Consider the news in recent days.
Just last week, the Maritime Industry Authority (Marina) confirmed a cyberattack compromising four of its web-based systems, which handle vessel registrations and seafarers’ documents.
This month, as well, a major data breach at Maxicare Philippines, attributed to the hacker “OPCODE-90,” exposed sensitive information from over 1,000 major companies, including ABS-CBN and Accenture. This was done by targeting Lab@Home, a third-party provider for laboratory requests.
In May, hackers breached two systems of the Philippine National Police, which hold sensitive data on firearm licenses. This breach raised concerns about the security of law enforcement data. In response to the alleged data breach, the PNP suspended all online services indefinitely to assess and investigate the incident, while maintaining frontline services at regional offices and Camp Crame.
These are the most recent instances, but there are countless more that transpired, whether or not they were reported or addressed. Cybercriminals exploit vulnerabilities in the Philippines’ digital landscape to conduct financial fraud, ransomware attacks, and data breaches, targeting both individuals and organizations.
Thus, it is wrong to think of cybersecurity only when there are such reports of a breach in some computer system.
The Philippines’ pursuit of digital transformation to support economic growth and inclusion is laudable. Technology offers numerous opportunities for advancement if we harness it well and use it strategically.
This is why the Marcos Jr. administration is investing in ways to enhance investments in communication infrastructure and is also working toward upgrading the skills of the people, to allow more Filipinos to fully participate in the digital economy. Furthermore, technology integrates us closer to the rest of the world economy.
But there is a flip side to technology that can bring extensive damage to those who use it, from consumers to government agencies to critical infrastructure that powers societies. And this is exactly why digital security should be seen as of equal importance as digital transformation.
Cybersecurity is an issue that concerns both national and economic security, especially since it can transcend borders and affect people wherever they may be in the world.
The Philippines, given its unique position in the Indo-Pacific region and its crucial standing in geopolitics, finds itself at the heart of various external cybersecurity threats, primarily driven by state-sponsored actors and cybercriminals. These state-sponsored threats, particularly from countries like China with advanced cyber capabilities, bring significant risks, including espionage, intellectual property theft, and disruption of critical infrastructure.
At the same time, people must be made aware that they are targets of influence operators and must be able to distinguish between benign and malign activities. Each user must know and understand the risks that these pose to themselves, to society, and the country.
How, then, should the government proceed in ensuring cybersecurity even as we advance toward becoming a more digital nation and economy?
Recognizing the need to address these emerging security challenges in the cyber domain, Armed Forces of the Philippines (AFP) Spokesperson Francel Taborlupa recently stated that their department is adapting to keep pace with evolving threats. This effort encompasses a broad range of operational domains, with cyber now being integrated as the fourth domain alongside land, air, and sea.
Critical infrastructure, including ports, energy, and telecommunications, requires robust cybersecurity measures. Without a sound cybersecurity posture, digital technologies could expose the nation to devastating cyberattacks against its economic and national defenses.
The national security policy framework 2023-2028 highlights cyber information and cognitive security as vital components of national security, aiming for overall cyber resilience. The recently signed National Cybersecurity Plan outlines several key initiatives and programs aimed at enhancing the country’s cybersecurity posture, particularly against external threats. One of the primary components is the establishment of the National Cybersecurity Operations Center, which will serve as a centralized hub for monitoring, detecting, and responding to cyber threats. This center aims to improve the country’s ability to handle cyber incidents in real-time.
The plan also emphasizes the importance of public-private partnerships, encouraging collaboration between government agencies and private sector entities to develop a unified cybersecurity framework. This includes initiatives that foster information sharing and joint efforts to combat cyber threats. The plan also focuses on capacity building and upskilling, offering scholarships and training programs to address the shortage of skilled cybersecurity professionals.
The centrality of private sector participation in cybersecurity cannot be overemphasized. The private sector must invest in advanced cybersecurity technologies, implement stringent security protocols, and lead by example in best practices to protect their data and networks. They should engage in public-private partnerships, sharing threat intelligence and conducting joint training exercises with government agencies to develop robust incident response plans.
Indeed, a multi-faceted and multi-sectoral approach is key. Stronger international cooperation to protect the Philippines from these external cyber threats is also in order. Effective responses include improving cybersecurity policies, investing in advanced security technologies, and fostering collaboration with global partners to share threat intelligence and best practices.
Cybersecurity is a shared concern and responsibility by both the private and public sectors, as well as domestic and international players, because it has the potential to affect regional stability, security, and prosperity — in all, our way of life as we know it.
Victor Andres “Dindo” C. Manhit is the president of the Stratbase ADR Institute.
