National Cybersecurity Agency (BSSN) Salaries Under Scrutiny Following National Data Center Shutdown: How Much Do They Earn?

The paralysis of the National Data Center (PDN) due to a ransomware attack has drawn public attention. This topic has been widely discussed on social media, especially on X (formerly Twitter).

The word "resign" even became a trending topic on X. Several netizens called for the resignation of responsible officials, accusing them of failing to address the chaos. The entities deemed responsible are the National Cyber and Crypto Agency (BSSN) and the Ministry of Communication and Informatics (Kemenkominfo).

Netizens also highlighted the salaries of officials in these two ministries/agencies. "@rizkidwika," a viral account with over 15,000 likes on Thursday (June 27, 2024), wrote, "High salaries but can't do the job."

So, how much are the salaries and allowances of BSSN officials?

Based on BSSN Regulation No. 3/2020 concerning the Implementation of Performance Allowances for Employees within the National Cyber and Crypto Agency, employee allowances are adjusted based on their job level.

The highest is level 18, or the head of BSSN, who receives an allowance of Rp49.86 million per month. This excludes basic salary and other allowances, such as position allowance, food or rice allowance, and so on.

Second highest is level 17 at Rp33.24 million per month. Third is level 16 at Rp27.57 million per month.

The higher the job level, the higher the performance allowance. The lowest level, level 1, receives an allowance of Rp2.53 million per month; level 2 receives Rp2.7 million; and level 3 receives Rp2.89 million.

Here is a complete list of BSSN employee performance allowances (tukin):

* Level 18/Head of BSSN: Rp 49,860,000.00
* Level 17: Rp 33,240,000.00
* Level 16: Rp 27,577,500.00
* Level 15: Rp 19,280,000.00
* Level 14: Rp 17,064,000.00
* Level 13: Rp 10,936,000.00
* Level 12: Rp 9,896,000.00
* Level 11: Rp 8,757,600.00
* Level 10: Rp 5,979,200.00
* Level 9: Rp 5,079,200.00
* Level 8: Rp 4,595,150.00
* Level 7: Rp 3,915,950.00
* Level 6: Rp 3,510,400.00
* Level 5: Rp 3,134,250.00
* Level 4: Rp 2,985,000.00
* Level 3: Rp 2,898,000.00
* Level 2: Rp 2,708,250.00
* Level 1: Rp 2,531,250.00

(Also read: Before Ransomware Attack, National Data Center Received Rp700 Billion in State Budget)

Government Responsibility

*Katadata* reported that the temporary National Data Center (PDN) managed by the Ministry of Communication and Informatics (Kemenkominfo) and Telkom Sigma has been under ransomware attack since June 20, 2024.

The Indonesian Legal Aid and Community Advocacy Institute (ELSAM) considers the attack, which caused disruptions to public services, a government failure to protect personal data. ELSAM Executive Director Wahyudi Djafar stated that the alleged failure to protect personal data from the temporary PDN incident can be addressed according to Law No. 27/2022 on Personal Data Protection (PDP).

“This alleged failure to protect personal data stems from the high probability of processing citizens' personal data managed by various ministries/agencies and storing that data in the temporary PDN,” said Wahyudi in a press statement on Tuesday (June 25, 2024).

Responding to the cybersecurity incident and the alleged failure to protect personal data on the temporary PDN infrastructure, ELSAM emphasizes that stakeholders should:

* The BSSN must ensure a thorough investigation to determine the cause of the incident, provide an accountable report to the public, and restore the system and data stored on the temporary PDN infrastructure.
* The BSSN must conduct a comprehensive cybersecurity audit of vital information infrastructure, especially that related to the processing of strategic data and citizens' personal data.
* The Ministry of Communication and Informatics must ensure compliance with all standards related to personal data protection, including the obligation to immediately notify data subjects regarding the failure to protect personal data.
* The President and the DPR (House of Representatives) should immediately prepare a draft initiative for a Cybersecurity Bill, emphasizing a human-centric approach, to respond to all dynamics related to cybersecurity.
* The government must guarantee an effective recovery mechanism for the public regarding the cybersecurity incident, including those related to the failure to protect personal data and the failure to provide public services.

(Read *Katadata*: ELSAM on PDN Ransomware Attack: This is a Government Failure)