Your SlideShare is downloading. ×

National Security Review


Published on

Papers and Proceedings from the For a on Cyber Security Awareness and Collaboration

Papers and Proceedings from the For a on Cyber Security Awareness and Collaboration

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. 1ICT Development and Cyber Security ReaderA special edition of the National Security ReviewICT Development& Cyber SecurityReaderPapers and Proceedings from the Fora onCyber Security Awareness and CollaborationNATIONAL DEFENSE COLLEGE OF THE PHILIPPINES
  • 2. 2 ICT Development and Cyber Security ReaderEditorial BoardDr. Fermin R. De Leon Jr, MNSAPresident, NDCPDir. Ernesto R. Aradanas, MNSAExecutive Vice President, NDCPAnanda Devi Domingo-Almase, DPAProfessorDr. Antonio G. Matias, MNSAProfessorProf Charithie B. JoaquinProfessorProf. Christine June P Cariño, MNSAChief, Academic Affairs DivisionCdr Rostum J Bautista, MNSA PN (Res)Chief, Research and Special Affairs Division________________________________________________________Secretariat/Publication CommitteeGrace Q. Banlaoi, Manmar C. Francisco, Segfrey D. Gonzales, Gee Lyn M. Magante, EugeneGalang, Jaime Saulo, Francis MangadlaoCopyright 2012 by NDCPThis volume is a special edition of the National Security Review and is publishedby the National Defense College of the Philippines. The papers compiled herein aresolely those of the authors and do not necessarily represent the views and policies oftheir affiliated governments and institutions. Comments and suggestions are welcomeand may be sent to NSR Publication Office, NDCP Camp Aguinaldo, Quezon City,with telephone number +63-2-912-9125.Cover photo credits:,,,,
  • 3. 3ICT Development and Cyber Security ReaderForewordThe Philippines, although considered an emerging country in computer and cybertechnology, is not isolated or shielded from acts of cyberterrorism and cyberwar.The more advanced a country is in terms of technology, the greater the impact of acyber attack or network denial of service. There is a need for an increased awareness inthe national and global environment on what cyber crimes are and how to deal with theireffects. Undoubtedly, the internet is very much a part of our lives now and we cannotsimply disconnect from it.Cyberspace is the interdependent network of information infrastructure thatincludes the internet, computer networks, systems and the embedded processors andcontrollers in critical industries such as telecommunications, banking, transportation,business. It is virtual and has become the “fifth domain” after land, sea, air and space. Sincecyber crimes are virtually committed and transnational in nature, it is imperative to buildtrust among nations in sharing information on how to combat cyber threats. Perhaps the most prevalent crime of the 21st century in an age of informationand communication technology (ICT) is cybercrime, also known as computer crime.Cybercrime has grown and worsened in alarming proportions as it affects informationand data management systems important to government, business, education, and evenentertainment. Worse, this crime, especially those that can be done at home, has invadedthe privacy of personal life. These modern crimes, which employ computers or mobilephones as tools for illegal activities, include but are not limited to the following: identitytheft and invasion of privacy; internet fraud; ATM fraud; wire fraud; file sharing andstealing intellectual property through piracy; counterfeiting and forgery; child pornography;hacking and espionage; programming of computer viruses; denial of service attacks; spam;and sabotage.Due to the widespread adoption and use of computers and the internet in almostall aspects of our daily living, and exacerbated by the vulnerability to aforementionedcybercrimes using the ICT and the cyberspace, the NDCP, in collaboration with the Officeof the Vice President and the NDCP Alumni Association Inc. has embarked on a seriesof public fora and seminar-workshops to increase public awareness on the protection ofinformation, communication technology and cyberspace to improve the security, efficiency,cost effectiveness, and transparency of all government and private online and electronicservices through policy formulation and conduct of education, training and research oncybersecurity.The College also hopes and aspires to be the center for policy formulation on securityand resiliency in cyberspace, as well as the venue where education, training and research onthe protection of information, communication technology and computer network operations,including cybercrimes, defensive activities, and security of the cyberspace infrastructurewill be conducted.
  • 4. 4 ICT Development and Cyber Security ReaderWe hope that this present volume, ICT Development & Cyber Security Reader— acollection of papers, thesis, speeches, laws as well as highlights of the proceedings from aseries of fora and workshops on cybersecurity awareness and collaboration, will somehowquench the thirst for more ICT literacy and cybersecurity understanding among our policy-makers and the general public. We also hope that this reader will contribute to better preparepublic and private cyber infrastructure for any eventuality involving the misuse of cybertechnology and for our cyber community to become more proactive in mitigating the risksof such cyber threats to the peaceful conduct of local and international affairs.Fermin R de Leon, PhD, MNSAPresident, NDCP
  • 5. 5ICT Development and Cyber Security ReaderForeword1. Welcome Remarks Fermin R De Leon Jr, PhD.......................................................................................2. Keynote Address during the Securing a Whole Wired World: A Forum on Cyber Security Awareness and Collaboration Honorable Jejomar C. Binay.....................................................................................3. Highlights of the First Forum on Cybersecurity Awareness andCollaboration: Securing A Whole Wired World.............................................4. Keynote Address during the Forum on How Safe Is Your Money?: Rethinking Cybersecurity Honorable Jejomar C Binay......................................5. Highlights of the Second Forum on Cybersecurity Awareness andCollaboration: How Safe Is Your Money?: Rethinking Cybersecurity..................................................................................6. Opening Remarks: ICT Development and Cybersecurity EnhancementUSec Benjamin E Martinez Jr.................................................................................7. Highlights of the Seminar-Workshop on Cybersecurity: TowardsInformation, Communication and Technology Development (ICTD)and Cybersecurity Enhancement......................................................................8. Highlights of the Third Forum on Cybersecurity Awareness and Collaboration: Cybercrime Law and Its Implications to National Security..................................................................................................Papers on ICT Development and Cybersecurity9. Paper Output during the Seminar-Workshop Prioritizing ICTDevelopment and Cybersecurity Seminar ......................................................10. Understanding Cyber Security from Global and Regional Perspective Stephen P. Cutler...............................................................11. Cyber War and Cyber Terrorism Stephen P. Cutler.........................................12. Philippine Cyber Security: General Situation Angel S. Averia, Jr................13. Historical Notes on Technology and Cyber Security Initiatives Lorenzo A. Clavejo.....................................................................................................14. Cyber-security: Perspectives on Attacks John Peter Abraham Q. Ruero..................................................................................C O N T E N T S389132427363848616775778690
  • 6. 6 ICT Development and Cyber Security Reader9410311912212413213514716116316617818920815 Cyberwar and Rules of Engagement Drexx D. Laggui...............................16. The Evolving Landscape on Information Security Wilfred G. Tan, Carlos T. Tengkiat & Simoun S. Ung.......................................17. The Need to Secure Our Cyber Space Angel T. Redoble.............................18. National Security Implications of R.A. 10175: Defense PerspectiveNebuchadnezzar S. Alejandrino I.........................................................................19. Fighting the Crime of the Future: Responding to the Challenges ofCybercrimes Geronimo L. Sy............................................................................20. Key Structuring Principles in the Cybercrime Law Discourse Shirley Pelaez-Plaza..............................................................................................21. New Frontiers in Cybersecurity: Its Adverse Impacts in the Philippines and ASEAN Region Chester Cabalza........................................References22. Republic Act No. 10175 An Act Defining Cybercrime,Providing For The Prevention, Investigation, Suppressionand the Imposition of Penalties Therefor And For OtherPurposes..............................................................................................................24. Types of Cybercrime Cybercrime Interpol...........................................................................................Thesis Abstracts25. Cybersecurity Capability of the Armed Forces ofthe Philippines in the Midst of Computer ThreatsArturo A Larin......................................................................................................26. The Effects of the Internet Age on National Identity andNational Security Nathaniel Ordasa Marquez..................................................27. Electronics Security System of Universal Banks in the Philippines:An Assessment Rodrigo I. Espina, Jr., ............................................................Directory of Participants..............................................................................................
  • 7. 7ICT Development and Cyber Security ReaderFirst Forum on Cybersecurity Awareness and Collaboration26 October 2011NDCP Honor Hall, Camp Emilio Aguinaldo, Quezon City“Securing A Whole Wired World”
  • 8. 8 ICT Development and Cyber Security ReaderWelcome RemarksFermin R De Leon Jr PhD, MNSAPresident, NDCPSpeech delivered during the Securing a Whole Wired World: A Forum on Cyber Security Awarenessand Collaboration, on 26 October 2011, NDCP Honor Hall, Camp Emilio Aguinaldo, QC_______________________________________________________________________________TheHonorableJejomarCBinay,MNSA,VicePresidentoftheRepublicofthePhilippines;Honorable Voltaire T Gazmin, Secretary of National Defense; distinguished membersof the diplomatic corps; sons and daughters of the NDCP; my fellow civil servants;ladies and gentlemen, a very pleasant morning.The College has always been at the forefront of discourses of present issues andconcerns that matters to you, to me, and the rest of society. It has always been providing avenue for enlightenment and understanding as it welcomes to its confines, with very mucheagerness enthusiasm, open and truthful discussion all in the name of academic freedom.Today, the College, once again, proudly finds itself as the point of convergence of a widespectrum of stakeholders to tackle perhaps the most crucial issue of this age.For this, I wish to personally extend my gratitude to the Honorable Vice Presidentand the NDCP Alumni for once again, partnering with the College in such a worthy endeavor.As its theme conveys, the event elevates cyber security awareness among its audience, adiverse mixture of cyber security key players coming from the government, private sector,the civil society and the academe. It also highlights the importance of partnership in buildingthe nation’s cyber resiliency.Indeed,oureventisasterlingcontributionoftheacademeinseizingtheopportunitiesand facing the challenges the Information Age presents. Despite an emerging nation in cybertechnology, our country is never shielded from cybercrimes. There is a need to enhanceour cyber security if we want to take advantage of the opportunities of this heightenedinterconnectivity.Thus, I encourage everyone to actively participate in discussions as everyone’scontribution is important in addressing the evolving threats we face in the cyberspace. Cybersecurity is something that affects us all. As more and more daily functions rely on digitalsystems, we have more and more reasons to ensure the privacy, safety and security of ourcyber space. It’s an important task not exclusive to the government nor the private sector.Enhancing our cyber security is rather a shared responsibility because at the endof the day, cyber security is about security of the people. In the first place, technology isthere to make our lives better. However, if we fail to be conscientious and proactive users,any sophisticated technology will be rendered useless or, even worse, prove to be harmful.Ultimately, it is in our hands to secure a whole wired world.Magandang araw at mabuhay tayong lahat!# # #
