The Senate has revealed that it was able to ward off the hacking attempt on its website but the House of Representatives (HOR) was not as successful as its website went offline anew after being attacked again.
Renato Bantug Jr., secretary of the Senate, showed a report detailing the spike in cyberattacks on the Senate website just an hour after the reported hacking of the HOR website last Sunday.
Speaking to reporters Tuesday, October 17, Bantug said the Senate immediately beefed up its cybersecurity measures after last Sunday’s hacking attempt.
The HOR, however, was not as lucky. Its website got back online on Monday, Oct. 16, after being defaced over the weekend, but is now down again as of Tuesday after apparently being attacked anew.
The hacking incidents have pushed Sen. Alan Peter Cayetano to state that the Department of Information and Communications Technology (DICT) urgently needs confidential funds to upgrade the government’s protection from cyberattacks.
In the Senate hearing conducted by the Committee on Science and Technology on Tuesday, Oct 17, Cayetano cited ideas on how the DICT can improve the government’s defense against hackers.
For one, he said, the DICT can use confidential funds to buy information, such as by hiring a “black hacker” as a government asset.
“Another use of confidential funds is reward. Kung ang penalty sa crime na ginawa ay kulong ng five years, then y’ung nagsumbong sa kanya may P250,000 or P500,000, it prevents major breaches of our cybersecurity. It’s worth it,” he said.
The DICT’s budget for cybersecurity decreased from P1 billion in 2022 to P600 million in 2023, then to only P300 million this year.
“I’m not lobbying for you, but what I am saying is that there are certain agencies na talagang klarong klaro kung saan kailangan ang confidential fund. And klarong-klarong kailangan when you have something to do with security,” the independent senator said.
The hearing focused on the ransomware attack on Philhealth’s data system on September 22, 2023. Medusa, the group behind the attack, demanded roughly P17 million from the agency.
Cayetano noted that completely preventing cyberattacks is impossible, but implementing robust defenses to make it difficult for hackers to infiltrate government systems should be sufficient to deter them.
“If we can upgrade the country in the sense na, ‘Hackers hindi kayo uubra dito,’ then they’ll go somewhere else,” he said.
“You can minimize [the data they can steal] to the point na it’s not worth their time kasi nga very much ready ang Pilipinas na kontrahin,” he continued.
Cayetano urged the DICT to help government agencies establish a regular “fire drill” so that government offices, from the national level down to their branches, are trained to act quickly in cases of cyber attacks.
“Can we have a code red na when you text all of your branches, that will simply mean [kailangan] patayin na [nila] lahat ng computer and wait for further instructions?” he said.
DICT undersecretary Jeffrey Ian Dy admitted that the department still does not have the sophistication of such a singular command, but systems that facilitate faster communication are in place.
To protect the data privacy of Filipinos, the senator also proposed the idea of implementing a modern documentation system in which pieces of information are segregated, making it difficult for hackers to relate them to the owner.
During the hearing, PhilHealth CEO Emmanuel Ledesma maintained that the ransomware attack did not affect the major databases of Philhealth and that the majority of membership information was safe.
“Although some membership data has been compromised, our production servers are intact. It was the individual workstations that were affected,” Ledesma said.
A second hearing on the matter is expected to be held to zero in on the recent cyberattacks against other government agencies.
