CYBERSECURITY needs to be a key priority of the Philippines if it intends to participate more meaningfully in, and benefit from, the fast-growing global digital economy. This is the main recommendation of the Cybersecurity in the Philippines: Global Context and Local Challenges, a report by Secure Connections and an initiative of The Asia Foundation, which was officially released just this month.
The findings of the 215-paged report are very important to our ongoing quest for digital transformation in the Philippines. Hence, for this week, my column will share the major recommendations of the said report for improving cybersecurity in the Philippines.
The report says the country must ensure that data is secured and protected at all times. This entails investing in people, technology, and processes. The Philippines needs to create a responsive institutional arrangement for cybersecurity. Effective cybersecurity governance means that each government agency manages and protects its information security and recognizes that, like digitalization, cybersecurity should be part and parcel of its responsibility. It is important that cybersecurity initiatives be considered a priority of the top management of government agencies, especially those that operate critical infrastructure. Support for cybersecurity can be in the form of adherence to internationally accepted cybersecurity standards and issuance of organizational policy and protocol to protect information security. Cybersecurity programs must also be given the necessary budget to purchase technology solutions and, more importantly, to continuously train people and build the capacity of the institution to identify, respond, and prevent cyber incidents.
The report recommends that the Department of Information and Communications Technology (DICT), together with the National Cybersecurity Interagency Committee, lead in developing the cybersecurity posture of the country through the crafting of a national cybersecurity framework and strategy. The ICT department will assess the appropriateness and prescribe relevant information security standards, provide technical support and expertise, help build the capacity of various agencies, and promote a whole-of-government approach to protecting and promoting information security. The same standards must apply to members of the private sector that work with the government.
The report states that a country’s cybersecurity posture can have a huge impact on its national security, economy, access to technology and innovation, and foreign policy. Cyber capability and readiness to identify and respond to incidents are crucial to protecting and sustaining the delivery of essential services to people. Cybersecurity policies and strategies can determine the entry of foreign investment and the participation of citizens in the global digital economy.
Here is the summary of recommendations cited in the report to address the cybersecurity knowledge, policy, and skills gaps to improve the Philippines’ cybersecurity posture.
To address the knowledge gap, the Philippines must create greater awareness of the global and local cybersecurity context and a better appreciation of the threat landscape; generate and analyze local data on cybersecurity practices and incidents on a sectoral level to identify security gaps, inform decisions and policy, and provide appropriate solutions; and nurture an environment of cooperation and information sharing among the local and international cybersecurity communities because one’s incident can be another’s lesson.
To address the policy gap, we must adopt policy enforcing minimum information security standards to protect critical information infrastructure and the ICT systems of public institutions.
To address the skills gap, the country must develop a cybersecurity culture by raising awareness, supporting training and capacity building for cybersecurity talent, and instilling cybersecurity as a way of life through educational institutions.
We have many laws that affect cybersecurity, mostly targeting cybercrimes, namely, RA 7925 or the Public Telecommunications Policy Act of 1995, RA 9239 or the Optical Media Act of 2003, RA 9775 or the Anti–Child Pornography Act of 2009, RA 9262 or the Anti-Violence Against Women and Their Children Act of 2004, RA 10173 or the Data Privacy Act of 2012, and RA 10175 or the Cybercrime Prevention Act of 2012. These laws alongside a clear policy of protecting and promoting cybersecurity are needed for the Philippines to reach its full digital potential.