Cybersecurity experts are urging the Marcos administration to strengthen the country’s defenses against state-sponsored cyberattacks amid steadily escalating territorial tensions that have made a conflict involving the Philippines less implausible.
They said the recent hackings on the Department of Science and Technology (DOST) and Philippine Coast Guard (PCG) showed gaps in government agencies’ readiness to repel sophisticated cyberattacks, and provided a glimpse of what can happen should a hostile nation orchestrate a digital assault.
In an interview, Lito Averia, president of the Philippine Computer Emergency Response Team (PHCERT), noted that these apparently successful data breaches indicate that the government’s cybersecurity capabilities leave much to be desired.
The government, he added, should double down on protecting the country’s critical information infrastructure (CII), encompassing power generation and transmission facilities, water distribution facilities, telecommunications networks, cable landing stations, air and sea ports, the financial system, and the healthcare system, among others.
Averia said his group is presently advising several senators and congressmen on crafting the Senate and House versions of the Critical Information Infrastructure Protection Act, a bill that is expected to allocate more manpower and financial resources on protecting the government’s data.
He, however, admitted that the envisioned CII protection law may come too late because legislation moves at a snail’s pace, and so a “quick fix” is necessary as a stop-gap measure amid looming cyber threats from advanced adversaries.
“We are appealing to President Marcos to immediately issue an executive order that would pour more state resources into countering cyberattacks. Waiting for a law to be passed may take too long… future cyberattacks on Philippine interests are a near certainty,” Averia told the Manila Standard.
For his part, Sam Jacoba, president of National Association of Data Protection Officers of the Philippines (NADPOP), said in the absence of a stronger law protecting the country against advanced persistent threats (APTs), the government can always fall back on the National Cybersecurity Plan (NCSP) 2023-2028, which President Marcos already approved through Executive Order No. 58 last April 4.
An APT is defined as a stealthy threat actor, more commonly a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.
NADPOP’s president explained that the NCSP provides for the reorganization of the secretary-level National Cybersecurity Inter-Agency Committee (NCIAC), which is mandated to synergize the government’s response towards APTs.
“The NCSP is already there… all they have to do is implement it. It’s about time they reconvene the NCIAC. They have to prioritize (protecting) utilities, communications, finance… and even the BPO industry, which is an attractive target due to its economic significance, said Jacoba.
‘Cyber hygiene’ is a must
Both PHCERT and NADPOP have also called for tougher penalties on public and private sector officials or employees whose lack of “cyber hygiene” or outright negligence have left their organizations open to cyberattacks.
Meanwhile, Evelyn Del Monte, managing director at cyber incident response firm Blackpanda Philippines, said recent attacks on government digital networks highlighted critical security gaps and emphasized the need for more proactive measures.
“Strengthening cybersecurity and rebuilding citizens’ trust require a multi-faceted approach. Allocating additional funds to bolster the government’s cybersecurity defenses has become imperative. Rigorous risk assessments are essential for government agencies to ward off cyber threats,” she explained.
She also lauded the Department of Information and Communications Technology (DICT) for being transparent to the public about recent cyberattacks on government networks as well as the steps taken to address the breaches.
In February, the DICT reported that its personnel successfully blocked cyberattacks on its mailboxes as well as on several government offices including President Marcos’ official website and the Overseas Workers Welfare Administration’s (OWWA) website.
Also targeted in the synchronous digital assaults was the National Coast Watch Service, the little-known office that coordinates all concerned Philippine government agencies’ approach on maritime issues and maritime security operations.
DICT Undersecretary for Cybersecurity Jeffery Ian Dy traced the “brute force attacks” to malicious cyber actors operating from China, but avoided directly linking the foiled attempt to the Chinese government.
“In our investigation, we were able to trace the attacker’s command and control operating from within China,” he disclosed.
Dy later clarified that DICT trackers actually traced the origin of the attack to China United Network Communications Group or China Unicom, a Chinese state-owned telecommunications company.
The same Chinese group apparently tried to hack Philippine government networks again in March, this time targeting the Department of Environment and Natural Resources (DENR), Dy revealed during a House committee on information technology hearing last week.
He said the attack, which was launched by a China-based APT called “Deep Panda,” was thwarted again thanks to the DICT’s Secure Online Network Assessment and Response System or Project SONAR.
However, Dy told lawmakers that he was in no position to link the cyberattacks to the Philippines’ maritime row with China.