The Philippines urgently needs DICT to protect it in cyberspace

The Philippines faces unrelenting cybercrime attacks and is confronted with an increasing spate of cyberattacks, mostly from external sources.

Consider a few recent cybercrime incidents. For the second time since 2012, hacktivists decided to “commemorate” the Philippines’ Independence Day by defacing websites of the Philippine government. Last Independence Day, hacktivists calling themselves the “Global Security Hackers” rewrote the website of the National Historical Commission of the Philippines (NHCP) and posted a scathing message taking President Aquino to task for his alleged failures. They ended their online tirade with the warning, “Security Can’t Stop Our Curiosity.”

Before this, or on June 12, 2012, hacktivists under the alias “PrivateX” defaced seven government websites to protest some provisions in the Cybercrime Prevention Law or Republic Act No. 10175. And today there’s the continuing – if little known – cyberwar being waged by China against the Philippines, which is one of only two ASEAN member-states defying China’s claim to own practically the entire West Philippine Sea.

The government’s response to attacks by a Chinese government hacker group named Naikon that had stolen secret data from supposedly secure agencies such as the Office of the President, the National Security Council and the National Intelligence Coordinating Agency for many years was to organize an ad hoc group consisting of personnel from the Department of Science and Technology to bolster cybersecurity in government websites.

This continuing wave of cyberattacks casts a harsh light on the apparent incapacity of lone government agencies working by themselves to counter website defacements and other more serious cyberattacks despite these attacks having occurred before. As can be seen in the example above about Chinese hackers, the information technology units of government agencies only seem to come together after a cyber crisis.

If this were a war (some would argue there’s an ongoing cyberwar), what the government urgently needs is a general staff to command and control the disparate cyber campaigns being waged by lone government agencies so the total war effort becomes more efficient and vastly more effective.

This general staff for IT matters exists – but only on paper for the time being. It’s called the Department of Information and Communications Technology or DICT.

The only reason DICT hasn’t been organized is the government sees it as an “unnecessary bureaucracy” and a waste of money. That was the view held in 2004 when the bill creating the DICT first came before Congress. The government’s reasons for holding back on establishing the DICT are no longer valid, however.

In the meantime, the cyberworld has changed and is now a more dangerous place than before, especially for the defenseless.

It’s time for the government to shed off its past history of indifference towards the DICT and fully support the new DICT bills in both Houses of Congress to create the DICT.

DICT is expected to be a huge boost for data privacy since one of DICT’s units, the National Privacy Commission, will implement the provisions of the Data Privacy Act of 2012 (Republic Act No. 10173) that protect data privacy. RA 10173 became law on September 8, 2012 but its Implementing Rules and Regulations (IRR) haven’t been issued to this day. Only the new commission can implement the law’s IRR.

The mounting dangers faced by Philippine business and government in cyberspace reveal the utter need for a single government agency – the DICT – to take command and control and to unify the government’s fractured cyber security operations.

Support for the DICT remains strong in the private sector. Eleven Filipino and foreign chambers of commerce (including the European Chamber of Commerce of the Philippines) earlier this year urged Congress to pass the bills creating the DICT and raising the priority of IT in government.

It’s not yet too late for the government to change course and throw its weight behind establishing the DICT. Government will find a willing partner in business when it chooses to do so. DICT will both be the shield and sword protecting government operations in cyberspace from criminal attacks.

Both the government and the private sector need this protection now.

schumacher@eccp.com

 

 

Show comments