DICT launches PH 5-year nat'l cybersecurity plan

LOCKED IN. The NCSP hopes to lift the country's cybersecurity capabilities to global standards. The DICT eyes learning from the established programs of other nations to speed up the country's improvement of its cyber defenses. Illustration by Alyssa Arizabal/Rappler

LOCKED IN. The NCSP hopes to lift the country's cybersecurity capabilities to global standards. The DICT eyes learning from the established programs of other nations to speed up the country's improvement of its cyber defenses.

Illustration by Alyssa Arizabal/Rappler

MANILA, Philippines – Protecting Filipinos, particularly users of the internet, just got more serious.

On Tuesday, May 2, the Department of Information and Communications (DICT) formally launched the government's National Cybersecurity Plan 2022 designed to protect internet users from harm.

The DICT crafted the NSCP 2022 in recognition of the "urgency" of protecting every single user of the internet among Filipinos, the Philippines' critical information infrastructure (CII), government networks, small and medium enterprises (SMEs), and also big businesses and corporations.

DICT Secretary Rodolfo A. Salalima led the unveiling of the plan, put to paper on a 54-page booklet distributed to stakeholders and members of the media during the event launch at a hotel in Eastwood City, Libis, Quezon City.

NCSP BOOKLET. The DICT handed out booklets detailing the agency's 5-year cybersecurity plan. Photo by Gelo Gonzales/Rappler

NCSP BOOKLET. The DICT handed out booklets detailing the agency's 5-year cybersecurity plan.

Photo by Gelo Gonzales/Rappler

It's also available online on the DICT website. Click here to read it. 

A work in progress

The plan, which the DICT emphasizes "is still a work in progress," maps the cyber threat landscape, envisions strategic solutions, identifies key areas to address, and promotes a whole-of-society approach to the problem. In a message for the unveiling event, President Duterte cited the DICT's "crucial role in the government's effort to address the challenges brought about by global inter-connectivity."

The president lauded the DICT for coming up with the cybersecurity plan that "aims to deal with these challenges and improve our people's confidence in the ICT sector."

It is the intention of the NSCP 2022 to shape the policy of the government on cybersecurity and the crafting of guidelines that will be cascaded to all levels of a government. DICT says the plan is crucial in fulfilling the agency's mandate to ensure "the rights of individuals to privacy and confidentiality of personal information," and their abilitiy to provide guidance to agencies governing and regulating the ICT sector.

Consumer protection and welfare, data privacy and security, the fostering of healthy competition in the sector, and the growth of the ICT sector are some of the other key pillars of the plan. 

The DICT, created only recently through Republic Act No. 10844, commits to hitting the ground running in implementing the plan. And to jumpstart the plan's implementation, the DICT signed a Memorandum of Understanding (MOU) with the International Council of Electronics Commerce Consultants (EC Council), the world's largest cybersecurity technical certification body.

MOU SIGNING. The DICT and EC-Council signs an agreement which has the latter providing cybersecurity training to the Philippines. Photo by Gelo Gonzales/Rappler

MOU SIGNING. The DICT and EC-Council signs an agreement which has the latter providing cybersecurity training to the Philippines.

Photo by Gelo Gonzales/Rappler

Building slowly

The DICT acknowledged that the state of the country's cybersecurity is still in its infancy, notwithstanding the fact that various government agencies already put in place related initiatives.

"We need to be ready for the disruptive nature that technology brings. This is amplified further by the threats of cyberattacks and disruptive systems (mechanical or human errors), whether accidental or deliberate," the DICT emphasized in the NSCP 2022.

In discussing the cyber threat landscape inundating the world and the Philippines, the NSCP 2022 named the sources of the threats, such as cyber criminals, cyber-enabled crimes, cyber-dependent crimes hacktivists, script kiddies, terrorists, non-state and state-sponsored threats, and insiders.

Also a component of the plan is the vision of achieving the state of having a "trusted and resilient infostructure." 

To accomplish the said state, the DICT identified four mission objectives: to systematically and methodically harden the CII for resiliency; to prepare and secure government infostructure; to raise awareness in the business sector on cyber risks and use of security measures among businesses to prevent and protect, respond and recover from attacks; and to raise awareness of individuals on cyber risks among users as they are the weakest links, they need to adopt the right norms in cybersecurity.

MAN IN THE MIDDLE. Salalima believes that when a government is able to 'cybersecure' its constituents, they are able to write, talk and communicate more freely. Photo by Gelo Gonzales/Rappler

MAN IN THE MIDDLE. Salalima believes that when a government is able to 'cybersecure' its constituents, they are able to write, talk and communicate more freely.

Photo by Gelo Gonzales/Rappler

On the other hand, the NSCP 2022's strategic initiatives will cover strategic programs in the improvement of security resiliency of the CII and government, public, and military networks to deal with sophisticated attacks; intensifying efforts in fostering the adoption of cybersecurity measures among individuals and businesses; and increasing the pool of cybersecurity experts.

Collaborative gameplan

Meanwhile, accomplishing the objectives of the NSCP 2022 also requires the participation of what the DICT described as "the stakeholders and key players" –individuals, business and organizations, and government – as it said their respective roles and responsibilities must be defined, making clear that collaboration is vital as the “government cannot take on the challenges and threats from cyberspace by itself.”

The DICT repeatedly hammered on the need for collaboration in its NCSP booklet:

"We need to work as one in order to combat challenges that are posed by the dynamic and fluid changes that occur in cyberspace as technology evolves and inter-connectivity cuts across all levels of government and society."

National Privacy Commission (NPC) Chairman Raymund Liboro, who was present at the event, cited the importance of government agencies and private organizations being on the same page in the cybersecurity front.

"Simply put, everybody should be on the same page when it comes to realizing [measures in addressing] cyber threats, because cybersecurity is not only an all-government affair but all of the nation's concern with government leading the way," said Liboro.

The NPC head added that being on the same page augurs well for the protection of the country's citizenry, territory, assets, and critical infrastructure.

Paul Albert F. Sy Santos, general manager for Ascend Business System, Accent Micro Technologies Incorporated (AMTI), said the private sector stands ready to collaborate with government, underscoring the importance of the NCSP 2022. AMTI is an IT infrastructure solutions provider in the Philippines. 

"Actually, cybersecurity is an issue and a matter of concern that not only has to be addressed by the government but also by the private sector," he said.

Pointing out that threats in the internet come from both local and foreign origins, Santos assured that AMTI is ready "to play its role, not just about business but also about trying to contribute to a certain extent in line with the government's vision and plan to secure the Philippines from such threats."

He said collaboration will not only come from businesses but also from private organizations. – Rappler.com

Edd K. Usman is a veteran journalist who has covered the DOST, PCSO, TESDA, Muslim Affairs and the police beat. For a long time, he worked as a senior reporter for Manila Bulletin before becoming a freelance writer.