• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
National Cybersecurity Office 2009
 

National Cybersecurity Office 2009

on

  • 1,569 views

 

Statistics

Views

Total Views
1,569
Views on SlideShare
1,569
Embed Views
0

Actions

Likes
2
Downloads
63
Comments
3

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

13 of 3 previous next Post a comment

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Sir Angelo, thank your inspiring suggestion and soon to be look-upon information regarding e-Gov Fund.
    Are you sure you want to
    Your message goes here
    Processing…
  • Very good initiative on the part of the government and the National Cybersecurity Coordination Office.. But this report or part of which, should not be published publicly specially on on the part of project strategy and action agenda. Cyber hackers might have an idea on how to effectively counter those strategies. I suggest that only those informative part of this report should be published for the use of students doing research. I conclude that this cybersecurity initiatives could be more effective if the actual budget requested from eGOV FUND were given, or even just 50% of the actual requested fund were allocated.
    Are you sure you want to
    Your message goes here
    Processing…
  • Brilliant!
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    National Cybersecurity Office 2009 National Cybersecurity Office 2009 Presentation Transcript

    • Report on Philippine Cybersecurity Coordination Project Prepared by the National Cybersecurity Coordination Office Commission on Information and Communications Technology August 17, 2010
    • SUMMARYAn Overview on the cybersecurity efforts in the countryProject Components covered by the eGov fund in 2008-2009.Current capabilities of the Philippine Cybersecurity CoordinationProject to address and fulfil the requirements of the government inits commitment to establish a continuum of proactive, reactive anddefensive mode of protecting its critical information infrastructure.
    • The report includes the following: Cybersecurity Initiatives Project Strategy and Action Agenda The Utilization of eGov Fund Related Accomplishments The Cybersecurity Goals and Agenda for year 2010 onwards
    • CYBERSECURITY INITIATIVESCybersecurity milestones prior to the availment of the eGov fund inDecember 2008:Cybersecurity advocacy conferences and meetings jointly initiatedby the National Security Council (NSC) and Information SystemsSecurity Society of the Philippines (ISSSP) started in 2002. Outcome:  Realization for the need of a Cybersecurity Coordination organization.  A move that was also supported by various ICT related and ICT security organizations and to name few: PISO, ISSSP, ISACA, IT Pros, Philippine Honeynet, and PHilNITs.
    • CYBERSECURITY INITIATIVESThe Cabinet Oversight Committee on Security (Cluster E) in 2004created the Task Force for Securing Critical Infrastructures (TFSCI)and under which is the Cyber Security Work Group (CSWG) chairedby the National Computer Center Director-General Angelo Timoteo M.Diaz-Rivera Outcome:  formulation of the National Cyber Plan in 2005  provides broad strategies and guidelines towards proactively protecting the country’s cyber space.  President directive to develop a Cyber Security Policy that is necessary as a guiding instrument in creating a more secure and stable cyber environment.
    • CYBERSECURITY INITIATIVESThe 2nd ASEAN Regional Forum (ARF) Seminar on Cyber Terrorismheld in Cebu City in October 2005 that hosted by the government ofPhilippines -- under the steering leadership of then Deputy NationalSecurity Adviser Virtus Gil Outcome:  ARF Resolution stressing that cyber terrorism must be considered as one of the main security threats and to mount a united effort to combat this common transnational and borderless threat is essential.  A call for governments to build up capabilities to fight cyber terrorism, and to create national instrumentalities serving as focal points to coordinate a wide network of foreign and domestic cybersecurity entities in the Asia–Pacific region.  ARF delegation recommendation for the need for national and regional collaboration frameworks to help such institutions address cyber- terrorism.
    • CYBERSECURITY INITIATIVESBeing the partner in pushing the ARF Seminar on Cyber-Terrorism,the Philippine government together with South Korean governmentforged to conduct a joint cybersecurity study. Outcome:  Philippine Framework of National Computer Emergency Response Team (NCERT) in 2006
    • CYBERSECURITY INITIATIVESJoint Technical Working Group on Cybersecurity was created underthe CICT Office Order 69 dated July 27, 2007 Outcome:  served as a resource body and assistance center for all congressional committees working on cybersecurity legislation  Updated Cybercrime Bill for the 14th congress
    • CYBERSECURITY INITIATIVESRealizing the importance of the critical infrastructure to nation’seconomy and security, the leaderships of CICT deemed it necessaryto empower sustain the cybersecurity coordination initiatives andsubsequently created the Office of the National CybersecurityCoordination through Office Order 43 dated July 2, 2008 anddeputized Undersecretary Virtus Gil to be the National CybersecurityCoordinator.
