ANALISIS IMPLEMENTASI NIST CYBERSECURITY FRAMEWORK (CSF) DAN CMMI DALAM PENINGKATAN KEMATANGAN SIBER PADA SISTEM JARINGAN KOMPUTER DI PT PORT SEKUPANG BATAM

Abstract

The maritime sector, especially port operations, heavily relies on computer systems to manage global logistics and communication. PT Port Sekupang Batam, as a strategic port, is facing heightened risks from cyber threats that could cause operational disruptions, financial losses, and damage to reputation. Global incidents of cyber attacks in the maritime sector are continuously rising, targeting supply chains and critical infrastructure. In the context of PT Port Sekupang Batam, computer systems form a complex ecosystem that is vulnerable to advanced attacks such as phishing, ransomware, and Denial of Service (DoS). The audit report in August 2022 showed that PT Port Sekupang Batam had been the target of a phishing attack that resulted in identity theft, unauthorized access to internal networks, and severe operational disruptions, highlighting the profound impact of human misconduct. In light of these threats, port facilities are required to comply with international maritime security regulations (ISPS Code, IMO MSC-FAL.1/Circ.3/Rev.1) and national regulations (PP No. 31, SE – DJPL 16 of 2024) that mandate a cybersecurity assessment (CSA) and a cybersecurity plan (CSP). To address this need, this study proposes a comprehensive cybersecurity framework that incorporates the NIST Cybersecurity Framework (CSF) and the Capability Maturity Model Integration (CMMI). The goal of this integration is to identify potential improvements, assess the effectiveness of security processes, and provide a structured plan for continuous improvement.