Security in cyberspace should be every Filipino?s concern. This is what chairman Virgilio Peña of the Commission on Information and Communications Technology (CICT) stressed in his keynote speech at the recently held fourth Philippine Information Technology (IT) Security Conference.
The government is doing its best to provide the infrastructure and the necessary laws and policies to ensure national cybersecurity, said Peña, but it should be every individual and organization?s concern to protect their own internal use of technology. ?National cybersecurity should be a joint effort between the government and the private sector,? the CICT chairman said.
The government, since 2002, has been participating in various international summits and fora on how to increase awareness about Internet security and creating a ?global culture of cybersecurity,? which was the resolution adopted in a United Nations Plenary meeting in 2002. In as much as cybersecurity concerns business organizations and individual PC and Internet users, action to address these issues should not be taken singularly by one country or a group of countries as this should be a global initiative, said Peña.
To address cybersecurity, said Peña, there are three things which a country should have: substantive laws in place that will criminalize cyber attacks; procedural laws to grant enforcement officials the necessary authority to investigate and prosecute technology-facilitated offenses; and laws and policies that will allow for international cooperation in fighting against computer-related crimes. ?So much more needs to be done as far as cross-country cooperation is concerned,? he said.
In as far as the Philippines is concerned, what we have in the legal system under the National cybersecurity Plan are: the Public Telecommunications Policy Act governing the development and delivery of public telecommunication service; the Access Devices Regulation Act which requires registration of some devices and allows for criminalization of the use of certain devices; the E-commerce Act; the cybersecurity Bill, which will cover most criminal activities not covered by the e-commerce act and which is still currently being worked on.
What is needed is a cybersecurity-conscious society, said Peña, adding that one other challenge that the country faces is effective law enforcement and the administration of justice with regard security. It is actually difficult to pinpoint a specific agency responsible for cybersecurity, he said, the CICT therefore currently works with the IT arm of the Philippine National Police (PNP) and the National Bureau of Investigation (NBI) in addressing cybercrime.
However, even the government is unsafe from cybersecurity threats like hacking, this is what Ken Low, Asia Pacific Senior Manager for Security at security solutions company 3Com Corporation, said in a separate press briefing during the IT Security Conference. Data collected by Low from publicly available sources in the Internet and PNP records both show that some government websites have in fact, for the past few years, been hacked several times, including military websites.
Among the government websites victimized by hackers were those of the Department of Labor and Employment, Department of Social Welfare and Development, and the Department of Public Works and Highways. Although commercial websites still rank first in Web Server Intrusions data from 1999-2005, government websites fall in second place- where some websites were even hacked more than once. Although common, multiple hacks, said Low, are indicative of these agencies? lack of security action especially considering that, in some cases, the next hacking incident in that same website takes place a year or several months after the previous hacking, leaving them enough time to respond.
Although some government websites got as much as 11 attacks in a year, the Philippines does not have the worst record, said Low, as a website in Indonesia has been hacked 430 times in a day. ?We are not glorifying hacking here but this is to say that there are problems,? said Low, ?It?s not good enough to catch hackers, you should protect yourself.? 3Com is currently in a road show throughout Singapore, Indonesia, the Philippines, Malaysia, and Taiwan, advocating proactive rather than reactive security and pushing Tipping Point?s Intrusion Prevention System (IPS) as the best way to keep systems from being attacked, instead of settling for firewalls, antivirus software, or Intrusion Detection System (IDS).
Underlining the value of proactive security, Peña added that there is no better time to focus on the threats now, when the risks are not that grave yet. The government is doing its best to lay down national cybersecurity laws and policies, he said, but no matter how many laws there are, technology will always catch up. ?We cannot expect the legal system to catch up with the IT industry in terms of crimes,? said the chairman, because every new law on crimes will produce new crimes. ?Everybody has to be conscientious about security,? he said, adding that cybersecurity is no different and no less important than protecting one?s privacy and home.
Organized by the Information Systems Security Society of the Philippines (ISSSP), the annual security conference has ?Privacy at Risk? for this year?s theme, highlighting the extensive security issues and threats today concerning not only organizations and enterprises but individual home personal computer (PC) and Internet users as well.