PH draws up 5-year cybersecurity plan
MANILA, Philippines — A five-year national cybersecurity plan that lays out the government’s overall strategy in fighting in a new battleground where the Philippines could be at par with potential foreign adversaries is awaiting approval by President Ferdinand Marcos Jr.
The strategy will cover the protection of targets vulnerable to cyberattacks that could cripple the economy and national security even before the first enemy missile is fired at the Philippines, according to Information and Communications Technology Secretary Ivan John Uy during a forum on governance and security last week.
The “National Cybersecurity Plan (2023-2028)” was recently presented to the Cabinet, he said.
“It actually identifies the areas where the critical infrastructures that need to be secured and what particular aggrupation of agencies that will be addressing that on the civilian side and on the military side, and then how all of us will work together to coordinate all efforts in defending our country,” Uy said during Wednesday’s forum.
“As most of us have seen today, in warfare, the first attack is not done with a bullet or a missile,” he said. “When you launch a cyberattack and you shut down the entire financial system of a country, the damage of the impact is many, many times bigger.”
“That is where we’re looking — how we need to put importance in securing our cyberspace,” he added.
Speaking at the same forum, Armed Forces of the Philippines chief of Staff Gen. Romeo Brawner Jr. said the military also had plans to develop its cyberwarfare capabilities.
“This is one capability where we could excel in the Armed Forces of the Philippines and we could be at par with even the modern countries,” he said.
When he took over the helm of the AFP on July 21, Brawner said cyberspace was “a great equalizer.”
“Whether you are a big nation or a small nation — you can fight in that cyberdomain. There’s no need for large equipment in order to fight in the cyber domain. I believe we have great potential here in the Philippines,” he told reporters.
The AFP chief recalled that the “I Love You” virus—a worm that infected millions of computers worldwide in 2000, resulting in billions of dollars in damage—was created by a Filipino. “So we are not lacking in potential and in talent when it comes to cybersecurity,” he said.
The US cybersecurity company, Insikt Group, reported in 2021 that the AFP, particularly the Philippine Navy, the Department of Foreign Affairs, and the Presidential Management Staff, were allegedly being persistently targeted by Chinese state-sponsored hackers.
It said that China had a “strategic and tactical interest” in Southeast Asian government and private sector organizations.
Mark Manantan, director of cybersecurity and critical technologies at the Hawaii-based think tank Pacific Forum, said the Philippines remains a target of Chinese state-backed hacking groups.
“Most operations are linked to espionage to gather geopolitical intelligence on issues relating to South China Sea, but increasingly so with heightened attention to potential contingencies in Taiwan,” he told the Inquirer.
Cyberespionage, he said, is “an effective tool in gathering geopolitical intelligence, providing countries a forward advantage in negotiating with other nation states or in the event of war, a preemptive strategy to disable an adversary’s critical national infrastructure.”
The Philippines and China have a decadeslong maritime dispute in the South China Sea.
Beijing has ignored a 2016 arbitral ruling that invalidated China’s sweeping claims to most of the critical waterway and upheld Philippine sovereignty over its 370-kilometer exclusive economic zone, which includes the West Philippine Sea.
China has sent hundreds of its maritime militia vessels to swarm parts of Philippine waters in a move that the Philippine military and Coast Guard see as a way of eventually controlling and occupying these areas, which include the resource-rich Recto (Reed) Bank close to Palawan.
The military has been training with countries like the United States to protect its cyberdomain. Cyberdefense is now a new component of this year’s “Balikatan” — the largest of the military exercises between the two allies — to strengthen the country’s cybersecurity posture.
Canada, Australia, and Japan have also sought closer cooperation with the Philippines on cybersecurity.
The “National Cybersecurity Plan” was first released in 2017, one year after the creation of the Department of Information and Communications Technology, which was carved out of the former Department of Transportation and Communications.
In addition to protecting the country’s critical infrastructures, government and military networks, the plan also covered businesses and their supply chains, and every Filipino using the internet.
Its goals include ensuring the continuous operation of crucial infrastructures and public and military networks, enhancing the Philippines’ ability to respond to cyberthreats, coordinating with law enforcement, and creating a cybersecurity-educated society.
Cyberdefense exercises simulating responses to cyberattacks were part of the 12-day military exercise held in November 2022 to test readiness and interoperability among the Army, the Air Force, and the Navy.