THE Department of Information and Communications Technology (DICT) said that the government is ready to deal with any fallout from attacks on the country’s information technology infrastructure, though it acknowledged that attacks on the system are inevitable.
At a briefing of the CyberSecurity Summit 2017 yesterday, an event organized by the DICT in partnership with cyber security provider AO Kaspersky Lab, DICT Assistant Secretary Allan S. Cabanlong told reporters that the government is prepared to minimize the damage resulting from cyber attacks.
“Our goal is to (minimize damage),” Mr. Cabanlong said.
DICT Secretary Rodolfo A. Salalima also said at the news press conference, “We simply cannot prevent cyber attacks… We anticipate these possible cyber attacks with the view of mitigating their adverse effects on people, business, government.”
Mr. Salalima also said that in the past year, the department has helped minimize the impact of attacks on the system.
Mr. Salalima said that the DICT also aims to “protect consumers in regard to their cyber security rights.”
Mr. Cabanlong noted that the Philippines is in good standing globally in terms of Global Cybersecurity Index rankings, placing 37th out of 165 countries for 2017.
Mr. Cabanlong said that the DICT will be releasing three Memoranda Circular as part of its implementation of the National CyberSecurity Plan 2022, each providing for cyber security measures for critical infrastructure, government, and individuals.
The cyber security measures include requiring Certificates of CyberSecurity Compliance and Seal of CyberSecurity. The DICT will also study holding national cyber drills once a year.
Mr. Cabanlong said that the free public WiFi access law recently signed by President Rodrigo R. Duterte comes with proper security measures.
He said free public WiFi access is designed to provide access to “people in the countryside,” as well as to commuters in urban areas such as Metro Manila to check e-mail and have access to important communications during their commutes. The system is not designed for long periods of use.
Vitaly Kamluk, director of Global Research and Analysis Team at Kaspersky Lab Asia-Pacific, said that the Philippines was the 8th most-attacked country in terms of mobile malware in 2016. Also, more than three out of 10 (34.97%) Filipinos with smartphones experienced mobile malware infections last year.
“[This is due to the] popularity of Android in the Philippines,” Mr. Kamluk said.
He added that the Android operating system has certain vulnerabilities to malware, particularly in connection with the update cycle.
Mr. Kamluk also said that four Advanced Persistent Threats (APTs) targeting organizations in the Philippines occurred in the past 12 months. An APT is a type of attack involving organized and sophisticated hacking into the networks of target organizations, such as government institutions and companies, or individuals.
He also said that these four APTs contained “traces of Chinese cultural references,” but it was not possible to determine which Chinese-speaking country the hackers are from, and whether these were state-sponsored.
Mr. Kamluk however held a positive view of the overall cyber threat management in the Philippines, given vulnerabilities arising from increasing connectivity.
“The Philippines is on the right track [in terms of cyber security],” Mr. Kamluk said.
Stephan Neumeier, managing director of Kaspersky Lab Asia-Pacific, said that developing countries are more prone to malware infection because of the preference of the populations for mobile phones instead of personal computers: “Mobiles are getting used more and more by emerging markets and younger populations.”
Mr. Neumeier said that it is vital to educate people on proper cyber security practices.
“Governments understand that it cannot work without cooperation between countries… and between institutions,” Mr. Neumeier said.
“This is what the criminals are already doing,” Mr. Neumeier added, referring to sharing of information and data.
Mr. Kamluk added that promoting cyber security among young talent in the cyber/information technology sector, such as education on best practices and ethical standards, is the way forward: “This will be your best defense against cyber terrorism in the future.”
Mr. Cabanlong said the DICT and Kaspersky Lab have an “informal partnership” aimed “to raise awareness.” — Patrizia Paola C. Marcelo
