Council raises alarm over city’s unsecured IT framework
CEBU, Philippines — The Cebu City Council has expressed urgency in launching an investigation into the city’s current Information Technology (IT) policies following reports of unprotected infrastructure that may cripple city operations at any time.
As of yesterday’s regular session, the council approved a motion formally requesting the IT Department to submit to the Committee on Information Technology a copy of the current policies and procedures for safeguarding the city's IT infrastructure.
They were also directed to conduct a thorough review of the system to ensure that no unauthorized backdoors have been created that could sabotage government operations or allow external access.
The council further asked the City Legal Office to study how the city can take appropriate action against IT personnel who have been “uncooperative, caused disruptions to IT operations, or engaged in illegal or sabotage activities during their employment with the city.”
The council also agreed that an executive session be convened for the purpose of investigating and reviewing the city's current IT policies and procedures, as well as the actions being taken to resolve the serious issues surrounding its infrastructure.
This came after Councilor Winston Pepito stood before the council to deliver a privilege speech raising urgent concerns that may have threatened the daily operations of the city government, particularly its IT systems.
Pepito began his speech by emphasizing that database and computer systems are the backbone of City Hall operations. Without such systems, he added, the city’s operations would be hampered.
This was raised after Pepito himself received feedback and reports from IT department personnel that alarmed him. He said there appears to be no formal structure in place, and protocols or standard operating procedures are reportedly not being followed.
Pepito said that upon the assumption of the new administration, he was informed that no proper backup of the system exists.
“If the server fails, all city operations would immediately halt. Even more concerning, if the original programmers were to leave, we would lose the capacity to maintain, restore, or update the system,” said Pepito.
He further noted that there were reports of no role-based access control over the IT infrastructure. He added that some programmers allegedly have unrestricted access to the database servers which, to him, poses a serious risk.
Pepito stressed that with the current system, it can be easily crippled by those with malicious intent.
He also explained that there is no centralized repository for the source code.
“When upper management requested a copy, no one could provide it immediately. I was told that the source codes are stored on individual programmers' personal computers,” said Pepito.
He further added that there is also confusion over code ownership, since some programmers were reportedly hesitant to share the code. It was also revealed that third-party libraries, potentially without full licensing or ownership, have been integrated into the system.
This alone, Pepito said, has raised legal and operational concerns. While he was informed that some copies of the source code have already been turned over to upper management, it hasn’t been confirmed whether these copies are functional, up-to-date, or possibly tampered with to prevent proper operation. — (FREEMAN)
- Latest
















