Indonesia stands at a turning point as the country commemorated 80 years of independence in August 2025 and the National Armed Forces (TNI) mark their 80th anniversary in October. This milestone occurs at a time when the nature of warfare has shifted decisively to the cyber domain, making it increasingly difficult to distinguish between periods of peace and moments of confrontation.
In light of this, a pressing question emerges: can Indonesia’s current cyber strategy, predominantly reactive and resilience-focused, withstand the incursions of capable state-sponsored and non-state actors? Early evidence suggests it cannot. A series of escalating cyber incidents has exposed the limits of a purely defensive approach, making clear that Indonesia must adopt an offensive cyber posture if it is to protect its national security in an increasingly contested cyberspace.
Recent attacks and security breaches provide sobering context for why Indonesia must rethink its cyber defence. In June 2024, the “Brain Cipher” ransomware attack paralyzed the country’s interim national data centre, disrupting immigration processing and over 200 other public services. Moreover, in the first half of 2025 alone, Indonesia’s Cyber and Crypto Agency tracked an astonishing 3.64 billion hostile cyber incidents targeting the country. This surge nearly surpassed the combined cyber intrusions of the previous five years, which indicates a sharp escalation in the scale and tempo of threats.
Nor has Indonesia been alone — its Southeast Asian neighbours have also faced significant cyber intrusions. In 2025, Singapore disclosed a state-linked cyber espionage campaign targeting its critical infrastructure, Malaysia reported a substantial increase in cyber incidents targeting its government and critical sectors, and the Philippines faced a rise in AI-driven, state-sponsored cyberattacks targeting government, industrial, and education sectors. These incidents make it clear that Indonesia should adopt a more proactive and robust cyber defence posture.
To confront this threat, Indonesia can adopt lessons from USCYBERCOM’s defend forward doctrine, which calls for identifying and disrupting threats at their origin abroad rather than absorbing attacks within domestic networks. This strategy of engaging threats early, much like patrolling contested cyber domain, has allowed the United States to disrupt cyber threats before they reach domestic targets. For Indonesia, adopting elements of this approach would represent a doctrinal shift toward parrying threats outside national networks, rather than absorbing the full brunt of attacks on the government’s own systems.
Indonesia has, in fact, recognized cyberspace as a national security domain as early as 2014 through its Cyber Defence Guidelines, which emphasized protection of military systems and identified, in principle, the role of counter-attack capabilities in deterrence. And in 2015, cyber was formally recognized as a pillar of national defence in Indonesia’s White Paper, alongside air, sea, and land, but without the necessary operational framework for implementation. The TNI, likewise, established a cyber unit in 2017 to improve doctrine and readiness, but its mission has been largely confined to protecting defence infrastructure and monitoring threats, with only a long-term aspiration of developing offensive capability.
Some may assert that an offensive cyber posture risks institutional overreach through unchecked authority, escalation through unintended retaliation, and erosion of civil liberties through expanded surveillance, specifically without clear legal boundaries. These arguments, without a doubt, deserve consideration, as Indonesia’s own history shows that unchecked power and legal ambiguity have led to abuse.
Inactions, however, carry risks of their own. Relying solely on passive cyber defence would invite continued intrusion by hostile actors who face little resistance. Over time, this weakens national security and signals that the country will not respond, no matter the scale of the intrusion. It follows that a carefully limited offensive cyber capability can raise the cost for potential aggressors and help prevent future threats without compromising democratic principles.
Converting now strategic intent into operational capability, Indonesia should implement a series of pragmatic reforms, over the coming years, to establish an offensive cyber posture within the TNI’s cyber unit.
First, the government ought to publish a strategic cyber defence white paper that explicitly articulates the missions and limits of offensive cyber defence. This document would enumerate scenarios under which Indonesia might conduct offensive cyber operations — to preempt an imminent attack on critical infrastructure — and delineate the authority chain for oversight of such actions. By making the doctrine public, the country sends a clear signal of intent to potential aggressors that any malicious cyber intrusions will be met with a resolute response.
Second, the currently-pending Cybersecurity and Resillience Bill should formally integrate legal authorization alongside robust oversight mechanisms. Offensives in cyberspace should require sign-offs at the highest political levels – ideally a dedicated committee in the legislature to review sensitive operations. This method reflects the practices of other democracies where cyber offensive actions, akin to intelligence operations, are subject to thorough scrutiny before and after execution.
Subsequently, the defence ministry should update its 2014 Cyber Defence Guidelines by publishing a redefined cyber defence doctrine with detailed operational annexes. This new doctrine should include lessons from recent years, define the role of offensive cyber operations within Indonesia’s broader defence strategy, outline cyber capabilities to be developed, as well as inter-agency coordination channels to ensure a unified response to cyber threats.
Ultimately, the government should institutionalize regular joint cyber exercises that bring together cyber agency, TNI’s cyber unit, police’s cybercrime division, and state intelligence agency’s cyber intelligence directorate. These exercises would simulate offensive and defensive cyber scenarios, thereby enhancing readiness and inter-agency cooperation. To make this work, the proposed Cybersecurity and Resilience Bill must also address the structural problem of overlapping mandates, which has long impeded clear lines of authority in Indonesia’s cyber defence architecture.
In any future conflict, an adversary’s first move will very likely be to disrupt Indonesia’s critical infrastructure systems via cyber means. Jakarta, therefore, cannot afford to treat cyberspace as a peripheral security concern. The nation has come a long way since its founding in a different era of warfare, and the evolution of its defence thinking must now reflect that transformation through the establishment of a disciplined, lawful, and deterrence-oriented cyber posture.
Geo Dzakwan Arshali is Undergraduate Student in International Affairs Management at School of International Studies, Universiti Utara Malaysia, and Research Intern (Regional Security Architecture Programme) with Institute of Defence and Strategic Studies (IDSS) at S. Rajaratnam School of International Studies (RSIS). He is concurrently an Emerging Leaders Fellow at FACTS Asia and Senior Analyst & Program Manager at World Order Lab.
Katherine Viella Irwanto is Graduate of International Relations from Universitas Indonesia, with a semester abroad at KU Leuven, and Analyst at World Order Lab. Her research interests focus on regional and institutional dynamics in the EU, ASEAN, and East Asia, combining domestic and international variables to produce a holistic analysis of foreign policy and non-traditional security issues.
Fransiscus Divo Marcellino Prasetia is Undergraduate Student in International Relations at Universitas Katolik Parahyangan, and Analyst at World Order Lab. His research interests focus on non-traditional security, media, and diplomacy through an integrative politics, psychology, and philosophy approach that examines their often-overlooked interrelations.
This article is published under a Creative Commons License and may be republished with attribution.