  • 9. 9ICT Development and Cyber Security ReaderKeynote AddressHonorable Jejomar C. Binay, MNSAVice President, Republic of the PhilippinesSpeech delivered during the Securing a Whole Wired World: A Forum on Cyber Security Awarenessand Collaboration, on 26 October 2011, at NDCP Honor Hall, Camp Emilio Aguinaldo, QC_______________________________________________________________________________When we first discovered the Internet around two decades ago, we heard about itspower as a communications tool. As dial-up networking struggled to cope withour thirst for email, we were content to use the World Wide Web for keeping intouch with friends and family. Yet the birth of cyberspace did not fully reveal the impactit would have on the world.Not long after its propagation, the Web developed a maturity that dissolved borders.Not since the invention of the locomotive has a technological wonder spurred progress theway the Internet did. Education, business, finance and personal exchanges found a newhome on cyberspace. Entrepreneurs could do business nationwide without having branchesin every city, and almost anything can now be bought online. No longer was it necessaryto be in a classroom at a particular time to hear a lecture or complete a course. And in caseyou needed to access your money after business hours, online banking made it possible tomanage your accounts without the help of a teller or ATM.Further technological advances bolstered the World Wide Web, making it possibleto transmit data and voice at the speed of light. Geographical barriers to outsourced andoffshore services came down and within the past ten years, the Philippines, and severalother countries have reaped the benefits of this wave. Governments and firms quickly sawthe power and benefit behind storing information in electronic formats. Apart from thepositive impact on the environment, this permitted a central and consistent base of recordsto be maintained and made accessible to the agencies and offices that citizens transact withto obtain basic services.However, where an abundance of opportunity and an openness of exchange exist,criminal genius cannot be far behind. The advancement of the Internet has prompted ill-doers to exploit the Web for their own nefarious purposes.Some months ago, I had a brief encounter with two IT managers. I forget their names,but they were young, very driven and visibly competent Filipinos. Being less fluent than Ishould be in the language of Information Technology, I picked their brains to learn more ofthe threats we face, and the weaknesses that they believe are present in our country.The first manager contributed his own notes to the conversation saying that fromthree years ago, attempted intrusions into his network (or attempted hacks) tripled. From400 attempts daily in 2008, he is now blocking over 1200 attempts per day. Based on hisreviews, only 3% of the attacks emanated from the Philippines. The vast majority camefrom China with the balance originating from the rest of the world. He lamented that these
  • 10. 10 ICT Development and Cyber Security Readerattacks will probably increase geometrically in the future and that he works feverishly tokeep up with the threats by upgrading access control procedures, security software andwhere budgets permit, his hardware as well.When I asked for examples of intrusions and their risks, the second narrated hispersonal experience from his own BPO center in Makati. He was monitoring his VOIP servers,when he saw unauthorized calls being directed to places like Brazil, Zimbabwe and Haiti.He immediately secured his line but the one hour’s worth of hijacked calls cost him over$2000 in charges. The attack originated not from within his workforce but from overseas,and it took months for him to resolve the billing with his service provider. Luckily, his losswas temporary but he added that he personally knew of a center in Ortigas that closed shopafter hijacked VOIP servers inflicted monthly losses in the millions of pesos.These trends, in the words of these professionals, represent but a fraction of thethreats an IT-enabled business can face. At that point, it became painfully clear that cybersecurity threats were not just epic events that affected foreign nations or large conglomeratesalone. Like other citizens of cyberspace, we too are at risk, and those risks escalate as quicklyas fiber optics transmits signals.The breadth and depth of valuable information on the Web has reached critical massand sends new breeds of criminals into a feeding frenzy. What is valuable to us can nowbe stolen online, just as easily as a pickpocket can make off with our cell phones. What iscritical to us can be shut down or made unusable and no longer are these cases taken froma plot crafted by fiction and cinema.In 2008, a band of three hackers stole more than 170 million credit card numbersbefore they were arrested. In 2010, South Korea sustained a cyber attack where 166,000computers from 74 countries jammed the web sites of banks and government offices.Also in that year, IT security experts unearthed a worm named Stuxnet. Unlikeprevious worms, Stuxnet did not prey on computers and networks. Instead, it compromisedsoftware that controls industrial machines and could wreak havoc on facilities like powerand water plants. The damaging potential of Stuxnet was exceeded only by the effort thathad gone into its creation. The experts who dissected the worm concluded that around 10,000man hours had gone into its creation. This was aside from the sheer sophistication of themalware’s design. There was little doubt that cybercriminals had a resolve that matched ifnot surpassed that of suicide bombers in Iraq or Afghanistan. Their weapon of choice mayfar exceed the damage that any WMD can inflict.In 2010, the cost of electronic theft exceeded that of physical theft according tothe 2011 Global Fraud Report of Kroll Associates, a leading American security and riskmanagement firm. Perhaps the starkest example was the Wikileaks incident, where classifiedcables from the US State Department suddenly emerged in the open domain. Not even theUS government was immune to the threat, despite the wealth of resources at their disposal.Clearly then, cyber security is a national security issue.The practically borderless nature of the cyber world presents a daunting challenge tous as we work to exist safely in that realm. One of our blind sides is the lack of informationexchange between all stakeholders. The IT community is most aware of these evolving
  • 11. 11ICT Development and Cyber Security Readerthreats but the public sector may be less so. Currently, no single agency has the capabilityor mandate to match the scope of this threat and collaboration between public and privateparties should remain one of our strongest mooring points.The private sector should be a firm partner in this effort. IT is the focus of theirbusiness and apart from employing the best people that they can, it is they who haveencountered these threats first-hand. Their defenses and solutions are forged in reality andtheir findings are invaluable as we map out a strategy to secure the new national assets thatthe Web has created. Let us see how the skills gained by the private sector can be cascadedto their counterparts in government.Apart from holding hands to gain familiarity with the terrain of the Internet, letus revisit our laws. Many potential foreign investors in the IT field still have the genuinefear of suffering electronic threat offshore, without having legal recourse. Our country’se-Commerce law is now over a decade old. Perhaps it is time to lend your talents towardsenhancing our laws to insure that they remain capable of addressing the challenges wecurrently face and those that we shall meet in the future.Other nations have made this a top priority. The UK and the United States havetheir data privacy laws which are strictly interpreted and enforced. Nonetheless, in the pastyear alone, 18 bills have been filed in the US Congress to further enhance their laws againstcybercrime and similar activities.Let us work with our legislators. I have no doubt that they are all eager to help usclose this gap in our virtual borders, but they need to understand not just the jargon, butthe threats we face and the consequences we can suffer. Guide them through the languageand landmarks of cyberspace and I am confident that relevant and lasting legislation shallresult.Operationally, it is my hope that this forum shall give birth to both a cyber securityroadmap, as well as a defined framework of collaboration between government agenciesand the private sector so that a cyberspace coast watcher system can be established andimplemented.In countries like Japan, inbound viruses and malware are treated like outbreaks. Thepath is monitored in real time, and through pre-established communications procedures,the propagation of the virus is arrested. Alerts are sent out not just to networks nationwide,but to competent government authorities from the source country and other nations in theregion. Specialists are tasked to dissect the virus and formulate defenses which are rolledout to all networks in the country. We should be able to achieve such a system if we workhard enough.This may sound like a tall order, for we have yet to acquire the infrastructuresophistication of some of our neighbors. However, within this forum, provide clarity tothe question of technical skills that we need to develop and foster in the long term, andhow to best organize these skills. Let us explore avenues for government-to-governmentcooperation in terms of technology transfer with our friends in North America, Europe andAsia. While technologies change, the collaborative approach shall remain the cornerstoneof a sound national security response.
  • 12. 12 ICT Development and Cyber Security ReaderThis battle in cyberspace comes to us swiftly and unceasingly. This forum is apositive step towards rallying our forces but it will take several steps for us to complete ourtask. Together, let us raise our virtual army and come to our nation’s defense.Thank you and good morning.# # #
  • 13. 13ICT Development and Cyber Security ReaderHighlights of the 1st Forum onCyber SecurityAwareness and CollaborationSecuring a Whole Wired World_______________________________________________________________________________I. Executive SummaryIn celebration of the Cyber Security Month, the National Defense College of thePhilippines (NDCP), in collaboration with the Office of the Vice President (OVP) andthe NDCP Alumni Association, Inc (NDCPAAI) launched a series of fora on CyberSecurity Awareness and Collaboration with the theme “Securing a Whole Wired World.”The event was held on 26 October 2011 at the NDCP Auditorium.The Philippines is never shielded from acts of cyber terrorism and cyber crimes. Thus,the objectives of the forum were: 1) to gather cyber security key players and stakeholdersin the country; 2) elevate awareness on what cyber crimes are to eventually control andconquer them; and 3) explore prospects for cooperation among the government, privatesector, academe, and the civil society. The forum was intended to provide a platform fordiscourse and collaboration among government agencies, private sector, academe, and thecivil society.The activity commenced with the keynote address from Vice President Jejomar CBinay followed by the three lecture sessions comprised of six experts who were tasked totackle cyber security from theory to practice; and a summary from Mr Abraham Purugganan,MNSA. The Vice President’s keynote address read by the DND Secretary Voltaire T. Gazmin,elaborated on the seeming paradox of cyber technology. It has made lives easier and, at thesame time, harder. Cyber security was deemed as an opportunity for interagency, inter-sectoral, and intergovernmental collaborations.Session One provided the current situation, challenges, and opportunities in thecyber space. It revealed the urgent need to boost cyber security awareness and capability inthe Philippines. Session Two emphasized the importance of public-private partnership inenhancing the cyber resiliency of the Philippines. It also explored the nature of cyber war andprovided foundations in crafting the rules of engagement in cyber warfare. Session Threegave a practical demonstration of how a computer virus can infiltrate industrial controlsystems and eventually impact the critical infrastructures of a country. The audience wasalso provided with practical tips in dealing with cyber attack.Overall, the discussions centered on the ever-changing nature of national securityas demonstrated by the dynamics in the cyber space. Through cyber technology, we sawhow countries flourished to become powerful nations, but we also witnessed how theybecome victims of cyber crimes, cyber terrorism and cyber warfare. In the end, collaborativeapproach remains to be one of the most effective ways of dealing with the evolving threatsin the cyber world.
  • 14. 14 ICT Development and Cyber Security ReaderII. Opening CeremonyWelcome Remarks by Fermin R de Leon Jr PhD, MNSA, President, NDCPDr. de Leon declared that discourses on significant issues to the society, such as cybersecurity, are always welcome in the NDCP. The College has always been providing venuefor enlightenment and understanding in the furtherance of academic freedom. Cognizantof the importance of cyber security awareness in national security, he thanked the OVPand NDCPAAI for partnering with the NDCP in organizing the forum. He considered theforum as a sterling contribution of the academe in seizing the opportunities and facing thechallenges the Information Age presents. He reiterated that developing cyber resiliency isnot a responsibility exclusive to the government nor the private sector. Rather it is a sharedresponsibility; everyone’s contribution matters.Keynote Address by Honorable Jejomar C Binay, MNSAVice President of the Republic of the Philippines and President & Chairman, NDCPAAI(Speech delivered by the DND Sec Voltaire T. Gazmin)Vice President Binay noted how the web has become an integral part of humanlife and an indispensible tool of governments, industries, and various sectors around theworld. However, he also emphasized how the internet dissolved boarders and how thebreadth and depth of valuable information on the Web has reached critical mass sendingnew breeds of criminals into a feeding frenzy.In 2010, South Korea sustained a cyber attack where 166,000 computers from 74countries jammed the web sites of banks and government offices. In the same year, ITsecurity experts unearthed a worm named Stuxnet. Unlike previous worms, Stuxnet did notprey on computers and networks. Instead, it compromised software that controls industrialmachines and could wreak havoc on facilities like power and water plants. He also citedthe 2011 Global Fraud Report of Kroll Associates, wherein, in 2010, electronic theft exceededthat of physical theft.Vice President affirmed that while the world reaped unfathomed benefits from theheightened interconnectivity among nations and industries, the borderless nature of thecyber world also presents a daunting challenge to everybody as all work to exist safely inthat realm. Currently, no single agency has the capability or mandate to match the scope ofthis threat and collaboration between public and private parties should remain one of thestrongest mooring points. He highlighted the importance of the private sector as a partnerin ensuring the cyber resiliency of the country. Many potential foreign investors in theIT field still have the genuine fear of suffering electronic threat offshore, without havinglegal recourse; the country’s e-Commerce law, being more than a decade old, is alreadyoutdated.Heencouragedpertinentagenciestoexploreavenuesforgovernment-to-governmentcooperation in terms of technology transfer with friends from North America, Europe andAsia. While technologies change, the Vice President is positive that collaboration shallremain the cornerstone of a sound national security response.
