Indonesia's Coretax System Overhaul: From Security Gaps to High Performance

Introduction

Indonesia’s Coretax system, a core component of the country’s tax administration infrastructure, has undergone significant enhancements as detailed by officials in a recent video discussion. Coretax is Indonesia’s centralized tax information system designed to manage tax collection, compliance, and enforcement processes. The speaker, Mr. Purbaya, highlighted a multi-layered approach to addressing systemic issues, improving security, and boosting performance. This analysis delves into the technical challenges, solutions implemented, and broader implications for Indonesia’s digital sovereignty and operational efficiency.

Technical Architecture and Layered Fixes

The Coretax system is structured in multiple layers, each with specific functions and vulnerabilities. Mr. Purbaya described targeted improvements across these layers:

Upper Layer: Network and Connectivity

Issues Identified

Frequent timeouts and login failures due to unreliable internet connections via Telkom.
Core network instability leading to session drops, preventing users from accessing the system or continuing workflows post-login.

Solutions Implemented

Traffic rerouted to Lintas Arta, an alternative provider, for stable connectivity.
This addressed immediate access problems and improved overall system reliability.

Impact

Reduced user frustration and increased uptime.
Smoother tax-related transactions.

Middle Layer: Application and Security Management

Issues Identified

Session and cookie management failures causing pages to redirect or go blank.
Absence of a Content Delivery Network (CDN) slowing data retrieval.
Overly aggressive security policies blocking legitimate access without focusing on core threats.

Solutions Implemented

Configurations applied to streamline session handling.
Security policies adjusted to prioritize application protection over blanket restrictions.
Application firewall reconfigured for balanced security and usability.

Impact

Enhanced user experience with faster page loads and fewer access denials.
Maintained robust protection against threats.

Programming Layer: Code Quality and Logic

Issues Identified

Applications displaying misleading error pop-ups despite processing in the background.
Data values fluctuating and case management suboptimal, causing delays.

Solutions Implemented

Partial fixes applied through patches.
Recommendations forwarded to LG (the original vendor).
Full access to source code expected in December for comprehensive improvements.

Impact

Reduced error rates and improved data accuracy.
Plans for deeper refactoring.

Operational Layer: Data Management and Performance

Issues Identified

Large data retrievals during busy periods causing timeouts and slow displays.
Affecting overall efficiency.

Solutions Implemented

Operational management under review.
Strategies developed to optimize data handling and resource allocation.

Impact

Gradual improvements in processing times.
Better scalability for future demands.

Cybersecurity Enhancements: From Vulnerability to Fortification

Mr. Purbaya emphasized a remarkable turnaround in cybersecurity:

Initial State

System prone to data breaches, with reports of information being sold externally.
Security score at 30/100.

Improvements

Engaged elite Indonesian hackers—ranked among the world’s best—to identify and fix vulnerabilities.
Local expertise ensured culturally and contextually appropriate solutions.

Outcomes

Achieved near-impenetrable status, preventing unauthorized access and data leaks.
Security score elevated to 95+.
Underscores Indonesia’s growing cybersecurity capabilities.

Performance Metrics and User Experience

Performance improvements include:

Non-transactional performance jumped from 0 to 95+.
Significant gains in speed and reliability.
Reduced errors, faster response times.
Enhanced user satisfaction, making tax compliance more efficient.

Strategic Implications and Future Directions

The upgrades have broader implications:

Reducing Foreign Dependencies

LG’s code criticized for poor quality, described as “high school level.”
Delays in responses highlighted over-reliance on foreign vendors.
Strengthened internal teams for full control by January 2026.
Fostering self-sufficiency in critical IT infrastructure.

Cost Efficiency

No additional costs incurred.
Improvements made using existing staff and resources.
Demonstrated efficient resource utilization.

Team Development

Existing teams talented but lacked direction.
Through targeted guidance, skills harnessed effectively.
Avoided need for new hires.

Timeline of Key Events

Pre-2025: Initial vulnerabilities with security score at 30/100, frequent data leaks, poor performance.
Early 2025: Layer fixes begin; upper and middle layers addressed, connectivity switched.
Mid-2025: Top Indonesian hackers recruited for security testing.
Late 2025: Security peak reached with score at 95+, data leaks prevented.
December 2025: Full source code access granted for programming layer fixes.
January 2026: Local team takes complete control, system optimization.

Analysis and Insights

Key insights from Mr. Purbaya’s discussion:

Technical Debt: Issues stem from initial poor design and vendor limitations, common in government IT projects.
Local Innovation: Leveraging Indonesian talent for cybersecurity shows potential in high-tech fields.
Strategic Autonomy: Push to reduce LG’s involvement aligns with digital sovereignty goals.
Scalability: Improvements ensure system handles increasing demands as economy grows.

Conclusion

The Coretax system overhaul represents a pivotal moment for Indonesia’s digital infrastructure. By addressing technical flaws, enhancing security, and promoting local expertise, the upgrades improve operational efficiency and pave the way for greater technological independence. Further optimizations expected as full control is assumed, potentially setting a model for other developing nations.

Source: YouTube Video by Mr. Purbaya