Senators alarmed gov’t helpless to counter cyberthreats
MANILA, Philippines — Senators on Monday raised “grave concern” over the government’s lack of measures to counter the cybersecurity threats confronting the country, especially with the prospective entry of a telecommunications company that is partly owned by China.
Sen. Grace Poe, chair of the Senate committee on public services, expressed dismay at the admission of officials from the Department of Information and Communications Technology (DICT), as well as the National Security Council (NSC), that the Philippines still did not have sufficient mechanisms in place to combat the raging cybersecurity warfare.
“This really is the problem. We’re talking about the franchise of Dito Telecommunications, and one of the issues being brought forth—and I think fairly—is how do we protect ourselves, knowing that a certain percentage of ownership is owned by a foreign national,” Poe said.
“How can the government assure us that they have given a fair assessment of our safety, of our sovereignty, if we don’t even have a proper cybersecurity group that does the assessment?” she added during the online hearing on the franchise applications of Dito Telecom and Instant Data Inc.
No actual mechanism
The senator was reacting sharply to statements from the DICT and the NSC headed by Secretary Hermogenes Esperon Jr. that supposedly indicated that no government entity was handling cybersecurity concerns.
“I know, Secretary Esperon, you’re drafting this and that, but when it comes to the actual mechanism in place, should we have a threat, there’s really no plan,” Poe said.
“So how can we say that we are safe when we do not have a mechanism to determine that we are safe or not?” she said.
Esperon clarified that the cybersecurity group of the Armed Forces of the Philippines was performing the function of assessing the prevailing threats of cyberattacks. “That’s why we need to fund the DICT so that they could have an operations center for lawful intercept,” he said.
Sen. Risa Hontiveros aired her concern over the presence of “state-sponsored” hacking in foreign countries, mainly China-based groups that are carrying out attacks on behalf of the Chinese government.
Code name: Naikon
She quoted reports that the China-based hacking group, code-named Naikon, had been “quietly carrying out a five-year cyberespionage campaign” against governments in the Asia-Pacific region, including Australia, Indonesia, the Philippines, Vietnam, Thailand, Myanmar and Brunei.
But just as Hontiveros asked Esperon if the NSC had monitored the activities of Naikon, the secretary said he did not hear her question because of connection problems. This prompted Poe to state in jest that the glitches could be part of “sabotage.”
“What is ironic is that [this happens] as they’re saying things that are important. Secretary, I think a message is being sent out,” said Poe, addressing Esperon.
Hontiveros reiterated her apprehension on the grant of a franchise to Dito Telecom, which is 40 percent owned by ChinaTel.
“ChinaTel is not a private corporation (but) a proxy of a Chinese regime intent on pushing its weight around and imposing its will upon the region,” she said.
Under Chinese law, a Chinese corporation is obliged to cooperate in intelligence-gathering efforts, Hontiveros said.
Beijing’s proxy
“By allowing a proxy of the Chinese government to set up networks in the country, as well as facilities in our military camps, it is reasonable to conclude that a state-sponsored hacking group can easily get one foot in our door,” the senator said.
Telecommunications engineer Pierre Galla of Demoracy.net.ph said the country had not yet established a “cyberdefense doctrine” to guide the AFP and the intelligence community in combating threats in the digital landscape, including those posed by state-sponsored hacking groups.
According to Galla, the DICT set up a Cybersecurity Management System Project to serve as a security operation center for the DICT, Office of the President, NSC, Presidential Communications Operations Office, National Intelligence Coordinating Agency, and the defense, finance, energy, foreign affairs and budget departments.
“But it seems that because of the lack of mention of this security operation center, maybe it’s not running. Maybe it is an expensive paperwork that we’ve thought of setting up,” he said.
Due to a number of “sensitive” issues on national security that resource persons declined to answer, the Senate committee agreed to hold a separate “executive session” but not online.
“For all we know, if we hold the executive session online, our lines will still be hacked,” said Sen. Juan Miguel Zubiri.
Poe called out executives of the second franchise applicant, Instant Data, whose president failed to go online for the hearing because of “connectivity issues.”