  • 15. 15ICT Development and Cyber Security ReaderIII. Plenary SessionsSession One: The Regional Cyber Security Landscape, Challenges, and StrategiesCyber Security and Governance by Atty Ivan John Enrile Uy, Former Chairman, Commissionon Information and Communications Technology (CICT)Atty Uy offered the latest cyber security landscape. He shared that presently, thereare 5 billion mobile phone users around the world; two billion of which are internet users.Out of the 2 billion, approximately 1.2 billion come from developing countries around theworld.He reported that online transactions have reached 10 trillion dollars worldwide.The amount of data processed or handled in the virtual realm reached 5 hexabytes in 2001-2003. Today, the cyber world produces the same amount of data in a matter of days. Radioreached 50 million in 38 years; television took it 13 years. Meanwhile, the internet reachedthe same number of people in 4 years time; Facebook did it in 3 months. This is how rapidthe internet covers and places its footprints across the world.Aspeopleincreasinglybecomeawareofwhattechnologycando,technologybecomesa source of challenge and a matter of security concern for governments. Governments are nowbeing obliged to match how the private sector, through information technology, efficientlydelivers services to the people. It is very apparent as many governments worldwide havebegun to deliver e-governance and e-services to their citizens. However, as informationtechnology becomes handier and more ubiquitous, more and more criminal minds wouldwant to exploit it.Cyber security concerns have significantly increased over the past years. Recently,Sony’s playstation network was hacked; 70 million accounts were put at risk. The very firstcyber warfare may have happened in 2007 when Estonia’s information infrastructure wasallegedly attacked by the Russian Government after Estonia decided to move the gravemarker of a Soviet-Russian hero. These recent events have moved the United States toestablish a cyber security command headed by a 4-star general in 2009; South Korea, GreatBritain and China followed a year later.When one speak of cyber security one usually refers to common cyber crimes (e.g.fraud, gambling, child pornography). However, there are another arenas that requiresadequate attention e.g., cyber terrorism, denial-of-service attacks, online espionage, andonline warfare. Such attacks may come externally or within.Information technology has change how the people live and how they act. It hasousted governments who have underestimated its ability to influence the mindset of thepeople (e.g. EDSA II and Arab Springs).Cybercrimes, Cyberterrorism, and Cyber Security Landscape byAtty Magtanggol B Gatdula, PhD, Director, National Bureau of Investigation (NBI) Atty Gatdula reported that the Philippines is now a haven of transnational organizedcrime syndicates due to the lack of capabilities and technical-know-how of law enforcersin the country. Quoting Director Sammy Pagdilao of the Philippine National Police–Crime
  • 16. 16 ICT Development and Cyber Security ReaderInvestigation and Detection Group (PNP-CIDG) he shared that cyber crime mafias, mostlyforeigners, have established bases of operations in the country. Cyber crime syndicateshave taken advantage of the organizational and technical incapability of law enforcers tofight cyber crimes. Because of great feats in information and telecommunications technology, thepublic is lured to exchange security over the convenience these tools offer. Being usefuland user-friendly, smartphones have become a typical person’s confidante in his dailyliving. However, due to the mass of personal data stored on these gadgets, most of whichare sensitive, these seemingly useful tools may become a source of vulnerability to theirusers. Today, the world experiences a dramatic increase of malicious software. Smartphonesserve as a window of opportunity to cyber criminals to access potential victims personaland bank details. With regard to cyber terrorism, Atty Gatdula believes that terrorism continues tosurvive because it takes different forms to match the changing times; this includes cyberterrorism. The information age has built a battle zone not only for good intentions but alsofor evil schemes. In the absence of clear national policy for information security and internetstructure stability, the Philippines is vulnerable to cyber attacks. The country currently lacksa well-defined strategy and clear national security policy to combat cyber terrorism. TheHuman Security Act of 2007 and the E-commerce Act of 2001 could no longer address theemerging and evolving challenges in information security.The vulnerabilities of developing countries continue to encourage terrorists toenhance their hacking skills. No matter how sophisticated the reporting systems of industriesare, they would all be rendered useless if the country does not have the technical capabilityto promptly and effectively respond. Nevertheless, vulnerabilities come with counteractionse.g., prevention, detection, and reaction. The task is mainly reaction; one can never alwaysbe proactive when it comes to cyber terrorism. One is blind of the next mode of attack.Amidst different modes of cyber attacks such as Stuxnet1, there is need to assessand address the vulnerabilities of the countries exiting infrastructure control systems (e.g.,MRT, LRT, traffic systems, dams, and wind mills) not only by the Philippine Governmentbut also businesses operating these industry control systems.Session One Open ForumA participant asked the speakers to personally identify the most probable andplausible cyber terrorism attack to the Philippines. Atty Uy opined that the countrycurrently has a lot of vulnerabilities in many areas which may all be potential targets ofattack. He particularly identified government websites which have recently become targetsof hacking and defacement. He agreed with Atty. Gatdula on the possibility of local criticalinfrastructures being points of attack.Another participant shared his experiences on receiving e-mails from unidentifiedpersons offering to launder money to the Philippines. He asked if the NBI has ever pursued_____________________1Stuxnet is a computer worm widely suspected to have been designed to target uranium enrichmentinfrastructure in Iran. IT experts concluded that the sophisticated attack could only have been launchedwith nation-state support.
  • 17. 17ICT Development and Cyber Security Readerthese scam authors. A former Chief of the NBI’s Computer Crimes Division said that agencylaunched several information drives against such scams. He also shared that the origin ofthese emails can be mostly traced in Africa. Because of jurisdictional considerations, theNBI cannot launch full pursuit operations against these scammers. Atty Uy shared that thePhilippines already have local versions of such scams.Session Two: Government and Private Sector SolutionsCyber War and Rules of EngagementDrexx Laggui, Principal Consultant, Laggui and Associates, Inc.The recent penetration tests initiated by the Land Bank showed how vulnerablethe network systems of Megalink and BancNet members are. Hired computer expertswere able to fully infiltrate their systems, allowing them to do fund transfers and hijackremittances.Recently, the information system of the International Monetary Fund waspenetrated compromising very sensitive data that could endanger the financial market.The hackers allegedly accessed the network system by targeting the Facebook account of anIMF employee. It is widely suspected that it was a government-sponsored assault. Cyberterrorists would break into online banking systems, still credit card information in orderto buy equipment that would carry out their terrorism plans. Through BSP Circular 542which requires banks to undergo penetration testing yearly, the public is ensured that localonline banking systems will survive in the event of cyber war. However, other industriesare still vulnerable. The energy, utilities, and the transport industries all use SCADA2intheir infrastructure control system. SCADA is the same system used by the Iran nuclearenrichment plants allegedly targeted by Stuxnet.Cyber war is a state-sponsored sabotage or espionage done before soldiers set footon the battleground. It is the “use of force” in the cyberspace that has repercussions in thephysical world. It is not directed against the military but the national economy which mayalso have serious implications in national security. In cyber war the rules of engagement(ROE) must be carefully crafted to minimize ambiguities that would delay responses whenuse of force is already required. When a country is engaged in cyber war the criteria forsuccess (or failure) must be defined. The scope and timeframe of the attack must be set.Targets that are far removed from military objectives (e.g. hospitals) must never be engaged.The impact of cyber weapons is unproven and unknown which makes their employment, inthe event of cyber war, a critical decision given to the Head of State. The health, welfare, andprivacy of the public must not be compromised. The reports, records, and data generatedfrom cyber operations must never be used for commercial gains.In crafting the ROE for cyber war, three challenges must be addressed–credibility,invocation scenarios, and attributions. The key to deterrence is to show that the nation hasthe capability to defend itself against attacks and, if necessary, to fight back (i.e., credibility).The Philippines should have potential escalation framework, where some instances couldinvoke cyber war, as part of a planning activity (i.e., invocation scenarios). There is alsoa need to beef up capabilities that would aid law enforcers to identify the face (or nation)behind the keyboard (i.e., attribution).__________2SCADA (supervisory control and data acquisition) refers to industrial control systems (ICS)-computersystems that monitor and control industrial, infrastructure, or facility-based processes
  • 18. 18 ICT Development and Cyber Security ReaderThe Philippines has a maturity level of 13when it comes to cyber war capabilities.The country has arcane laws, regulations, and ROE that hobble its capability to ensure itsnational security. Nevertheless, it has the potential capability to engage, sustain, and achieveobjectives in cyberspace.Public-Private Partnership in Cyber SecurityStephen Cutler, President and CEO, Official Global Control Corporation The world is facing the same transgressions as it did hundreds of years ago (e.g.,fraud and theft); the only difference is the speed of which they are committed. The stateand military security structures do not move quickly as policies change. Like any crimes committed in the real world, there is a need to differentiate the actsof crimes committed by a pathological criminal (which are felonious) and those committedby a pathological criminal but in charge of the state (e.g., Hitler and Stalin). It is critical todifferentiate acts of war and crimes. Educational institutions such as the NDCP may providelight in this important issue. Some people in the military believe that the private sector should protect themselves;the armed forces should protect the shores of the nation. However, in the advent of theinformation age, one may rarely see physical assaults as extensive as it was during theSpanish colonial era. However, at present, the private sector holds most of a country’snational assets. It is therefore, a responsibility of the military to protect them. One shouldtake a holistic view of national security. There is a need for public-private partnership and dialogue. There is a need to gatherstakeholders from the country and representatives from the international community as well.National assets (both public and private) must always be protected. Whether the country isfaced with invasion in the physical or the cyber world it does not matter; national assets willbe lost. Both the private and the public sector must contribute their utmost responsibilityand utmost capability in protecting their nation.Major General Jonathan Shaw of the British Cyber Command said that cyber attacksrepresent the greatest threat to national security. Cyber attacks affect everyone. Everyonetherefore must contribute in the protection against the danger cyber attacks impose. 80% ofthe threats are the result of poor cyber hygiene (e.g., the lack or relevant laws). Every nationmust utilize all multilateral and bilateral relations to ensure its cyber resiliency.Session Two Open ForumOne of the participants asked Mr Laggui if the Monroe Doctrine4is a sufficientframework to defend a nation’s security especially in the cyberspace. He also asked if thereis a need for further definition of cyber war to set it apart from cyber attacks. He wanted toknow from Mr Cutler how much should cyber security policies be flexible considering that_________3According to Mr Laggui, countries with Level 1 Maturity (i.e., Ad Hoc Level) have key stakeholdersas leaders championing management system of IT security.4The Monroe Doctrine is a policy of the United States introduced on December 2, 1823. It stated thatfurther efforts by European nations to colonize land or interfere with states in North or South Americawould be viewed as acts of aggression requiring U.S. intervention.
