Gov’t agencies urged to comply with cloud first policy
THE Department of Information and Communications Technology (DICT) last week urged government agencies to adopt the revamped cloud first policy amid a surge in cyberattacks.
“Considering the breadth of government data, proper classification schemes are essential to mitigate risks associated with unauthorized access or exposure, while cloud services offer flexibility, security, and cost efficiency,” DICT Undersecretary for Infostructure Management, Cybersecurity, and Upskilling Jeffrey Ian C. Dy said in his video presentation in the 2nd Philippine CTO Summit event on May 9.
The cloud first policy mandates state agencies to prioritize cloud computing solutions in their processes.
Due to a surge in cybercrime, the policy first issued in 2017 was amended to expand its coverage to government-owned and -controlled corporations, state universities, colleges, and local government units.
Mr. Dy said policy amendments also included data classification, security needs, and operability “to emphasize required adherence to Philippine law policies and standards, data management and cloud compliance.”
However, DICT Deputy Director of Cybersecurity Bureau Rodil M. Aniban said the cloud first policy will not guarantee protection from cyberattacks as most are due to phishing and the wrong use of USB disks and laptops.
“The entities’ cybersecurity defense relies as well on the help of cloud service provider so the solution center, security solutions in place and principal brand,” Mr. Aniban said.
This also relates to the recently issued National Cybersecurity Plan, he said, noting that one of the action items in the plan concerns the issuance of the minimum standards in collaboration with technology services providers.
In a congressional hearing on April 30, the DICT reported 282 cyberattacks against government organizations between January and March 2024, adding that 90% of these were resolved.
According to Mr. Dy, 811 early-stage hacking attempts were detected and neutralized by the agency’s National Security Operations Center as of April. This translates to over 74% of total hacking attempts.
The DICT’s Project Security Operations and Network Analysis Research also scanned over 2,000 online assets, exposing 30,682 vulnerabilities. — Aubrey Rose A. Inosante