BSSN Conducts 2026 Cybersecurity and Cryptography Maturity Assessment at Labuan Bajo Flores Tourism Authority

Labuan Bajo, 18 June 2026 — The National Cyber and Crypto Agency (Badan Siber dan Sandi Negara/BSSN) conducted the 2026 Cybersecurity and Cryptography Maturity Assessment (IKASANDI) at the Labuan Bajo Flores Tourism Authority (LBFTA) on Wednesday, June 17, 2026. The assessment took place from 1:00 PM to 4:30 PM WITA and aimed to evaluate the maturity level of cybersecurity and cryptographic governance within the implementation of the Electronic-Based Government System (SPBE) at BPOLBF.

The activity began with discussions on digital governance, information security management, and LBFTA’s ongoing efforts to strengthen its digital ecosystem. During the opening session, LBFTA highlighted the importance of collaboration with BSSN in improving digital governance practices and enhancing the security posture of government information systems.

LBFTA also shared its recent digital transformation initiatives, including the migration of its official website from the former domain, labuanbajoflores.id, to bpolbf.kemenpar.go.id as part of the integration of digital services within the Ministry of Tourism ecosystem.

In addition, LBFTA reported that earlier this year it had successfully conducted an Information Technology Security Assessment (ITSA) or penetration testing exercise, followed by website hardening and security verification activities in collaboration with the Center for Data and Information Technology (Pusdatin) of the Ministry of Tourism. The organization views the IKASANDI assessment as a continuation of these efforts to strengthen cybersecurity governance and improve the resilience of its digital infrastructure.

The BSSN assessment team, led by Arief Putu Pratama, explained that the primary objective of IKASANDI is to evaluate the management of government digital systems, assess the development of digital government services, and provide recommendations for improving digital governance within public sector organizations.

The implementation of IKASANDI is based on Government Regulation No. 71 of 2019 concerning the Operation of Electronic Systems and Transactions, which stipulates that Electronic System Operators (ESOs) are responsible for ensuring the security, reliability, and proper operation of their electronic systems, including information security and internal communication infrastructure.

The assessment also supports Indonesia’s national digital transformation agenda outlined in Presidential Regulation No. 12 of 2025 concerning the 2025–2029 National Medium-Term Development Plan (RPJMN), which targets the realization of a transparent, inclusive, and efficient digital government.

During the session, BSSN presented key components used in evaluating digital government performance, including governance and management, digital service delivery, data management, cybersecurity, digital technology, integration of government digital services, and user satisfaction.

BSSN further explained that the national digital government trajectory sets a target digital service maturity level of 1.70 out of 5 for 2026. The target reflects the government’s recognition that many Electronic System Operators across central and regional institutions are still progressing toward higher levels of digital maturity and operational excellence.

As a national assessment instrument, IKASANDI is designed to measure the Cybersecurity and Cryptography Maturity Level of government institutions and Electronic System Operators. The framework consists of two primary measurement components: Cybersecurity Maturity Assessment and Cryptography Maturity Assessment. The results are intended to provide organizations with guidance for achieving secure, reliable, and sustainable electronic system operations.

During the assessment process, LBFTA presented various cybersecurity initiatives that have been implemented within the organization, including the completion of an IT Security Assessment, website hardening activities, and the verification of website security controls conducted earlier in 2026.

LBFTA also outlined its cyber incident communication procedures. In the event of a cybersecurity incident, the organization is prepared to submit incident reporting forms and official memoranda to the Ministry of Tourism’s Center for Data and Information Technology. Given that LBFTA’s data center infrastructure is hosted within the Ministry of Tourism environment, cyber incident management procedures are aligned with the Ministry’s cybersecurity response framework and operational standards.

As part of the assessment, the BSSN team, represented by Pandu Bagus, conducted an in-depth interview to evaluate the maturity level of LBFTA’s cybersecurity management practices. The assessment was carried out holistically across four key cybersecurity functions: Identify, Protect, Detect, and Recover.

The Identify function covered organizational roles and responsibilities, cybersecurity strategies and policies, information asset management, cybersecurity risk management, and supply chain risk considerations. The Recover function assessed recovery planning, incident analysis, incident response activities, and continuous security improvement efforts.

Meanwhile, the Protect function examined identity and authentication controls, physical asset security, data protection, application security, network security, and human resource management. The Detect function focused on cybersecurity event detection capabilities, anomaly analysis processes, and continuous monitoring mechanisms.

BSSN noted that the information gathered through interviews and supporting documentation would be analyzed further to determine LBFTA’s cybersecurity and cryptography maturity level. The analysis will also serve as the basis for recommendations aimed at strengthening cybersecurity governance and improving the management of electronic systems within the organization.

The maturity assessment results are expected to be delivered to LBFTA later this week.

Through the implementation of the 2026 IKASANDI assessment, LBFTA continues to strengthen its commitment to information security, cybersecurity resilience, and the development of secure and reliable digital government services. The initiative reflects the organization’s broader effort to support Indonesia’s digital transformation agenda while ensuring that public digital services remain trusted, resilient, and sustainable.

— Engel Vione
IT Support Specialist & Public Communication Officer
Labuan Bajo Flores Tourism Authority (LBFTA)