House speaker Martin G. Romualdez on Monday, Feb. 5, called for a briefing from the Department of Information and Communications Technology (DICT) on the recent cyberattacks on several Philippine government websites purportedly from Chinese hackers, saying this was an issue on national security.
DICT undersecretary Jeffrey Ian Dy reported that cybersecurity experts prevented the hacking of government websites and email addresses by China-based cybercriminals, and that one of these attacks was an attempt to take down the Overseas Workers Welfare Administration (OWWA) website.
“I express deep concern regarding the recent cybersecurity breaches in government agencies, as reported by the DICT. The revelation that hackers, suspected to be operating from China, have infiltrated the email systems and internal websites of various government agencies, is a matter of national security and public interest,” said Romualdez.
“The fact that these breaches have targeted critical domains such as cabsec.gov.ph, coastguard.gov.ph, cpbrd.congress.gov.ph, dict.gov.ph, doj.gov.ph, and ncws.gov.ph, in addition to the private domain of President Ferdinand “Bongbong” Marcos Jr, signifies a dire need for an immediate and comprehensive response,” he added.
Romualdez said that the Philippines should not allow these cyberattacks on government websites to go unchecked.
“In light of these alarming developments, I am calling on the DICT and other concerned agencies to conduct a thorough briefing for the House of Representatives. This briefing should focus on the nature and extent of these cyber-attacks, the current measures in place to prevent future incidents, and strategies for enhancing our cybersecurity infrastructure,” he declared.
He said the briefing could be done in the House of Representatives as soon as possible, most probably this week, and will be conducted by the House Committee on Public Information and the House Committee on Information and Communications Technology chaired by representatives Joboy Aquino and Toby Tiangco, respectively.
Meanwhile, Bohol representative Kristine Alexie Besas Tutor called on the government to train more cybersecurity professionals, noting that the country only has around 200 cybersecurity experts.
Targeted training and certification program that are subsidized by the government in coordination with local universities and TESDA is among those suggested by Tutor, who is a member of House Committee on Information and Communications Technology.
A quick solution, according to Tutor, is to conduct a certification process instead of licensure examinations since standards, processes, and certification institutions are already in place.
“Certification courses can be rolled out quickly in a matter of months and would have graduates in less than a year, depending on their abilities upon joining training. The training can be conducted by state universities and colleges, private universities, and IT companies with the needed certification courses in the near term and later with degree programs,” Tutor said.
“Having a licensure examination on cybersecurity will take much more time. The law and IRR would take about three or more years. Appointing the members of the cybersecurity professional board will take a year or two. Developing the licensure exam will take at least two to three years because it would be a new board exam. Board review and the first board exam will take another year. It would, therefore, take at least seven years until the first batch of cybersecurity board exam passers,” she added.
If more cybersecurity experts are needed, Tutor suggested that “some or all of the current 200 certified cybersecurity experts could be mobilized to teach. Trainees can be selected from recent and old graduates of IT, accounting, finance, and criminology degree programs.”