    • CYBERSECURITY INITIATIVESThe CICT Office Order tasked the National CybersecurityCoordinator the following: i. Serve as the primary focal point ii. Oversee and provide direction to the government’s countermeasures iii. Integrate the efforts of all participating agencies, public and private iv. Coordinate operational responsibilities with other lead agencies to effectively address illegal activities v. Organize and provide leadership to the various (CSIRTs/CERTs) vi. Design and conduct regular strategic operational planning vii. Provide leadership in the collaboration with international and regional organizations
    • PROJECT STRATEGY AND ACTION AGENDAThe National Cybersecurity Coordination Strategy comprised of thefollowing five (5) programs:7.A program to establish a favourable cyber security legal regime8.Security threat and vulnerability reduction program9.Security awareness, education and training program10.Security incident response and consequent management program11.Establish national and international coordinating mechanicsthrough:  Stage 1 - Promoting cyber policy and legal regime  Stage 2 - Planning and preparing institutional capabilities  Stage 3 - Operating and sustaining emergency response system
    • National Cyberspace Security Coordination National Coordination for Cyberspace Security
    • PROJECT STRATEGY AND ACTION AGENDAIn implementing the National Cybersecurity Coordination Strategy, theNCSO have set the following strategic goals for 2009-2010:•To be the premier trusted single-point of contact within and outsidethe country in coordinating detection, response and prevention ofcyber attacks that may endanger national security.•to promote development of cybersecurity related education,awareness and training programs; and•To facilitate communications across a diverse constituency to sharecybersecurity related information.
    • PROJECT STRATEGY AND ACTION AGENDAThe mandate of cybersecurity coordination that intend to develop astrong cybersecurity regime for the country could only succeed if itputs in place the organizational infrastructure, coordinative andcollaborative mechanism to support the endeavour. The NCSOstrategic goals from January to December 2009 were the following:g.Setting-up the Cybersecurity Coordination Centerh.To develop counter and readiness plan for cyber incidentsi.To promote a community of national and regional CERTsj.To develop a capability to conduct incident, vulnerability and artefactanalysisk.To undertake the development of cybersecurity related education,awareness, and training programs
    • PROJECT STRATEGY AND ACTION AGENDAsupport incident reporting across a broad spectrum of sectors withina nation’s borders;provide early warning to affected populations and constituencies;notify others within the cybersecurity communities of potentialproblems;effect a coordinated response;share data and information about the incidents and correspondingresponse solutions;track and monitor cybersecurity incidents to determine trends andlong term remediation; andDistribute cybersecurity best practices and guidance.
    • THE UTILIZATION OF THE eGOV FUNDIn 2007, the conceptualization of Philippine CybersecurityCoordination Project for eGov funding was pursued under theauspices of the Office of the President (OP) with UndersecretaryVirtus Gil being the head of the Presidential Situation Room taking thelead.The initial amount requested to cover the first 2-year Cyber SecurityCoordination Action Plan amounted to P187 Million with agencycounterpart amounting to P23.440 Million. Acting on the CICTendorsement for eGov funding, SARO amounting to P10 Million inJanuary 2008 was released by DBM to OP to cover the requirementof the project; however, the project champion was given newassignment in February 2008 prompting the OP to return to DBM theaforementioned P10 Million eGov fund.
    • THE UTILIZATION OF THE eGOV FUNDSponsorship of the project was transferred OP to CICT in July 2, 2008pursuant to CICT Office Order 43 and the same Office Order alsodeputized the de-facto project champion to be the NationalCybersecurity Coordinator. The submission of the project proposalwith new sponsor-agency was submitted anew in July 21, 2008 andSARO amounting to P30 Million to cover the project’s requirementwas released to CICT in December 9, 2008.
    • THE UTILIZATION OF THE eGOV FUNDOut of the P185 Million requested, only P30 Million was allocated foryear 2008-2009. PR0GRAM DESCRIPTION AMOUNT NCSO NOC/Data Center, Supply, delivery, set-up & Installation of Response Center and materials & equipment, computer hardware, 11,709,176.32 Operation Office network system and peripherals Risk and Vulnerability Supply, delivery, set-up & Installation of Center materials & equipment 2,015,000.00 PKI Center, Root Supply, delivery, set-up & Installation of Authority, and materials & equipment 5,317,368.00 government Certification Authority Contract of Consultancy Services NCSO Contract Workers 1,651,484.40 Continued in the next slide
