead to a more hostile cyber landscape.
Indonesia must carefully balance the military’s involvement in cybersecurity with the need for civilian oversight and control. While the TNI Cyber Force would be well-positioned to handle cyber threats against military and critical national infrastructure, it is imperative that civilian agencies retain primary responsibility for protecting civilian cyber infrastructure. This balance will help to maintain transparency, prevent the overreach of military power into civilian spheres, and ensure that cybersecurity efforts are aligned with democratic principles and civil liberties.
3. Military Adaptability: Can a Bureaucratic Institution Keep Pace with Cyber Threats?
The very nature of cyber threats – fast-evolving, sophisticated, and often unpredictable – poses a significant challenge for traditional military institutions, which are typically bureaucratic and slower to adapt. While the TNI is well-versed in conventional warfare, cybersecurity demands a level of agility, innovation, and continuous learning that is at odds with the hierarchical and rigid structure of the military. A Cyber Force within the TNI might struggle to keep up with the rapidly changing landscape of cyber threats, potentially becoming obsolete or ineffective. Moreover, the military’s conventional mindset may hinder the adoption of unconventional strategies that are often necessary in the cyber domain.
Cyber threats are constantly evolving, requiring a level of agility and adaptability that traditional military institutions may struggle to achieve. The hierarchical and bureaucratic nature of military organizations can slow down decision-making processes and hinder the ability to respond to fast-changing threats. The TNI Cyber Force must be designed with agility and adaptability at its core. This might involve adopting flatter organizational structures, fostering a culture of continuous learning and innovation, and ensuring that cyber units have the autonomy to respond quickly to emerging threats. Additionally, close collaboration with the private sector and academic institutions can help the TNI stay ahead of the curve in terms of technology and strategy.
Conclusion: A Strategic and Balanced Approach for Indonesia
While the establishment of a TNI Cyber Force might seem like a logical step in bolstering national security, it is fraught with challenges that could outweigh the benefits. The Indonesian government must carefully weigh the potential risks to democratic governance, the difficulties of inter-agency coordination, and the adaptability of a military institution to the unique demands of cyberspace. Rather than rushing into the creation of a new military branch, a more prudent approach would be to strengthen existing civilian cybersecurity agencies and foster better coordination across all relevant sectors. In the rapidly evolving realm of cybersecurity, the key to success lies not in the militarization of cyberspace, but in a balanced, well-coordinated, and democratically accountable approach.
The lessons from other countries’ experiences with military cyber forces highlight the need for Indonesia to take a strategic and balanced approach in the formation of its TNI Cyber Force. While the benefits of such a force in terms of enhanced national security are clear, the challenges – particularly regarding coordination, jurisdiction, and the balance between military and civilian efforts – must be carefully managed. For Indonesia, the key to success will lie in establishing clear roles and responsibilities, ensuring agility and adaptability, integrating cyber defense into a broader national strategy, and maintaining a strong legal and ethical framework. By learning from the experiences of others, Indonesia can create a TNI Cyber Force that not only strengthens national security but also respects the principles of democracy, transparency, and international law.