  • 19. 19ICT Development and Cyber Security Readerthe Treaty of Westphalia5no longer holds and the dynamics in the cyber world are ever-changing. In response, Mr Laggui shared that the cyber version of the Monroe Doctrine4allowed the US to identify its critical infrastructures and build up cyber resources to defendthese assets. Meanwhile, Mr Cutler said that the Treaty of Westphalia is one of the manyagreements that set up diplomatic relations among countries which lead to the nature ofinternational community the world has today. Another participant wanted to find out from Mr Cutler the level of internationalcooperation in cyber security the Philippines has today. Mr Cutler opined that thecountry’s progress is far from the state of cyber resiliency it needs to have. There is a lotof support from other countries (e.g., South Korea, Japan and the US). Other neighboringcountries (e.g. Thailand, Malaysia, and Indonesia) are doing well in enhancing their cybersecurity. Meanwhile, Mr Laggui shared that the local financial industry has very mature ITgovernance. Most of the banks in the Philippines have Level 3 Maturity6.Session Three: Cyber Security in PracticeThe Real Deal of Cyber Attack to National Critical InfrastructureChaiyakorn Apiwathanokul, CEO, S-Generation, LTD, Thailand It is a general belief that linking the industrial control systems to networks andinternet makes them more secure as it allows authorities to manage and control themanytime and anywhere from the planet. On the contrary, doing so only makes them harderto protect as anyone may access them using the right tools. In 2002, a nuclear power plantwas forced to temporarily shut down due to a computer virus. When an operator’s infectedlaptop was connected to the plant’s control system, the virus spread throughout the networkincapacitating the safety monitoring system of the plant. Operations had to be temporarilyterminated; there were massive blackouts for days. Industrial control systems are one of the most common targets of cyber attacks asthey manage and control critical infrastructures in a country (e.g., plants, transport system,traffic system, and dams). Control systems will always have weak points that hackers canexploit. They develop computer viruses to exploit such vulnerabilities, one of the mostrecent and ill-famed of which is the Stuxnet. The government tries to protect these criticalinfrastructures through rules, guidelines and regulations. Operators must comply withthese laws.Cyber Security: What to do in the event of Cyber Attack?Nebuchadnezzar S Alejandrino, Chief, DND Information Management Office There are three types of network system: 1) those that have already been attacked(e.g. the Vice President’s website); 2) those that are to be attacked (e.g. DND website); and_________5The Peace of Westphalia was a series of peace treaties signed between May and October of 1648 inOsnabrück and Münster. These treaties ended the Thirty Years’ War (1618–1648) in the Holy RomanEmpire, and the Eighty Years’ War (1568–1648) between Spain and the Dutch Republic, with Spainformally recognizing the independence of the Dutch Republic.6According to Mr Laggui, Level 3 Maturity (i.e., Managed Level) implies a systematic process ofhandling IT security and governance.
  • 20. 20 ICT Development and Cyber Security Reader3) those that are currently under attack. The manifestations of cyber attack are very difficultto discern. Hacking a network is very easy given the right kind of tools. Some resources areavailable online; anyone can be a suspect. There are even alleged state-sponsored cybercrimes. Dir Alejandrino divided cyber attackers into two–non-state attackers and stateactors. The former are individuals or organizations to include the Anonymous7. When an information system is under cyber attack, it typically hangs, unfamiliarimages appear on the computer screens and the system slows down. A network can bepenetrated whether it is online or offline. When connected to the internet, a system may getcompromised from media or documents downloaded from the web. When offline, a systemcan still be infected through manual transfers e.g., using thumb drives. In the Department,classified documents are kept isolated and offline to ensure their safety. In case of cyber attack, the most important thing to remember is to not panic. Gooffline immediately and report the incident to the local IT office and to the top management.Fortifying your defenses by establishing cyber security team proves to be useful. It isimperative to create a backup system for your network to ensure that operations will notbe seriously disrupted.Session Three Open Forum A participant asked Dir Alejandrino’s opinion on the security of cloud computing.Dir Alejandrino opined that cloud computing is not absolutely secure since one does notknow to where the data is stored or who may have access to it. Meanwhile, Mr Lagguiclarified on use of the term “security.” He said that in the business industry, being securemeans that the level of risks is acceptable vis-à-vis the operational requirements. A lot ofmilitary officials in the armed forces are exchanging data online via yahoo mail or g-mail.Mr Laggui does not recommend this as these data go to foreign computers. Security meanstrustworthiness. Trustworthiness means that one have the power to audit the system, verifythe controls, and see demonstration of its safety and capability. Another participant emphasized the incidences reported in the presentationswherein states allegedly sponsored conducts of certain cyber crimes. He then asked MrApiwathanokul and Dir Alejandrino’s view on whether these states can be considered asterrorist and if so, what crimes can be charged against them. Dir Alejandrino said that itis very difficult to associate acts of cyber crime sponsored by the state to acts of terrorismespecially if a state had done it so in the name of national security. Meanwhile, Mr Lagguiclarified that alleged state-sponsored cyber crimes are not typically called state-sponsoredterrorism but exercise of political will with cooperation from other countries. One of the participants asked the speakers’ opinion on the government usingopen source8 software in their systems. Open source software can be audited to ensurethat the software is free from tampering. With regard software auditing which allows usersto examine the source code of software to ensure that it is not tampered, Mr Alejandrinoinformed the audience that the Philippines does not have an existing relevant law. Mr Laggui_______________________1Anonymous (used as a mass noun) is a group, spread through the Internet, initiating activecivil disobedience, while attempting to maintain anonymity.
  • 21. 21ICT Development and Cyber Security Readeradded that software auditing is imperative as it ensures the safety and trustworthiness ofsoftware outsourced to handle the country’s critical infrastructure.Summary and Way Ahead Abraham A Purugganan, MNSAFormer Head, Task Force for the Security of Critical InfrastructuresMr Purugganan considers the cyberspace as the fifth battle space (in addition to land,air, sea, and space). It entails new rules, doctrines, and rules and regulations. We becomeincreasingly dependent on information systems. Since its beginning in the 1990’s, internetreaches 2 billion people worldwide.Online information and resources (both public and private) have become solucrative that they have become so inviting to criminal organizations as well as governmentand corporate organizations. The Information Age has empowered every citizen in theworld; however, it has also enabled criminal elements to do evil things to an individual,organization, even a nation. In response, countries are establishing both defensive andoffensive cyber capabilities.The Philippines has become a haven for cyber crime not only due to lack of technicalknow-how, and laws but also the lack of organized national effort. The country has existingcyber capabilities. The easiest way to wage a war is to launch a cyber war. Traditionalforms of war entail a lot of resources. Cyber war, on the other hand, only needs a computer,internet connection, and a little programming knowledge. The Philippines has one of thebrightest programmers but the country does not take advantage of this. The E-commercelaw cannot bring hackers to justice. Local advocates have been lobbying for a cyber crimelaw for nearly a decade.Critical infrastructure must always be protected. Once cyber terrorists got controlof them, government operations and national economy may get compromised. In cyberwarfare, it is very hard to identify the enemy. Consequently, it may take a long time tocraft an international Cyber ROE. Organized cyber crimes, both terrorist-lead and state-sponsored, are targeting defense industries because of useful information in weaponry andcrucial military secrets.Private-public partnership in the country has its challenges. For one, privateindustries are reluctant to report, to law enforcers, hacking incidences for the fear oflosing clients and investments. Nevertheless, the private sector holds most of the criticalinfrastructures in the country; partnership is imperative.It is also imperative for any information system to have standard countermeasures(e.g., procedures, protocols, and programs). In the National Cyber Security Plan, boththe private and public sectors are encouraged to build their protective systems robustly.Industries must invest in security and backup systems to minimize disruptions in operationin the event of cyber attack.In the coming years, all manual ways of doing things may get digitized. As the levelsinterconnectivity and interoperability increases, vulnerability also increases. In enhancingthe country’s cyber resiliency, there is no need to reinvent the wheel in cyber security. Thereare lot of existing models and programs; all that is needed is implementation.
  • 22. 22 ICT Development and Cyber Security ReaderIV. Closing CeremonyConcluding Remarks by Fermin R de Leon Jr PhD, MNSA, President, NDCPDr. de Leon expressed his gratitude to Vice President Jejomar C Binay and the DNDSecretary Voltaire T Gazmin for being ardent supporters of the Colleges endeavor to engagevarious stakeholders in academic discourses on many issues and concerns that matters tothe country to include cyber security. He also thanked the speakers for guiding the audiencein traversing cyber security from theory to practice. He shared that while listening to thepresentations, his belief about the contemporary way of living was reinforced. Indeed, asinformation technology moves forward peoples’ lives become easier but, at the same time,harder.Since access to cyber technology has become universal, it has empowered notonly the citizens of the world but criminal minds as well; evolution of technology broughtevolution of threats alongside it. He confirmed that cyber technology has its predicamentsbut he also affirmed that it presents opportunities to include inter-agency and inter-sectoral,and inter-state collaborations.He is optimistic that the activity was able to impart the knowledge, insights, andeven skills and values which will equip the participants in confronting the enormous andoverwhelming challenges of the 21st Century.# # #
  • 23. 23ICT Development and Cyber Security ReaderSecond Forum on Cybersecurity Awareness and Collaboration27 February 2012NDCP Honor Hall, Camp Emilio Aguinaldo, Quezon City“How Safe Is Your Money?:Rethinking Cybersecurity”
  • 24. 24 ICT Development and Cyber Security ReaderKeynote AddressRethinking CybersecurityHonorable Jejomar C Binay, MNSAVice President of the Republic of the PhilippinesSpeech read by DND Secretary Voltaire Gazmin during the Forum on “How Safe Is Your Money?:Rethinking Cybersecurity” held on 27 February 2012, 9 am, at the NCDP Honor Hall, Camp EmilioAguinaldo, Quezon City._______________________________________________________________________________Our topic this morning does not require all of us to be cyber experts. It merely requiresus to be especially attentive to the new and ever-expanding security environmentin cyberspace so as not to be left behind by fast-moving developments. We do not enter an arcane and unknowable world when we attempt to grapplewith the issues of cyberspace. But we need as much as possible to move at a pace equalto the speed at which scientific and technical innovation is taking place and the variouscyberspace actors are creating new situations for us to deal with.Security planners, as has been amply demonstrated elsewhere, have the burden ofshowing that cybersecurity does not have a military application alone.  It has an equallyextensive non-military application as well. Much of what we read about cyber warfare has little to do with cyber crime. There isa tendency on the part of the experts to distinguish sharply between the military threat andthe threat to law and order.  The distinction is often so sharply made that different agenciesare placed in charge of the one and the other, and they hardly relate to each other.   This approach is not always helpful.  It tends to ignore the possibility, or the fact,that many of those involved in cyber wars are also first involved in cyber crime; they couldin fact use cyber crime as their training ground for their eventual engagement in cyber wars. Some authors have established this link among many non-state hackers who were involvedin the Georgian and Gaza cyber wars.In cyber warfare, information weapons are used to attack state and military controlsystems, navigation and communication systems, and other crucial information facilities tocreate serious military and civil dysfunctions within a state. In cyber crime, they are used to attack critically important financial services—banking and credit card transactions, insurance, trading, funds management, and otherbusiness and consumer activities that are delivered online to various parts of the economy. It generates untold profits for the cyber criminals with little or no risk at all. Deterrence is always hard in both cyber war and cyber crime. It is easier to detectattacks in cyber war than it is in cyber crime, but correct attribution, after detection, maybe a lot harder in cyber war than it is in cyber crime. 
