THE country’s cyberspace is one of the most vulnerable among similar domains in Asia, and cybersecurity experts point to a flawed law.
Any cybersecurity expert from and outside the country can tell, Angel Redoble told the Businessmirror in an interview the day Kaspersky Zao Lab Inc. issued an alert on hackers targeting luxury hotels’ Wireless-Fidelity networks.
According to Redoble, chairman of the National Advisory Council of the Philippine National Police (PNP) Anti-Cybercrime Group, the country’s cybersecurity policy reflects the strength or weakness of its cyberspace.
Unfortunately, the reactive nature of the Cybercrime Prevention Act of 2012 (Republic Act 10175) bares the country’s glaring vulnerability, he explained.
The law does not mandate basic industries to take necessary safeguards, Redoble said on August 11.
It is intended for crimes committed with the aid of technology, which we call cybercrimes. Redoble noted that some states fund hackers who conduct cyberespionage and data theft.
In 20013 the dispute over the West Philippine Sea has compromised the Department of Foreign Affairs by attacks allegedly coming from China, Redoble said. The stolen information included the government’s position letter. State-sponsored hackers and cyberterrorists are the major threats to cybersecurity, according to him. They have the capacity to inflict damage on basic industries, like power, energy, finance and telecommunications, he added. In April Kaspersky confirmed cyberattacks on Philippine government agencies.
Naikon has been very active for years in Southeast Asia, Kaspersky Lab executive Vicente Diaz told reporters in that forum.
The group was detected attacking the Philippines, Indonesia, Malaysia, Singapore and other Asian countries to steal data from the office of the president, armed forces, intelligence agency and national police, according to Diaz.
Angel Averia, president of nonprofit group Philippine Computer Emergency Response Team, agreed with Redoble on the vulnerability of the country’s cyberspace.
In response to questions sent via electronic mail, Averia said the Philippines has no cohesive cyberspace environment since its information infrastructures are not connected into a common national infrastructure.
If hacktivists will attack our government web sites, they will have to go through each web site to deface the main pages.
Only one institution will feel the impact of a distributed denial of service (Ddos) attack, unlike in Estonia, for example, where all the services are connected to the national infrastructure, Averia explained.
If a Ddos attack is launched against Estonia, it would cripple the whole national infrastructure.
RA 10175 requires the Department of Science and Technology to develop an information-security plan, Averia said.
But that was a late insertion into the law. What we need is a law that will ensure our information infrastructure is secured and will continue to be.
Meanwhile, the office of Sen. Juan Edgardo Angara, in response to the call of Redoble and other cybersecurity experts, said in an August 13 letter to the BusinessMirror that we have taken notes for consideration in our future legislative proposals.
Likewise, the Philippine government organized last month the Committee on Anti-Cybercrime of the National Law Enforcement Coordinating Committee (Nalecc) headed by the Department of Justice (DOJ).
The Nalecc is the coordinating body for law-enforcement agencies to proactively implement crime-fighting mechanisms, according to a DOJ statement. The Committee on Anti-Cybercrime is expected to tackle cybercrime trends and incidents such as online child abuse, sextortion, online gambling, automated teller machine and credit-card fraud, identity theft, online selling of counterfeit medicines, and online fraud, the DOJ statement said.