MANILA, Philippines — A cybersecurity expert suggested that Malacañang issue executive orders to mandate government agencies and private companies handling large amounts of personal data to install measures that will boost their defense against hacking attacks.
Ace Acedillo, president of the Philippine Institute of Cybersecurity Professionals, said an executive order is a concrete step against a recent string of cyberhack attacks on the websites of several government agencies and private institutions.
“The low-hanging fruit here really is for the President to issue an executive order boosting the cybersecurity posture of at least those that can be covered by an EO – which (are) of course, our executive agencies,” Acedillo said in an interview with “The Chiefs” on One News last Saturday.
He noted that the President could also similarly order the private companies that deal with personal data as provided under the Public Service Act.
“Under the amended Public Service Act, the President can actually order critical (information) infrastructure (operators), most of which, by the way, I think 80 to 90 percent of critical (information) infrastructure are in the hands of the private sector,” Acedillo said.
He added that there are “working models” Malacañang can base the orders on, like those of the Bangko Sentral ng Pilipinas regulations on banks and financial institutions as well as the Government Commission for GOCCs on regulating government corporations.
Acedillo also said Malacañang could look into the proposed regulations of the Securities and Exchange Commission for publicly listed companies.
Meanwhile, House Deputy Majority Leader Erwin Tulfo underscored the need for a separate agency tasked solely to secure the digital portals of the entire bureaucracy, following the recent hacking attempts.
“We have seen how vulnerable and helpless our websites are. Hackers have penetrated the computer files of our government agencies,” Tulfo said. “While our offices have managed and fixed the cyber attacks after a few days, what we actually want is that such incidents should be prevented always, so that these hackers can no longer do harm to us. Our websites should be stable against such attempts.”
He added that this agency’s mandate should be surveillance and intelligence gathering, monitoring and quick damage control, retrieval of lost or stolen data and identification of hackers, cyber syndicates and terrorists.
Tulfo, who represents the ACT-CIS party-list in the House, pointed out that many countries, not only in advanced economies, are already establishing cyber security agencies because almost all transactions and communication around the world are now online or digital.
Following this, the cyber security office or agency should have the ability to safeguard and protect government digital files against attacks by all types of hackers, which should include cyber terrorists.
“Unfortunately, no digital file is safe anymore from these professional hackers nowadays, which is why we need someone to protect our nation from this new threat,” Tulfo said.
Makati City Rep. Luis Campos Jr. is pushing for the allocation of P3 billion in additional funding to build up the capabilities of the Cybercrime Investigation and Coordinating Center (CICC), which integrates the cybercrime-fighting divisions of the Department of Information and Communications Technology, National Bureau of Investigation, Philippine National Police and the Department of Justice.
“We must bolster the CICC with all the necessary cutting-edge technologies to swiftly produce actionable intelligence against all types of threat actors – from thrill seekers and hacktivists to cybercriminals and cyberterrorists,” Campos said.
The CICC has a budget of only P347.7 million in this year’s General Appropriations Law. In the 2024 National Expenditure Program, the center has only P320.8 million.
Frost & Sullivan, a San Antonio, Texas-based business consulting firm, noted that the Philippines could incur up to $3.5 billion (about P200 billion) in economic losses every year due to cybercrime.
Cybercrime costs include stolen money, data damage and destruction, lost productivity, personal and financial data theft, intellectual property theft, embezzlement, fraud, post-attack business disruption, forensic investigation, restoration and deletion of hacked data and systems. — Delon Porcalla