  • 25. 25ICT Development and Cyber Security ReaderIn cyber war, the target knows immediately when it has been attacked; in cybercrime, it sometimes takes a long time before a financial institution realizes that it has beenattacked. For instance, in 2009, the victim of the one of the biggest data breaches in us history,involving 130 million accounts, did not know that hackers had an uninterrupted access toits secure network until five months later.  This was but one of the many cases reported orunreported that year. In the past six years, according to one online report, US companies have reported 288other data breaches, which compromised at least 83 million records of private individuals. The cost to each individual usually runs high. Such cost is compounded when the sensitive nature of the victim’s business, likethat of a bank, prevents it from reporting the breach to the appropriate authorities as soonas it is discovered, or if and when the attacked institution or the appropriate authorities donot have the legal means to swiftly and adequately respond to it. In one famous case last year, a US senator demanded to know why Citibank tookabout a month to report a breach affecting his credit card account and that of some 360,000others in North America. The damage to the credit card holders was never disclosed, but the senator pointedout that the institution had a fiduciary and business responsibility to notify its customersabout the breach, so they could protect themselves.This particular incident prompted calls for stronger legislation requiring breachedbusinesses to notify their affected customers.  Thus far only 45 U.S. States have such breachnotification laws. Nothing similar exists in the Philippines.Of all transnational crimes, cyber attacks on financial institutions are said to beyielding the highest financial returns—— higher than those from drugs and arms smuggling,kidnapping for ransom, human trafficking, and others.   And no one has been prosecutedfor any of them.These high, risk-free returns are bound to encourage local criminals to exert a muchlarger influence on the cyberspace underground, just as they have done so in Russia, Japan,Hong Kong, the United States, among others.  This is where the real challenge lies.It is primarily a task for the law enforcers. There is an urgent need to intensify effortsat cyber crime prevention, detection and prosecution.  We need to have the correct andadequate laws to protect our financial systems and institutions and private individuals, butthese have to be supported with the appropriate and adequate facilities and manpower.Precisely because modern technology has made the financial services so sensitiveand vulnerable to every slight disturbance, we need the best laws and practices to ensurethe most reliable means to guarantee public confidence in our monetary system.  The Cybercrime Prevention Act of 2012, which has passed the senate, is a goodstart, but it barely scratches the surface and is just really a beginning. We need the most
  • 26. 26 ICT Development and Cyber Security Readercomprehensive cyber security laws to put us ahead of the most determined elements whospecialize in cyber crime.We also need to put good money into cybersecurity research, intelligence andanalysis, and to collaborate with the private sector whenever government resources arelacking in order to undertake such research and put it into practice for better cybersecurityof the financial services sector. This is vital to the interest of both the public and private sectors.For this reason, it could be a most suitable project for the public-private sectorpartnership program of the administration. Working together, the public and private sectors have an easier way of advancingthe state of the art in information technology and cybersecurity through innovations inmathematics, statistics and computer science, the development of measurements andstandards for emerging information technologies, and the deployment of I.T. systems thatare reliable, interoperable and secure.Together they also stand a better chance of protecting the physical and electronicinfrastructure of the financial services sector.These are just some of my thoughts on the subject.  I hope to learn more from theexperts at this meeting.   Thank you and good morning.# # #
  • 27. 27ICT Development and Cyber Security ReaderHighlights of the Second Forum on Cyber SecurityAwareness and CollaborationHow Safe Is Your Money?:Rethinking Cyber SecurityI. BackgroundThe Forum on “How Safe is Your Money?: Rethinking Cyber Security was held at theNational Defense College of the Philippines (NDCP) Honor Hall on 27 February 2012in collaboration with the Office of the Vice President (OVP) and the NDCP AlumniAssociation, Inc (NDCPAAI). The forum provided a platform for information disseminationand awareness to participants from government agencies, private sector, and the academe.Key persons were invited as speakers to expand security awareness and education as wellas ways to improve cybersecurity as a means to protect national security.The objectives of the forum were: 1) to promote awareness and advocacy campaign;2) to mainstream cybersecurity concerns among various sectors, and 3); to discuss andshare best practices in enhancing cybersecurity of various financial institutions. The forumis intended to serve as a platform to discuss and provide awareness and facilitate exchangeof knowledge and ideas on current status of cybersecurity in the Philippines and what canbe done to address current exigencies that are emerging because of the advancement oftechnology.In his opening remarks, Vice President Jejomar C Binay said that “there are newsituations to deal with” because of the threat to cybersecurity where there is “cyber warfarethat poses military risk and threat to law and order.” He emphasized that people who areinvolved in cyberwarfare must have first committed cybercrimes.” He defined cyberwarfareas activities in the cyberworld that have the potential to cause civil and military dysfunction.Cybercrime, on the other hand, may include attacks (e.g., data breach, disclosure of tradesecrets) against financial institutions to generate unlawful profits. Moreover, he highlightedthe need for an “accurate attribution to cyberwar and cybercrimes” because more often thannot it “takes a long time to ascertain when an institution is attacked.” The lack of relatedlegal foundation in the country has to be addressed because currently there is no legal meansto punish perpetrators unlike in the USA where there is a strong legislation for disclosuredue to the fiduciary nature of business especially in the financial sector”. It is an issue ofparamount importance because, no one has been prosecuted yet though cybercrimes arecommitted everyday. More importantly, cybersecurity encompasses a much larger influencebecause it is transnational. Consequently, there is an urgent need to intensify reports on cyberviolations, provide enabling laws and practices so that public’s confidence in the monetarysystem may be regained. The issue of cybersecurity is of vital interests to both private andpublic sectors; partnership is then necessary to eradicate the cybersecurity threats.
  • 28. 28 ICT Development and Cyber Security ReaderSix experts discussed the current practices in the Philippines regarding cybersecurity,its current status, development of products, and technological advancements today. SessionOne of the programme focused on the private and public sector perspectives of cybersecurityand how they have coped with the dynamics in the cyberspace. Meanwhile, Session Twofocused more on security measures taken by the companies which provide information andcommunication technology. The summary of the proceedings was done by Attorney IvanJohn Enrile Uy, Former Chairman of the Commission on Information and CommunicationsTechnology.The forum generally focused on public, private, and public-private initiatives tostrengthen cybersecurity with a particular focus on the financial sector. In addition, measureswhich can be taken by the public to protect themselves amidst the growing technologicaladvances today were also discussed.II. Opening CeremonyWelcome Remarks by Honorable Voltaire T GazminSecretary of National Defense(Speech read by Undersecretary Honorio Escueta)Sec. Gazmin focused on the expansion of cybersecurity awareness and education.He appealed to those present to contribute and do their part so that cybersecurity will bestrengthened. He emphasized the need for initiatives to improve cybersecurity for protectionof national interests and security.Keynote Address by Honorable Jejomar C Binay, MNSAVice President, Republic of the Philippines and President & Chairman, NDCPAAICurrently, there are no laws in the Philippines which deal with cyberwarfare andcybercrimes. The lack of pertinent laws poses threat to peace and order. He emphasized thatvaluable information, which is disseminated with the use of technology can possibly cripplecivil, military, as well as private institutions involved in the business of banking, financing,and insurance. Considering the dynamics of crimes committed in the cyberspace, VicePresident Binay urged the audience to work together to enhance security in the cyberspace.Vice President Binay affirmed that the issue of cybersecurity is of great importance due totransnational nature and more so perpetrators are not easy to pursue.III. Plenary SessionsSession One: Public and Private Sector Relationship and CybersecurityHow Do Banks Secure Information Assets? byManuel Joey A RegalaVP, Information Security Dept, Universal Bank President and Member, ISACA Manila ChapterMr Regala reported how finance institutions set up security measures to protecttheir client’s money. He stated that banks secure data, in digital form, which are valuableto the organization. He emphasized that assets are confidential. Banks have developed aformidable security module that recognizes that hackers now use improvised cameras thatenable them to see a potential victim’s personal identification number (PIN) to cash out the
  • 29. 29ICT Development and Cyber Security Readermoney from their clients. They also have improved their transaction receipts because now,it has marked account numbers to protect their clients. Banks, he said, have improvedtheir security by providing an in depth defense mechanism in layers. This protects dataand provides technical assurance that the risk of acquiring technological advancement withmaking banking easier will be managed. The mechanism includes the physical, host anddata security. He underlined that data security goes through the process of encryption,authentication and use of password in every bank transaction.Mr Regala also stated that check and balance is done by the banks in order to meetcertain standards and audit requirements set by the internal and external auditors of theCentral Bank of the Philippines. Banks have also established security measures that consistof a perimeter network, operating system, application layer and final core. He said that theinner core is the “holy ground” of the security system of banks and that the host hardens theoperating system so that hackers won’t be able to penetrate the system and thus, effectivelyprevents intrusion. The system also protects itself from virus and has audit locks. This allowsbanks to ensure the safety of their client’s money. Moreover, Mr. Regala emphasized thatauthentication is vital and that they have encrypted one time passwords, automatic timeout,digital certificates, and tokens to ensure that cyber banking is secure. His recommendationis to promote awareness for cybersecurity to enable human factors, interlinkages, culture,governance and support to come to fruition and strengthen cybersecurity.Cybercrime and How It Affects National SecurityRear Admiral Vicente Agdamag, AFP (Ret)Deputy Director General, National Security Council (NSC)Admiral Agdamag’s presentation was about the role of the public sector withregard to cybercrime and the importance of cybersecurity as a national security issue. Thefirst known incident that gave rise to the threat to national security in the Philippines isthe “love bug” that damaged over 12 billion dollars worth of computers. There are alsoinsurgences of cyberterrorism activities that attacks computer networks and ultimatelydestroy infrastructures. He noticed that there is lack of training with regard to cybersecuritythat the national security is threatened. There is no information system on how such attackscan be dealt with.Moreover, there is no legal regime upon which cybersecurity measures can easily bedistinguished and established. There are still questions on how to acquire jurisdiction andevidence. There is an urgent need to provide for laws that are apt to the current situationand threats to cybersecurity. There is even a development of HB 1246 Anti-cybercrime Actof 2011. It is wise to remember that the policy of the state is to undertake steps towards theenhancement of the Filipino people. Their welfare, protection of sovereignty, and protectionof national territory must be taken into consideration.The state must continue to pursue regional cooperation in cybersecurity. In fact, thestate has mandated that there should be five (5) groupings, which is divided into politicalgroup, diplomatic group, economic group, information group and military group. Thepolitical group will be led by Department of Interior and Local Government; the diplomaticgroup, by the Department of Foreign Affairs; the economic group, by the National EconomicDevelopment Authority; the information group, by the Communications department bythe Office of the President; and the military, by the Department of National Defense. He
  • 30. 30 ICT Development and Cyber Security Readerstated that the way forward is through information exchange, emergency response, researchactivities, and continuing efforts to combat threats to cybersecurity.Open Forum (facilitated by Atty. Ivan John Enrile Uy)Mr. John Ruero ISACA, ISA, and Philippine Society of IT Educators membercommented that the academic sector was not represented in the presentation of the publicsector. Admiral Agdamag, said that there is an assessment card where they are pushingfor manpower development and human resources. The factors that were taken intoconsideration were legislation, budget, infrastructure, and equipment.Nathaniel Marquez of RC 46 asked if the government has come up with a nationalpolicy regarding information and types of information that needs protecting. AdmiralAgdamag affirmed the need of this kind of policy not only as data management but alsoto increase awareness because information is now used as weapons to destabilize nationalsecurity. However, he said that as of now such policies are just being developed.DOJ Response to the Challenge of CybercrimeASec Geronimo L. Sy, Planning and Management Service, Department of JusticeASec Sy talked about the DOJ Response to the Challenge of Cybercrime. He talkedabout how cybersecurity is an encompassing concept where cybercrime is only a part of it.He thought that Senate and House Bills should include criminal reforms on crimes committedin the virtual world and should not be left to the information and technology committee. Healso talked about the legal and technical competency of members of the proposed committeeto ensure that laws meet global requirements. Moreover, he tackled the issue as to howlaws should enumerate and distinguish each of the cybercrimes punishable under our lawso that the DOJ can validly respond and propose a change in the Rules of Court to admit aprocedure for cybersecurity violations.Open ForumDrexx Laggui a computer forensic expert posed the question as to when one shouldstop electronic discovery and what are the existing guidelines and limitations. ASec Syanswered that in Brussels, Belgium it takes 3-6 months for forensic investigation and atpresent, it is still a global problem that needs to be addressed. There has to be changes withthe Rules of Court regarding procedure and at the moment, the DOJ is training prosecutorsready to try cyber cases.Ms. Cristina Exmundo, MNSA RC 47 student, said there are international laws thatregulate war. She asked if it was also the case for cyberwarfare. ASec Sy shared that in theUnited States there is a scale that could amount to cyberwarfare. In the Philippines, thelaw is still in the development phase. General Ozeta posed the question as to what is thegovernment policy on information and who is the manager of such information. ASec Syanswered that the DICT bill intends to give focus on the information anchor. He also saidthat the government is generating information for knowledge and guidelines. Althoughthe DBM has the power of purse, there should still be check and balance with regard tothe budget allocated for cybersecurity measures. LtCol. Roxas of Naval Plans Office askedwhether the information warfare capability as a hacker and as a deception device can be
  • 31. 31ICT Development and Cyber Security Readerused in the military. ASec Sy answered that there is a multiple track approach and thatthere is no such policy yet because focus is more on physical equipment for the military. Healso said that information policy should be relative to the national security policy so that itcould be used as input into national defense.Dr. Lemuel Braña, UP Professor and advocate of information security identifiedspecific problems, which are coordination and management and lack of standard to protectgateways or websites. ASec Sy agreed and said that the problem is human agency andthere are vulnerabilities in the concept of cybersecurity which pose the question as to whois going to do it.Dir. Nebuchadnezzar S. Alejandrino, Chief, DIMO asked Mr Regala to rate thestatus of cybersecurity in the Philippines. Mr Regala, said that he agreed with ASec Sy thatwe are in the low level. However we are using “stealth technology” which is in a defensivemode and he considers this a great start for cybersecurity. Dir. Alejandrino asked ASec. Syas to his legal standpoint on the need for a homeland security agency. ASec. Sy answeredboth yes and no. He said yes because there is a need for a coordination but he also saidno because we do not need another super agency. He said that what we need is a “webapproach” which is resilient for technological problems. He was asked if there are plansfor homeland security; he said there is no DICT yet.Dir Alejandrino asked Vice President Binay for policies to address the issue offoreign countries training students to hack. The Vice President said there is no need to put aspecial body to do task like that; what needs to be addressed first is coordination to facilitatecollaborative, multi-agency effort. The coordinating officials must have moral ascendancy.Lieutenant Feliciano shared that after training the police to highly technical experts theyare tempted with more lucrative jobs in the private sector. In connection, he asked whatthe government current retention plans are. ASEC Sy answered that the qualificationstandards of Civil Service Law should be abolished since it has been promulgated in the1960s and no longer covers jobs, which involves technology. He said that there should beresults based governance.Mr Dan Crisologo, a former head of Cybersecurity of NBI, and is currently a memberof the ICTO shared that the government has allotted one (1) billion pesos for cybersecurityto implement Executive Order 47.Session Two: Technical Specifications in Ensuring Cybersecurity in Gadgets andOperating SystemsiOS Security, John Andrew Lizardo, Training Supervisor and Professional Business UnitApple (PowerMac Center)Session Two focused more on the technicalities of how security measures have beenundertaken by various companies to adapt to the concept of cybersecurity. The first presentorwas Mr. Lizardo, which focused on the security features of the iPhone Operating System oriOS. The Layered security of iOs covers device security, data security, networking securityand application security. In device security, the operating system has passcode, policies,and device restrictions. Passcode policies require passcode on device, allow simple value,require alphanumeric value, minimum passcode length, minimum number of complexcharacters and minimum passcode age.
