Defending the Philippines on multiple fronts

Filipino blood was spilled in the West Philippine Sea (WPS) on June 17, 2024. A Filipino soldier lost a thumb, maiming him. Several other soldiers sustained severe injuries. Weapons and vehicles, funded by Filipino taxpayer money, were stolen and destroyed by Chinese Coast Guard (CCG) personnel wielding guns, knives and axes.

China adds to its long list of offenses against our country. Illegal attacks, direct or indirect, have occurred on multiple fronts; through the illegal offshore gaming industry and its social ills, incidents in the WPS and even multiple hacking attempts. Yet despite this, I’m happy to report that our reserve forces increase day by day. In our recent Philippine Army Reserve Command (ARESCOM) Multi-Sector Advisory Board (MSAB) meeting last June 21, 2024, our chorus was clear. We must be prepared, practical and proactive. I’m proud of our ARESCOM MSAB officers who are doing what they can to strengthen the reserve forces across the country.

However, while everyone is focused on the WPS, our cyberspace goes unnoticed and remains vulnerable.

In the last quarter of 2023, several government websites like the Senate, the House of Representatives and PhilHealth were all hacked. It happened around the time the Philippines removed floating barriers which were surreptitiously set up by the CCG. We removed the illegal structures because it was within our territory, causing navigational hazards and hindering Filipino fisherfolk’s livelihoods. In February 2024, hackers with Chinese internet protocol (IP) addresses committed several hacking attempts against our Overseas Workers Welfare Administration (OWWA), specifically its servers for web applications used by our heroic overseas Filipino workers (OFWs). In April 2024, the Department of Information and Communications Technology (DICT) worked on mitigating the damage wrought by a malicious cyberattack on the Department of Science and Technology (DOST). Just a few days ago, Maxicare Healthcare Corp., health insurance provider to 1,000 companies in the Philippines, reported a data breach exposing personal information of around 13,000 of its 1.8 million members. It has been likewise reported that the compromised file is being sold by hackers online.

Our compromised cyberspace is a national security issue. It finds greater relevance in the face of China’s acts of war and potential infiltration efforts against the Philippines. Senators Hontiveros’ and Gatchalian’s efforts have uncovered evidence of Philippine offshore gaming operators (POGOs) or internet gaming licensees (IGLs) committing cybercrimes against us in our own territory, right beside city halls and within exclusive villages. We must laud the related recent swift and smart actions of Executive Secretary Bersamin in ordering deportation, asset freezing and blacklisting against the Porac, Pampanga POGO or IGL, Lucky South 99 Corp., and its 156 foreign nationals, of whom 126 are from mainland China, found committing depravities in OUR country.

More decisive interventions are needed for our collective cybersecurity. President Marcos Jr.’s Executive Order 58 dated April 4, 2024, adopting the DICT’s National Cybersecurity Plan up to 2028 as the “whole-of-nation roadmap for the integrated development and strategic direction of the country’s cybersecurity” must be accelerated.

Even the Armed Forces of the Philippines Chief of Staff General Romeo Brawner Jr. has stated his interest in creating a specialized cyber unit for the Armed Forces. In fact, just last Feb. 19, 2024, AFP cyber and communications teams competed in a United Kingdom-led cyber warfare exercise, where our forces ranked very well against other teams from around the world.

However, despite these efforts, the sad truth remains that we are still not ready. Cisco’s 2024 Cybersecurity Readiness Index reports that only one percent of Philippine organizations have sufficient readiness level for resilience against cybersecurity risks. It is lower than the global average of three percent. Relatedly, TransUnion’s 2024 State of Omnichannel Fraud Report indicates that, in 2023, 8.3 percent of all digital transactions by consumers in the Philippines were suspected fraud. Again, it is higher (by 66 percent) than the digital fraud rate of five percent. Kroll’s APAC State of Incident Response 2022 report states that 75 percent of organizations in the Philippines experienced a cyber incident. It is, yet again, significantly higher than the Asia-Pacific region countries’ average of 59 percent. Sadder still, these figures are not a surprise to any Filipino, considering almost everyone with a cellphone in the Philippines finds scammers’ texts and calls to be commonplace. We really thus cannot blame Nikkei Asia in putting it this way – “Philippines emerges as Asia’s epicenter for online shopping scams.”

Such disconcerting figures are among the many reasons for Senator Grace Poe’s persistence, as the author and sponsor, in passing Republic Act No. 11765 or the “Financial Products and Services Consumer Protection Act.”

Even my own public X (formerly known as Twitter) account @heyitsbrianpoe was hacked. Retrieving it has been an ongoing nightmare for me. How or why it was hacked remains a mystery to me. It makes me feel anxious. Yet, if my account was compromised, what more others who have lost bank accounts and private information?

I hope that cybersecurity legislation returns to priority status. These include the proposed Cybersecurity Act by Senator Marcos, the Anti-Money Mule and Financial Fraud Act of 2023 by Senator Zubiri and the Online Site Blocking Acts by Senators Estrada and Revilla. We could also look closer into recent European Union legislation on artificial intelligence and its role in cybersecurity.

I reiterate the calls to action by the Philippine Computer Emergency Response Team (PH-CERT) and the National Association of Data Protection Officers of the Philippines. We truly are in dire need of “180,000 trained and validated cybersecurity professionals to proactively and effectively protect the country’s critical information infrastructure (CII).”

It remains clear that we must be prepared on all fronts – including cyberspace.