THE Department of Information and Communications Technology (DICT) is preparing to develop a national cybersecurity plan for 2023 to 2028 to ensure the country is well-prepared to deal with increasingly complicated online threats, it announced on Monday.

“The National Cybersecurity Plan (NCSP) 2023-2028 [also] seeks to  … provide proper and lasting solutions” to cybersecurity threats, DICT Director Adrian Jude G. Echaus said at the launch of the National Cybersecurity Plan 2022 Assessment Survey.

At the same time, it will ensure that the country adheres to internationally accepted standards, protocols, and best practices, he added.

To jumpstart the development of the NCSP 2023-2028, the department launched on Monday its assessment survey for the NCSP 2022.

The goal is to “assess the status, accomplishments, challenges, and gaps of the NCSP 2022 implementation,” Mr. Echaus said.

He said the survey is also seen to encourage a participatory approach in the development of the NCSP 2023-2028, “as cybersecurity is a cross-cutting issue of national interest and is not only a whole-of-government approach, but a whole-of-nation-approach.”

For the new cybersecurity plan, which is targeted to be launched on May 30, 2023, the DICT hopes to formulate updated guidelines and schemes for both public and private sectors’ ICT systems or networks.

The Philippines placed third in worldwide ransomware spending in 2021, with local organizations paying an average of $1.6 million, doubling the country’s average of $820,000 in 2020, according to cybersecurity firm Sophos.

The NCSP 2022, which was launched in May 2017, was developed to “assure the continuous operation of our nation’s critical infostructures, public and military networks and implement cyber-resiliency measures to enhance our ability to respond to threats before, during and after attacks,” the DICT said on its website.

It is also meant to ensure effective coordination with law enforcement agencies and improve cybersecurity awareness.

The plan was updated in 2021 to strengthen the cybersecurity capabilities of both the government and private organizations. — Arjay L. Balinbin