  • 32. 32 ICT Development and Cyber Security ReaderFurthermore, a 256-bit AES hardware protection is always on all data. In dataprotection, there is a five-level encryption and mail and third party application. With regardto network security, encrypted network traffic, strong authentication, and end-to-endencryption in Message and Facetime. Application Security includes mandatory applicationsigning, sandbox applications, encrypted keychain, security framework for developmentand managed application via Mobile Device Management (MDM). The MDM capabilitiesare to install and remove configuration policies, query devices, manage application, remotewipe and lock and clear passcode. However, in order to utilize the MDM, the user shouldbe enrolled to it. If the user has already enrolled to MDM, he can perform authentication,certificate enrollment and device configuration.IT Security Best Practices for Windows PlatformFreddy Tan, Cyber Security Strategist, Microsoft AsiaMr. Tan’s presentation started with addressing the question on who holds theresponsibility and accountability in cybersecurity which is very important. He said thatFilipinos are adapting Information Technology (IT) and that is a good sign. However, thecountry ranked 85 in 2010 and 86 in 2011 in Network Readiness. The ranking implies that thePhilippines is not equipped in terms of networking. He mentioned that cyberwar, sabotageand political change are the threats in cyberspace. He also stated that a malware programlike Stuxnet, a computer worm, is commonly used as a weapon to destroy the system.With respect to Microsoft security, he admitted that there are wide operatingsystems (OS), browsers and applications vulnerabilities and that Windows XP is the mostinfected OS. Therefore, if the user wants security, he should discontinue using XP andupdate the machine or the OS. He recommended that users have to buy the Windows 7- 64bit if they want security. He opined that a well-managed secure infrastructure is the keyand there should be a standard operating environment such as the US Airforce Standarddesktop. Microsoft has rights management services, which include bit locker, networkaccess protection, etc.Android SecurityCharo Nuguid, Java and Android Training and Development ConsultantCo-Founder, MobileMonday ManilaThe presentation focused on Android Security Model, user behavior vs. permissionsand best practices. The security features of Android are as follows: 1) Security at OS levelthrough linux kernel; 2) Mandatory application sandbox for all applications; 3) Secureinterprocess communication; 4) Application signing and; 5) Application-defined and user-granted permissions. It was discussed that Application Program Interface (API) may onlybe accessed by explicitly declaring permission. Based on a survey they conducted, 17%looked at permissions before installing and 56.7% do not install because of permissions. Thesurvey wanted to show that an application security is still dependent to the user.The best practices to secure the files are: 1) Use Android SDK instead of nativecode; 2) users should only ask for needed permission; 3) do not load code from outside theapplication; and 4) use authorization tokens instead of storing usernames and passwords.Data storage was also discussed. Data storage is divided into internal storage andexternal storage. In internal storage, files created are only accessible by the application that
  • 33. 33ICT Development and Cyber Security Readercreated it and local files may be encrypted as additional security for sensitive data. On theother hand, files created on the external storage are globally accessible and readable. Inaddition, data storage by content providers provides a structured storage mechanism thatcan be limited to the applications or exported to allow access by other applications and itis exported for use by other applications by default.Open ForumWhen if there are any efforts on the part of the providers to make settingsunderstandable for them, Mr Tan answered that there are two sides of the coin— if aperson is not technical and they experienced technical errors, they should look for peoplewho had experienced the same error and let them fix it. If a person is technical, on theother hand, they do it themselves because they understand it and can configure it on theirown. Mr Lizardo answered the question by saying that there is online support i.e., where it is a knowledge base forum for all apple users to find the best practicesin configuring apple devices. Ms Nuguid on the other hand said that everyone can accesswifi and the network – these facts are known to the developer. However, there are stilldefinitions or descriptions that are not for everyone to understand. What one can do is totell their contacts at Google that everyone has a problem with this configuration and thatthere is an error. This error is due to the fault of the developer and it is the obligation ofusers to let the developers know so that they can be conscientious enough to know whatcould happen and what the user could do.Dir Alejandrino asked Ms Nuguid if she would recommend android for militaryusage. Ms Nuguid answered that it is good enough for military usage and that securitydepends on the user because the user should be conscientious enough to notice that there areapplications which access data that it shouldn’t be accessing. Security, ultimately, dependson the person holding the device. Dir. Alejandrino further asked if it could do telepresence(video conferencing). Ms Nuguid answered that it depends on the device you are using ifit supports such applications. Usually such devices that support telepresence are ones thatcomes with two cameras.Dr. Diaz of MNSA Class 47 asked the speakers to expound on standardizing theoperating system. Mr Tan answered that it is due to the Standardization of Global Policiesor GPO. There is already a password, which is a form of configuration of the machine. Itis also up to the user to install applications or to change firewall settings. The concept ofstandardization, which the US government is planning to publish, is being able to manageall types of desktop regardless of its type.Eugene Galang, ICTO, NDCP, asked if the companies they are representing ask helpfrom ethical hackers to test newly developed systems before launching them. Ms Nuguidsaid that ethical hackers are those who get in the system, would tell the company what theyshould have done but they do not get paid. Usually ethical hackers remain anonymous.Unlike in the company of Oracle, they employ really good hackers to test their system. MrLizardo said that in Mac they have a developer system, which functions as a communitywhere they sample codes for an operating system and then they give feedback. They testout compatibility issues and try new applications. This minimizes the attack that no suchhacking would be done so long as one registers as a developer with them. Mr Tan said thatthere was a time when Bill Gates sent his employees back to school so that there would be
  • 34. 34 ICT Development and Cyber Security Readera security development project team. This enabled Microsoft to stay on top of its game.One participant asked, if the rival companies know the strength and weakness ofeach other and if they help each other to improve themselves? Ms Nuguid confirmed thisbut clarified that it is in an indirect manner because they get tips from the others throughlatest platforms each one launch. Mr Lizardo said that, Apple has provided others with tips.For example in 2006, there were a lot of improvements such as permissions and there wereheads up from competitor companies. It has been Apple’s vision to have a peaceful co-relation with them. Mr Tan provided that programs provide information to other technicalcommunities and that there is an MSDR, which is a research to disclose third party softwareto other companies. A participant further commented that they all share same information,same vulnerability and so everyone could address it.SummaryAtty Ivan John Enrile Uy, Former Chairman, Commission on Information and CommunicationsTechnology (CICT)Atty Uy said that there should be collaboration from both public and privatesectors to ensure that national security through cyberspace would be protected. As his lastparting words before he gave the floor to Dr De Leon for his closing remarks, he said thatit is everybody’s duty to uphold and spread awareness for cybersecurity because we allshare cyberspace as an information highway and therefore, we all have a stake at keepingit safe.IV. Closing CeremonyConcluding RemarksFermin R de Leon Jr PhD, MNSA, President, NDCPDr De Leon thanked Vice President Jejomar C Binay for the unrelenting support tothe growing concern regarding cybersecurity. It is indeed important to know how to keep ourmoney safe because we have worked hard for it. It is our endeavor to disseminate informationto ensure cybersecurity so that there would be no cyberwarfare and cybercrimes. Everybodyis involved in this because it is an issue that involves national security. Therefore, thereshould be cooperation and collaboration among public and private sectors to ensure thatthe threats would be addressed and ultimately, perpetrators would be held accountable.Moreover, he said that cyberspace is common to everyone and affects everyonebecause there is already a holistic view on national security and therefore, these informationand assets vital to the national interests must be protected. Dr De Leon hoped that theforum enabled the participants to have new insight and knowledge that will allow them todisseminate information and awareness to confront the challenges posed by cybersecurityissues.# # #
  • 35. 35ICT Development and Cyber Security ReaderSeminar-Workshop on Cybersecurity6-8, 11 June 2012Honor Hall, NDCP, Camp General Emilio Aguinaldo, Quezon City“Towards Information, Communicationand Technology Development (ICTD) andCybersecurity Enhancement”
  • 36. 36 ICT Development and Cyber Security ReaderOpening RemarksICT Development and CybersecurityEnhancementUSec Benjamin E Martinez Jr.Chief of Staff, Office of the Vice PresidentRemarks delivered during the Opening Ceremony of the Seminar-Workshop Towards Informationand Communications Technology Development and Cybersecurity Enhancement held on 6-8, 11June 2012 at the Honor Hall, NDCP, Camp General Emilio Aguinaldo, Quezon City._______________________________________________________________________________Dr. Fermin R De Leon, Jr, President of NDCP, RAdmiral Roberto Estioko, ExecutiveVice President of the NDCP Alumni Association, Inc., distinguished speakers,participants to this seminar-workshop, guests, participants, ladies and gentlemen,a pleasant good morning.It is both an honor and a privilege to be with you today, as we open our, “ICTdevelopment and Cyber security enhancement” workshop.For the next three days, Subject Matter Experts shall provide us a wide spectrumof the cyber infrastructure enhancement and threats, from global crimes, terrorism,forensics, to its implications to our office and country. I advise you, to open your minds,solicit questions, proactively participate, and I assure you, you will gain enough, if notexceedingly.This venue, I believe, is most apt for us, as stakeholders, to come together andaddress the enduring problem we face. As our country continues to rely on technology, wehave become no stranger to cyber crimes and cyber activism. We must recognize that ourinfrastructures and processes are now heavily dependent on Information, CommunicationTechnology (ICT) specifically the internet; hence, we are vulnerable to threats as well.In our region, just April this year, during the height of the Scarborough Shoalstandoff between the Philippines and China, the University of the Philippine’s portal wasdefaced which left a map of China on the main page. In retaliation, some suspected Filipinohackers strike back by also defacing Chinese websites. In the end, the incident left littleroom for prompt, amicable, and diplomatic agreement and eventually, only intensified thetension between the two states.The borderless arena of innovation has become a key player in developingmultilateral ties and diplomatic relations among nations.In the business sector, with the high growth of the business process outsourcing(BPO) industry and its gross economic contribution to the country, securing the ICTinfrastructure is most crucial. Potential cyber attacks are rendered detrimental to thebusiness continuity of BPO operations. Our BPO establishments’ resilience to cyber attacks
  • 37. 37ICT Development and Cyber Security Readeror lack thereof, shall project what image our customers and competitors in the globalmarket will see.Also, let us not forget our ethical and moral standards against cyber prostitution.Though millions or billions of dollars may be lost through cyber attacks, and denial-of-service attacks, the emotional and psychological damage cyber prostitution can have onpeople far exceeds such monetary damages.The internet and the cyberspace must always be treated with utmost care anddiligence; we must protect it to protect our people. It is with this, that collaborationand cooperation between private and government stakeholders in reinforcing our cybersecurity threshold becomes our prime goal.There may still be much work cut out for us, to become a technological powerhouse.Yes, we may be constrained by financial adequacies. But more than that, we need to answerquestions like-- what should be our National Vision on ICT and Cybersecurity? Where weare now on ICT development and Cybersecurity? What can be done now or what are thenecessary first steps to be done? I don’t have all the answers to these few questions.But the fact remains that for as long as we are here today and for the next fewdays, our adaptability and love for technology compel us to contribute to this nationaland global effort in fighting cybercrimes, strengthening cybersecurity, and enhancing ourinformation and communication technology.We can only effectively push forward and strengthen our cyber environmentthrough coordination and collaboration among all stakeholders. Rest-assured, our effortswill bring us far.Maraming salamat at mabuhay!# # #
