The Department of Information and Communications Technology (DICT) is drawing up a new five-year national cybersecurity plan with the participation of all stakeholders in various sectors through a series of consultations.
The DICT has kicked off its initial consultation with the energy sector during a virtual meeting on the National Cybersecurity Plan (NCSP) for 2023-2028 held on Jan. 25, 2023.
DICT Cybersecurity Bureau director Maria Victoria Castro said the new NCSP is expected to promote the formulation of updated cybersecurity guidelines for ICT systems or networks, and the adoption of internationally-recognized policies and frameworks in order to improve the country’s response to cybersecurity risks and attacks.
Castro said among the strategies for the new NCSP are the development of legislation and policies enabling cyber resilience, the enactment of the Critical Information Infrastructure (CII) Protection Act, legislation of plantilla positions and salary standardization for cybersecurity personnel in government, reforming of the procurement policy for IT and cybersecurity projects, and incorporation of cyber practices in the information systems security policy for government.
Another cybersecurity strategy, according to Castro, is the advancement of the technical capabilities of national and sector-specific cybersecurity agencies by bolstering the country’s computer emergency response teams’ (CERT) capacities and strengthening the National Cyber Drill program.
Also expected to elevate the technical capabilities of these agencies are implementing cyber risk and vulnerability assessment and penetration testing programs, partnering with other countries’ CERTS to improve cyber intelligence sharing capabilities, and adopting a national framework for cybersecurity standards.
The third NCSP strategy entails the development of the country’s workforce through the expansion of the cybersecurity awareness program, implementation of cyber education in the educational system, inclusion of incentives for cybersecurity investments in the Investment Priority Plan (IPP) and raising of the number of certified cybersecurity professionals.
An additional strategy is the enhancement of cybersecurity cooperation with stakeholders and local and international partners.
“This will involve the forging of partnerships with other countries through bilateral, multilateral and regional cooperation to include the sharing of best practices in cybersecurity capacity-building and information sharing,” said Castro.
Castro also cited the importance of monitoring of critical information infrastructures (CIIs) to ensure they are complying with the standards set by the DICT.
She said the goal is to push CIIs to adopt Philippine national standards, ISO/IEC 27000 Family of Standards, and other relevant international standards, conduct regular risk and vulnerability assessments, and create a computer emergency response team, among other cybersecurity fortification activities.
Thelma Villamorel of the DICT’s Cybersecurity Bureau, said the cybersecurity plan seeks to strengthen the country’s capability to address the increasing complexity of cybersecurity threats and improve its adherence to international standards, protocols, and best practices.
NCSP 2023-2028 is scheduled to be launched on May 30,2023 following an assessment survey from December 2022 to March 2023 on the implementation of the previous plan, pocket consultations from January 25 till March 22, the first multi-stakeholders’ consultation in mid-April, and the final multi-stakeholders’ consultation in early May.
