THE House Committee on Information and Communications Technology chaired by Navotas City Rep. Tobias Tiangco, in a joint meeting with the Committee on Public Information chaired by Agusan del Norte Rep. Jose Aquino II, on Tuesday resumed the inquiry into the continuing proliferation and alarming trend of cyberattacks against government and private firms in the country.
Undersecretary Jeffrey Ian Dy of the Department of Information and Communications Technology (DICT) presented the country’s state of cyber security and government’s initiatives to defend the country’s cyberspace.
He reported that DICT established the National Security Operations Center (NSOC) in response to resolutions filed following the cyberattacks in 2023. Dy said that 28 government agencies are connected to the NSOC.
“Aside from the hacks that we went through, there were more attacks that happened and defended in a course of a few months from December 2023 until this moment,” Dy said.
As of April 2024, he said the NSOC detected a total of 811 attempts to hack government agencies which were abandoned.
The DICT also detected vulnerabilities on some 2,000 government assets. Some of these were identified through the Secure Online Network Assessment and Response System (SONAR) Project launched in December 2023.
According to Dy, SONAR automatically scans all potential vulnerabilities on all government ICT infrastructures housed and maintained within the jurisdiction of DICT under the GOV.PH domain.
“Our government agencies are not in good state. We discovered 30,682 vulnerabilities, each classified by severity. Please understand this is not something that we can resolve overnight,” Dy said.
He listed DOH, DICT, DOTR, NEDA, PNP-Information and Technology Management System, DENR, PEZA, CSC, OP and DOST as the agencies with the most number of high and critical incidents.
Manila Rep. Bienvenido Abante Jr. asked Dy about the need to enact more laws on cyber security, “Cannot these agencies with cyber security divisions do their own thing without Congress crafting a new law on it?”
Dy replied that passing the Cyber Security Act is important because the government does not have mandatory powers to even audit critical information infrastructures.
Dy further batted to amend the Cyber Crime Law enacted 12 years ago, to respond to the many changes in the world of cyber crime, “Marami na pong nagbago sa mundo ng cyber crime.”
“There should also be a way of mandating social media platforms for example whose platforms are being used to leak data of citizens,” Dy said, citing the messaging app Telegram as the most popular means cyberterrorists use for hacking.
Atty. Franklin Anthony Tabaquin IV, National Privacy Commission (NPC) Privacy Policy Office Director IV, reported problems in the prosecution of cyber offenses because NPC under the law has no prosecutory powers.
“We only recommend to the DOJ. Once we recommend to the DOJ, that same case will go to the usual course of prosecution… We only impose fines and damages right now and that’s it. We already have a draft bill on that,” Tabaquin said.