  • 38. 38 ICT Development and Cyber Security ReaderHighlights of the Seminar-Workshop on Cyber SecurityTowards Information, Communicationand Technology (ICT) Development andCybersecurity Enhancement____________________________________________________________________________________________________________________________________I. BackgroundThe National Defense College of the Philippines (NDCP), in partnership with the Office ofthe Vice President (OVP) and the NDCP Alumni Association Inc (NDCPAAI) conducteda seminar-workshop entitled “Seminar Towards Information and CommunicationsTechnology (ICT) Development and Cybersecurity Enhancement” held on 6-8 and 11 June2012, 8:00AM- 5:00PM, at the NDCP Honor Hall, Camp Gen Emilio Aguinaldo, QuezonCity.The four-day seminar, designed for executives and senior managers in thegovernment and private sector, and senior military and police officers, aims to provideparticipants with a comprehensive understanding of cybersecurity from managementto technology aspect. Intended for 60 participants, the seminar is rigorous, dynamic andinteractive utilizing a combination of classroom-based lectures and learning events.Leading experts and practitioners from the industry were invited to speak includingDr Stephen Cutler of the Official Global Control Corporation, Mr Angel Averia and MrAlberto Dela Cruz of the Philippine Computer Emergency Response Team (PhCERT),  DrLorenzo Clavejo of the National Security Council, Mr Simoun Ung of the Philippine VeteransBank (PVB) Card Corp, SI-III Joey Narciso of the National Bureau of Investigation (NBI),Dir Raymond Estioko of the Bangko Sentral ng Pilipinas (BSP), Mr John Abraham Rueroof the Information System Security Association (ISSA)– Manila Chapter, Ms Janette Toralof the Philippine Internet Commerce Society and PCInsp Felizardo Eubra of the PhilippineNational Police (PP). A total of 65 participants from various government agencies and privatecompanies participated in the said seminar. Among the agencies represented include theArmed Forces of the Philippines (AFP), Philippine National Police (PNP), Commissionon Elections (COMELEC), Department of Environment and Natural Resources (DENR),Senate of the Philippines, National Security Council, Department of Health (DOH), MetroManila Development Authority (MMDA), Department of Science and Technology (DOST),Department of Tourism (DOT), Department of Trade and Industry (DTI), Office of thePresident (OP), Department of Interior and Local Government (DILG), Bangko Sentralng Pilipinas (BSP), Office of the Vice President (OVP), Philippine Public Safety College(PPSC), Department of Energy (DOE) and the Department of National Defense (DND).Furthermore, private companies and international organizations represented include De LaSalle University (DLSU), International Organization of Migration (IOM), Zperia and AsianInstitute of Management (AIM).
  • 39. 39ICT Development and Cyber Security ReaderII. Plenary SessionsDay 1: June 6, 2012Session One: Cyber War and Cyber Terrorism, Stephen P. Cutler PhDCyberspace as defined by the speaker, a global domain within the informationenvironment consisting of the interdependent network of information technologyinfrastructures, including the Internet, telecommunications networks, computer systems,and embedded processors and controllers. Today, our nation faces an evolving array ofcyber-based threats arising from a variety of sources. These threats can be classified asintentional and unintentional. Intentional threats are those attacks which come from differentsources such as hackers, criminal groups, and terrorists. However, unintentional attacks arethose caused inadvertently by the disrupt system such as defective equipment and systemupgrades. Thus, securing one’s nation against these evolving cyber-based threats dependsentirely on the enhancement of national security and national defense strategy.The growing trend of cybersecurity is leading towards the increase of diversecriminal elements. These are the spamming, identity theft, dispersal of virus/worms,several types of fraud schemes, attacks on servers/systems and the like. Hence, the speakerclearly emphasized on the use of cyber space as a tool to commit crimes. This kind of threatcontinues to emerge and is rapidly changing. Given the situation occurring now, the nationshould double its efforts in combating the continuous transmission of malevolent attacksin the cyberspace.In order for a nation to succeed and prevent the disaster that cybersecurity imposes,the speaker proposes that it should begin with a competitive plan for recovery, clear policies,strong foundation of leadership, diplomatic and economic efforts, strong and solid alliancesand cooperation among the government, military and the private sector.Session Two: Philippine Cybersecurity: General Situation Angel Averia Jr.Cyberspace and the internet are interrelated. The speaker has shown a conceptualview of the cyberspace ecosystem divided into 5 categories: geographical location, people/users, internet identities, IP addresses, and networks. Business relations and social interactionincrease rapidly with the use of the internet as a tool to communicate. This new trend thatthe cyberspace executes leads us to a new global culture, which, on the other note bringsharm and increase in the volume of sophistication of malevolent attacks.At present, the Philippine ICT is continuously enhancing its defense againstcybersecurity. It has adopted several transformations such as migration to cloud services,increase in the use of social networks, rise of mobile devices and active internet exchangesoperated by Telcos. But alongside with these changes, the country is vulnerable to cyber-attacks as discussed by Mr. Averia. He has presented several recorded incidents of identitythefts, hacking, scamming, harassment, estafa/fraud extortion, pornography and webdefacement attacks from 2011 up to present. Furthermore, he also discussed the recentlycyber-attacks in the Philippine government websites.
  • 40. 40 ICT Development and Cyber Security ReaderThe method of cyber-attacks has grown over the years. It has become more organized,aggressive, well-resourced and extremely sophisticated. The Advanced Persistent Threats(APT) is a long-term pattern of targeted attacks aimed to disrupt the information systemof the government, financial and industrial institutions, information security agencies,and research firms. On the other hand, the adversaries are nation-states, terrorist groups,criminals, hackers, and individuals or groups with the intentions of compromising theentire system.The speaker also presented a risk assessment of the national security of thePhilippines towards ICTD and cybersecurity. He therefore suggests that the Philippinesmust have a central authority that will solely adhere to the issues of cybersecurity. Thenation should also have comprehensive programs and preventive measures as well as aneffective framework to fully address the possible cyber related threats and attacks in thefuture. Lastly, the speaker suggests to make cybersecurity a “national security” concern.Session Three: Cyber Crime: How it Affects National Security Lorenzo Clavejo, DPAThe Philippine cyberspace, as discussed by the speaker, is composed of cyberinfrastructure such as transportation, information and communication, administration,banking and finance, education and distribution. These elements are indeed vital to thegrowth of the nation but are also vulnerable to threats. He cited the importance of bankingand finance, as it is highly dependent on cyberspace.Threats to the financial systems will have dire consequences for a nation’s abilityto operate effectively and efficiently. Transportation system is likewise important. The vastmajority is managed by networked computer systems. Terrorists and/or criminals normallycommit crimes using a transportation system or in areas where people can collectively bediminished.Dr. Clavejo also discussed about the different cyber related incidents in thePhilippines and focuses on the Oplan Bojinka that was successfully terminated by thePhilippine National Police. Oplan Bojinka was a plan of Al-Qaeda in 1995 to simultaneouslydestroy 11 passenger aircrafts over the Pacific Ocean. The Al-Qaeda group used a laptopcomputer which contained encrypted messages that could not be read by the police orintelligence officials. With the said incident, the use of computer forensic and computerinvestigation were indeed critical and vital.The cyber world evolves swiftly, as we get to introduce to the new technology, weshould also have preventive measures for possible outburst of threats and cyber-attacks.Furthermore, the speaker suggests that the government should pursue a bilateral andregional cooperation to combat cybercrimes.Session Four: Introduction to Cyber Crime Investigation PC Insp. Felizardo Eubra, PNPAs reported by the Philippine National Police, the Philippines is now a haven fortransnational cyber-crime. This type of crimes includes cyber pornography, illegal onlinegambling, credit card fraud and identity theft. Due to the absence of a comprehensivecyber-crime law, there is a difficulty in establishing offenses to perpetrators and violators.Likewise, it is evident that the prosecutors and judicial body are unfamiliar and incapable
  • 41. 41ICT Development and Cyber Security Readerto combat cybercrimes. At present, the Philippine Department of Justice together withthe United States Department of Justice conduct region wide training to prosecutors toimprove their knowledge and technical skills in investigating cybercrime. Also, the CIDG inpartnership with the National Bureau of Investigation are tasked to be the resource personsthat facilitate trainings of cybercrime.Today, the growing trend of cybercrimes intensifies by the use of sophisticatedtechnology. The PNP, particularly the Criminal Investigation and Detection Group (CIDG)are lagging behind in terms of training and equipment. The speaker has mentioned thatmost of their equipment used for investigating cybercrimes came from the United Statesas their donation.With the cyber threats rapidly increasing in the country, the PNP-CIDG iscontinuously enhancing their organizational and technical skills by undergoing severalcapacity and capability trainings. PC Insp. Eubra mentioned that the PNP-CIDG hadreceived a total of 23 trainings from the U.S. Department of State, Anti-Terrorism AssistanceProgram, ICE, FBI, secret service in the field of cybercrime, white collar / financial fraudinvestigation and digital forensic examination. While, other trainings were sponsored bythe INTERPOL, and other police counterparts globally.Session Five: Introduction to Computer Forensics Joey NarcisoComputer forensics as defined by the speaker is the process of identifying,preserving, analyzing and presenting digital evidence in a manner that is acceptable in legalproceeding. It is a procedure combined and accepted by law and computer science thatgather evidences and analyze data from the computer system. Furthermore, it is an in-depthprocedure that delineates and examines the evidences presented for a cybercrime.The speaker discussed five steps in conducting and examining computer forensics:Policy and procedure development, evidence assessment, evidence acquisition (chainof custody), evidence examination (analysis of digital evidence), and documenting andreporting.As per cybercrime investigation, the speaker believes that the country can somehowadminister it. However, in terms of computer forensic, he believes that we are still incapableas we are lack of tools and computer forensic experts. Most of our equipment is only donatedby the US FBI and each tool costs an enormous amount of money. Moreover, comprehensivetrainings and certification is needed in using these tools for computer forensic.In assessing the evidences, it should be thoroughly assessed with respect to the scopeof the case to determine the correct course of action. It is highly done through the conductof a thorough assessment by reviewing the search warrant or other legal authorization, casedetail, nature of hardware and software, potential evidences ought and the circumstancessurrounding the acquisition of the evidence to be examined.Session Six: Cyber-security: Perspectives on AttacksJohn Peter Abraham Q. Ruero, PhD-Candidate, MSIM, ECEVP, Information Systems Security Association (ISSA) Philippine Chapter A lot has been said about cyber attacks—from simple website defacement to actualmalicious activities like hacking, phishing, malware infection, and social engineering.
