DICT launches Cybersecurity Management System Project for gov’t agencies

Gelo Gonzales
The project is a unified platform with which the DICT can assist government agencies with cybersecurity concerns

CYBERSECURITY PROJECT. George Barcelon, left, president of ICS, and Allan Cabanlong, DICT assistant secretary for cybersecurity at the launch of DICT's cybersecurity project. Photo by Gelo Gonzales/Rappler

MANILA, Philippines – The Department of Information and Communications Technology (DICT) on Wednesday, January 16, launched its Cybersecurity Management System Project, a unified platform on which the DICT and its cybersecurity partners from the private sector may be able to assist government agencies with cybersecurity threats, attacks, and other issues.

The project is described to be a “collaborative platform,” according to Allan Cabanlong, assistant secretary for cybersecurity and enabling technologies. With the project, the DICT seeks to be able to address immediate threats that government agencies potentially face.

As an example, he cites a ransomware attack. Cabanlong explained, “If we detect the threat of a ransomware attack, for instance, we will notify all 10 agencies [currently covered by the program] of the antidote for the attack.”

Along with threat detection, the project will also conduct information sharing among covered agencies. Currently, there are 10 government agencies being assisted during the first phase of the project. There are only 10 right now being serviced because of budget constraints, says Cabanlong. The department hopes to add more this year, targeting 40 agencies in the long run. Agencies are accepted into the program once they fulfill certain criteria such as their network and infrastructure capabilities, and once they undergo the DICT’s preparedness testing.

The 10 government agencies were identified as priority agencies and were able to comply with requirements set by the DICT. The 10 agencies are DICT, Office of the President, Department of Finance, Department of Energy, Department of Foreign Affairs, National Security Council, Department of Budget and Management, Presidential Communications Operations Office, National Intelligence Coordinating Agency, and Department of National Defense.

Once an agency is part of the project, an agency may request for additional information or data vital to their cybersecurity concerns, pending the approval of the National Privacy Commission. The information sharing aspect of the project will be open to other agencies beyond the initial 10.

The project is also set to be completed in 10 and a half months starting from the issuance of the Notice to Proceed (NTP) Tuesday, January 15.

Dark web monitoring

Apart from monitoring threats for government agencies, the project also includes the monitoring of the dark web – a part of the web known for being an online highway for contraband accessible through special software.

The project will be looking for illegal trades, and identifying emerging modus operandi and cybersecurity threats in the online criminal underground. Information harvested from the project may then be forwarded to other bodies including the Cybercrime Investigation and Coordinating Center, the INTERPOL, or other authorities.

Bidding process

There were 5 bidders for the project, with the bid officially beginning August 6, 2018. Of the 5 bidders, one didn’t arrive in time while another 3 were disqualified for not having met eligibility requirements such as tax clearance and mayor’s permits.

Only Integrated Computer Systems, Inc. (ICS) was able to satisfy the eligibility requirements and make a succesful bid.

“One did not arrive in time. So there were 4 bidders. It was opened on August 6…During the opening, 3 were disqualified because of documents. One is there’s no tax clearance. Second is there’s no mayor’s permit. And the other one has no…specification. If you open the field, it’s not about the technical first, it’s the eligibility first. You check the eligibility of the company if it can comply with the requirements of the government…[ICS] was the first one to qualify,” Cabanlong explained. 

There was no failure of bidding, Cabanlong said. “There’s no failure of bidding even if just 1 [qualified in the end]. That’s the rule, that’s the law. For example, nag-bid ka, ikaw lang nag-bid, walang iba, then i-rereview namin ‘yung eligibility mo. If you pass the eligibility, then ikaw na ‘yun. Ang tawag dun is single calculated bidder,” Cabanlong explained. 

ICS made the winning bid of P508 million, and satisfied the technical requirements of the project, thus winning itself the 3-year project contract.

There will be a secondary round of bidding for the 2nd phase of the project.

ICS, according to its president George Barcelon, has 40 years of experience in IT platforms, hardware, and connectivity.

ICS comes into the project with New York-based firm Verint, which is a firm selling both software and hardware for security, intelligence and surveillance. – Rappler.com

Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.