The government for the first time extensively outlined its strategy to implement a countrywide cybersecurity system to protect key state functions and private companies from possible electronic threats.
Tim Diaz De Rivera, director general of the National Computer Center (NCC), discussed the details of the government’s cybersecurity plans last week during a presentation in a seminar hosted by Computer Associates for government technology workers.
Rivera said the current cybersecurity policies in place largely call for voluntary implementation. Implementing these cybersecurity policies and measures is entirely dependent on the individual policies of companies in an industry and on the guidelines given out by the appropriate regulating agency or body for that industry, he explained.
At present, the government is working on several key activities in an effort to come up with a more integrated approach to cybersecurity, said Rivera.
The first of these key initiatives was the creation of the Task Force on Security of Critical Infrastructure (TFSCI) and the Cyber Security Working Group (CySWG). Rivera, who also serves as the head of the TFSCI-CySWG, said there are 11 critical sectors that have already been identified for the cybersecurity program.
The task now of the two groups is to prepare the National Strategy for the Protection of Critical Cyber Infrastructure and the TFSCI-CySWG Implementation Master Plan. So far, there are six critical cybersecurity priority programs that have been identified.
The 11 critical sectors for cybersecurity include energy, water supply, information and communication, transportation, banking and finance, public health, emergency services, agriculture and food, manufacturing, government services, and commercial centres.
To jumpstart the country’s bid to implement a unified and effective cybersecurity system, six priority initiatives are being planned.
The first priority program seeks to establish a favourable cybersecurity legal regime. Part of this initiative is to make cybersecurity a priority for everyone and to enact a Computer Crime Law. This program also seeks a wider adoption of a Philippine National Standard on Security for government and private sectors. Under this priority plan, the government will establish bilateral and multilateral international cyberspace treaties and adopt regulations to provide funds for the implementation of cybersecurity programs in government agencies.
The second priority program seeks to reduce the vulnerability of the country’s cyber infrastructure security. This will entail a risk and vulnerability assessment plan to identify highly vulnerable areas. The government will also enforce strict compliance with a threat or risk reduction program for all identified priority areas.
Next on the government’s priority list is the awareness campaign program for both government and private companies. The private sector will be encouraged to provide support for a coordinated and recognized professional cybersecurity certification program and help train a corps of young computer scientists who will have expertise on cybersecurity.
Rivera said the creation of a government computer security Incident Response Team Coordinating Center would also be a priority. This response network will have centres on the national, regional and sectoral levels. The implementation of a National Alert and Warning System and the establishment of mutual assistance programs for cybersecurity emergencies are likewise being considered.
The government is looking to provide a number of security training programs, including a specialized training course on technical investigations and information warfare, which will be given a specific budget.
To encourage research in cybersecurity, the government is mulling giving tax credits and having the Department of Science and Technology (DOST) lead the search and capability-building and research in cybersecurity.
Rivera said the last priority program involves the establishment of a mechanism for national and international coordination, which will include the creation of an intelligence fusion centre for the national security community.