As a holder of Master of Science in Cyber Security and certified cyber security practitioner, it is obligatory for me to write a respond towards this blasphemy of so called the regulation of Cyber Security (RUU KKS). Not only this regulation will be the fastest regulation ever made (5 days) and outrun the current fastest regulation ever passed RUU KPK (14 days), but also this regulation is impractical, defective and restrictive. It regulates the domestic content of security devices and solution to be at least 50 percent (RUU KKS Article 66 Verse 1). Let us ponder a little while, what is the most used firewall brand in Indonesia ?. Palo Alto, CISCO and HUAWEI are definitely not Indonesian brand. How about SSL ? Most of the world websites still depend on Comodo SSL. Even though there are self-signed SSL certificates, the code itself was not developed by Indonesian. The list will go further from email, cloud, network devices and other supporting solution. Literally, when this regulation takes effect, a second later all ministries and government agencies will not comply to this law as well as the appointed agency to oversee this regulation, the so called Badan Siber dan Sandi Negara (BSSN – National Cyber and Encryption Agency).
While the article 66 verse 1 shows how superficial the regulation was made, the article 11 verse 2 defines how defective the regulation is. It defines cyber threats are products or inventions that can be used as cyber security weapon, overseen by BSSN. Interpreting the regulation, definitely your Xiao Mi is a subject of cyber threat. Well, indeed if it is used to run Cain & Abel software, or cracking tools, or used for hoax industry (if you know what I mean 
). In my 10 years working in IT related industry, all internet connected electronic devices have potential “to be used” as cyber security weapon, but it is always up to the user. Instead putting all electronic devices as a cyber threat, the government should focus on establishing strong regulation to force SSL, promoting secure coding practices and segregation of duty. But I do realize that the article 11 verse 2 will make the government have a legal platform to ban an electronic device brand in Indonesia like what Trump did to HUAWEI. With the track record of corrupt government and getting worse, hypothetically we just need to wait until SAMSUNG bribes our government to ban APPLE while frame all of it under the message “it is a cyber threat” legally. GREAT!!!
I am not even finished yet, the RUU KKS has great potential to violate the freedom of speech. As the regulation legally gives mandate for BSSN to cut the internet from an entity if seen as cyber threat (RUU KKS Article 14 Verse 2 f), the government will have full control of content in the internet and remove things that they see unfit. For you who can not comprehend this, I will give you a simple analogy “We are becoming North Korea”.
It is not like I disagree to the whole RUU KKS. I think it is indispensable for Indonesia to have regulation regarding cyber security. All great countries have their cyber security matters organized. Unfortunately, I have to condemn this ridiculous regulation.
Reference