    • THE UTILIZATION OF THE eGOV FUNDOut of the P185 Million requested, only P30 Million was allocated foryear 2008-2009. PR0GRAM DESCRIPTION AMOUNTContract of Consultancy Security Techniques Training for the Member-Services Agencies in Manila, Cebu and Davao 750,000.00 Strategic Planning Workshop Designing and Facilitation; and Development of Strategic 250,000.00 Framework and 2009 Implementation Plan. Development of Cyber Security Awareness Campaign Program 440,000.00 Security Awareness Conference and Training Management and Mobilization of Participants and Speakers Bureau in Davao on Dec. 11, 2009 315,000.00 Security Awareness Conference and Training Management and Mobilization of Participants and Speakers Bureau in Davao on Dec. 14, 2009 320,000.00 Continued in the next slide
    • THE UTILIZATION OF THE eGOV FUNDOut of the P185 Million requested, only P30 Million was allocated foryear 2008-2009. PR0GRAM DESCRIPTION AMOUNTOffice Supplies NCSO Requirement 461,808.00 PKI Requuirement 263,825.46TOTAL 23,493,662.18
    • RELATED ACCOMPLISHMENTSWith the initial eGov funds, the NCSO was able to accomplish thefollowing key results strategic agenda:•Establishment of National Cybersecurity Coordination Office(NCSO):  ensures the effective implementation of CICT Special Order 43 series of 2008 and the development of a strong cybersecurity capability.  Served as infrastructure and administrative/secretariat machinery for the National Cybersecurity Coordinator  The NCSO Secreatariat was temporarily filled up by the contractual personnel hired through the eGov funds
    • RELATED ACCOMPLISHMENTSNCSO functions:  defines of the rules and procedures for the inter-agency meetings and conferences  provides of conference management and direct support services to the meetings and other for a presided by the NCSO  serves as coordinator of the NCSO and its sub-committees in the performance of its functions as mandated  provides secured record-keeping and other information requirements for the NCSO  manages the financial and other administrative requirements for the NCSO  perform such other functions as may be required
    • RELATED ACCOMPLISHMENTS•Activation of the Cybersecurity Inter-Agency Committee  Inter-agency Cybersecurity Works Group (CySWG) was re-constituted to served as the advisory body to the National Cybersecurity Coordination Office.  The Inter-Agency Advisory body shall provide the government through NCSO with the proper tools, knowledge base, skill sets and laws to effectively secure Philippine cyberspace and effectively respond to cyber attacks.  Members of the Advisory Body are the following:  National Computer Center (NCC)  National Security Council (NSC)  Philippine National Police (PNP)  National Bureau of Investigation (NBI)  Department of Justice (DOJ)  Armed Forces of the Philippines (AFP)  Sectoral CERTS (NCC, BSP, DTI, DOTC, NTC and DOE)
    • RELATED ACCOMPLISHMENTSe)Setting up of the National Cybersecurity Center (NCERT)  shall serve as the nerve center  supported by a Point-of-Contact (PoC) System  A web-enabled point-of-contact system that shall be able to receive cybersecurity related incident reports through multiple channels such as SMS, email, phone calls, blogs, etc.  A Portal that shall also serve as the central source of information regarding cyber security issues, and critical infrastructure protection and cybersecurity coordination. www.ncso.ph
    • National Cyber Security Office Cybersecurity Inter-Agency Committee. NCCS - CICT - NCC - NSC - NTC - BSP - NEDA Project Director - DOTC - AFP - DOJ - DOE - PNP - NBI Finance/Admin Secretariat - NICA • Budget • Accounting • Mgt IAC Mtg • Personnel • Mgt of Public & • Logistics and Private Partnership Audit Philippine Cyber Security Center Public Key Infrastructure Planning Technical Incident and Support Response Coordination Systems Group Phil Root Govt Govt Certification Certification Registration Phase II Authority Authority Authority Construction of  Network Cybersecurity Center Admin Control of Training for  System Response Team Admin Establishment of Risk  Database Assessment Management Conduct of Advocacy and  Website Software Awareness Operation’s Auditing Management Development Conduct of Policy Formulation Coordination of international Collaboration Agreement
    • RELATED ACCOMPLISHMENTS•Establishment of the center for Public Key infrastructure  an enabling infrastructure that will protect the transfer and sharing of information  supports the government objective of providing a more secure and trusted online environment  PKI hardware, software and systems were donated by the South Korean government to the Philippine government  eGov Fund were tapped to cover the civil work, electrical and air conditioning requirements of the PKI center.
    • RELATED ACCOMPLISHMENTS•The establishment of Risk and Vulnerability Assessment System•The development and conduct of a Capacity Building Program for theNational Cybersecurity Incident Team and the various sectoralCybersecurity Incident Teams•The development and implementation of the Security And AwarenessProgram•The formulation of the National Security Policies
    • Thank you