  • 42. 42 ICT Development and Cyber Security ReaderThere are multitude of ways to gain access into computer systems without the approvalor knowledge of systems and network administrators. These malicious hackers, knownin cybersecurity world as black hats, use their technical skills either for financial gain,recognition, bragging rights, entertainment, and, more recently, the use of the Internet topromote a particular political, religious, social or scientific cause or ideology. Per 2010-2011 Computer Crime and Security Survey Report, malware (i.e., malicioussoftware) continued to be the most commonly seen attack, with 67.1% respondents reportingit. Meanwhile, the Symantec Internet Security Threat Report Trends revealed that Brazilranked third behind US and China in malicious activity in 2009. US, Indonesia, the SlovakRepublic, Malaysia, and Poland had the most number of cyber attack victims. Most of thetargeted ones were focused on enterprises. The top Web-based attacks primarily targetedvulnerabilities in Internet Explorer and applications that process PDF files. Though cyber attacks may come from all fronts at any time, there are some methodsthat can be employed to minimize to secure one’s computer, one of which is the PDADapproach. PDAD approach uses three-step process to fortify a computer system’s defenseagainst attacks: 1) protection of critical information and technology infrastructure throughthe use of tools and software; 2) use of security analytics software, forensics, and deepanalysis down to the packet level to track down malicious codes; and 3) Active Defense,intelligence tools and techniques to anticipate attacks. There should be exchange of IT andsecurity best practices. IT security must be the core of awareness campaigns, training, andcurricular reforms. Laws, policies, and regulations concerning cybersecurity need to beevaluated for their influence on how people use or misuse electronic information. Securityultimately is everybody’s business.Computer forensic has three major phases: The acquisition phase, analysis phaseand presentation phase. The acquisition phase deals on acquiring all the physical evidencessuch as the computer and other related materials to the crime. This will undergo a rigorousverification of files in order to extract all digital evidences for analysis. On the other hand,analysis phase deals with the physical and logical extraction of the digital evidences. It isthen followed by a deeper analysis of the extracted data including the timeframe analysis,data hiding analysis, application and file analysis and ownership and possession. Lastly,the reporting phase is when all evidences has been analyzed and examined. The examinermust submit the accurate report for his findings as this will be the basis of the digitalevidences for the criminal case.Day 2: June 7, 2012Session Seven: Business Continuity and Disaster Recovery Program Dir. Raymond Estioko, Bangko Sentral ng Pilipinas (BSP)Director Estioko has presented a business management cycle being used by theBangko Sentral ng Pilipinas (BSP) to prevent disaster and possible cyber threat attacks. TheBSP aims to minimize the disruption of their basic financial services caused by intentionalcyber threat attacks such as hackers, fraud activities, criminals and terrorists. The BSP alsoaims to resume critical operations within the shortest possible time whenever a cyber-attack would occur. Minimize financial losses, uphold consumer protection and avoidanceof systemic impact within the financial services industry are also the other target of thebank.
  • 43. 43ICT Development and Cyber Security ReaderThe ultimate goal of the BSP is to prevent the risk and impact that the cyber threatbrings. As a countermeasure, they are redefining and strengthening their risk assessmentand business continuity plan. Also, they are continuously enhancing their IT infrastructureand information system-focused plan which is designed to restore operability of systems,applications, or computer facility infrastructure at an alternate site after an emergency.Session Eight: Social Media and Mobility by Ms. Janette ToralIn the early 1990s, the use of the internet by the Filipinos is very minimal and issolely based on searching. However, ten years after, there was an immense shift of internetusage and it is now the primary source of acquiring information and also a great tool forcommunication. In 2010-2011, the rise of social media and social networks are unstoppable.People are now seeing these two things as an important aspect of living.As social networks and social media arise, the speaker sees this as a new threat tocybersecurity. The generations now, more so the youth can easily express their thoughtson every issue of the globe. In addition, the sharing of information via social networks andsocial media cannot be easily controlled and halted. Thus, it is vulnerable to cyber threatsand malevolent attacks.The trend of social media now is based on influence. It is indeed the name of thegame as per the speaker. People are easily fuelled on what they see or search on the internet.Moreover, the image of a person is based on how others have influenced them. This is alsoone of the reasons why the E-commerce in the Philippines is enormous and popular. Ms.Toral presented a summary statistics on the usage of E-commerce in the Philippines. Thehotel booking remains the highest and is followed by airline bookings and reservations.Session Nine: Information Security Management Practice by Simoun UngMr. Ung presented his topic on managing information security in a businessperspective. According to him, cybersecurity evolves and strengthens as people arecontinuously developing their knowledge and technical skills. Cyber-attacks are no longerbeing done by hackers and or criminals. It is now participated and sponsored by nation-states as a way to commence conflict. As of 2007, approximately 120 countries have beendeveloping ways to use the internet as their weapon. On the other hand, the targets havealso changed from a personal level to high value levels such as nation-state or institutionslike financial, research facilities, information agencies, and critical infrastructures like power,transportation, communications and other significant facilities.Similarly, the methods of attacks have emerged from simple hacking to advancedand highly custom-designed attacks. The hackers today use complex methods such as rootkits, malware, custom made cyber weapons and cyberespionage.Mr. Ung have expounded on several case studies presented about the securitybreach on global payments which affected 10 million cards. It vastly affected stock tradesand businesses of major cards brands. Also, he has discussed about Flame as the mostsophisticated malware to date. It can directly target and attack one’s computer by takingscreen shots, record audio conversation and key strokes. It can be deployed simply bythe use of a USB thumb drive. It is indeed one of the terrifying malwares existed and itis suspected that the US and the Israel have created it. It is believed that it was use in a
  • 44. 44 ICT Development and Cyber Security Readerprevious collaboration of the two countries and they have created Stuxnet malware whichtargeted Iran’s nuclear facilities.Mr. Ung also presented OODA: Cybersecurity decision making. The decision lifecycle is composed of four distinct phases: The Observation, Orientation, Decision andAction. He further illustrated the cycle by discussing each level in tactical level, operationaland strategic level.In conclusion, enhancing cybersecurity should be set as a global standard. It shouldbe strengthened by setting a law which will combat the breaches in every institution.Nations should work hand in hand to fully develop its defense in cybersecurity. Thespeaker therefore suggests to focus on the protection of the infrastructure by securing allof endpoints, including the growing number of mobile devices, along with messaging andweb environments. Moreover, information should be highly protected regardless of itslevel of confidentiality.Day 3: June 8, 2012III. Seminar-Workshop on ICTD and Cyber Security EnhancementCybersecurity Workshop Guide Questions1. What is the ICT and Cybersecurity situation in the country?Sub-questions:a) Would cyber attacks harm national interest?b) What immediate actions/s should the government take in addressing the issue ofcybersecurity problems?2. Is ICT important?3. Is cybersecurity important? Why?Sub-questions:a) Do you think the government is taking the issue of cybersecurity seriously?b) In a scale of 1-10, rate the Philippines in terms of readiness in cyber security defense(1 being the poorest and 10 the highest?)4. How can the government or the country make cyberspace a domain for public good?Sub-question:a) What mechanism or approach do you know has the government undertaken toaddress the issue of cyber security in this country?5. How can the government or the country ensure public safety in the cyberspacedomain?Sub-questions:a) Does the Philippines have sufficient available defense mechanism to halt any possiblecyber attack of great magnitude?
  • 45. 45ICT Development and Cyber Security Readerb) Do you think we have enough laws and other mechanisms in place which would parup to the kind of defense needed to halt any form of cyber attack?6.DoyoubelievethatICTdevelopmentandcybersecurityaretwinprogramsandareNationalSecurity concerns therefore needing urgent and serious attention by the government?Sub-questions:a) Do you think there is a need for the government to invest in ICT development?Why?b) Do we have enough ICT programs in place as would secure cyberspace?7. To pump-prime ICT Development and cyber security and integrate national effort(convergence of government, private sector, civil society, people efforts), do you think thereis a need for the creation of an integrating body above departmental level? What kind of abody would this be?Sub-questions:a) Do you think we have sufficient laws and policies in place that address the ICTdevelopment and cyber security?b) Rate the level of awareness of the following on how the threat on cyber security isreadily apparent, from 0- 50- not aware at all1- little awareness2- is aware but could not care less3- has knowledge of cyber security but poorly informed of the nature and sizeof the threat4- is aware and has fair knowledge of the threat5- very aware and ready to face the threat)_____. The government_____. Our policy makers_____. Our law enforcers ( PNP, NBI, etc)_____.People in general8. These concerns (ICTD and cyber security) require continuing studies and researches,especially as National Security factors; do you think there is a need to establish a“cybersecurity Institute”, which shall also be the center for training education on bothconcerns in correlation to National security?Sub question:a) In an ICT emerging country like the Philippines, is there a need to establisha government entity to manage the cyber security problem, like a ComputerEmergency Response Team (CERT) or a National Cyber Security Council?
  • 46. 46 ICT Development and Cyber Security ReaderSuggested Guide Questions for Cybersecurity Workshop Group Report andPresentationI. IntroductionII. What should be our National Vision on ICT and Cybersecurity?III. Where we are now on ICT development and Cybersecurity?IV. What can be done now or what are the necessary first steps to be done?Day 4: June 11, 2012IV. Presentation of the Workshop OutputsClosing Remarks by Vice President Jejomar B Binay MNSAChairman of the board and President of NDCPAAI VP Binay acknowledged the fact that we are now faced with a new battlefront, abattlefront considered unimaginable in the past, one which created a borderless world. Asit is, he encourages everyone to be unified and continue to strengthen the collaboration notonly with the private sector but also to global counterparts in gearing towards an improveresilience to cyber incidents and to proactively reduce cyber threats. And he also statedthat through shared principles we shall build not only our stance as credible gatekeepersof cybersecurity but valuable guardians of national security.# # #
  • 47. 47ICT Development and Cyber Security ReaderThird Forum on Cybersecurity Awareness and Collaboration12 October 2012Honor Hall, NDCP, Camp General Emilio Aguinaldo, Quezon City“Cybercrime Law and Its Implicationsto National Security”
  • 48. 48 ICT Development and Cyber Security ReaderHighlights of the Third Forum on Cyber SecurityAwareness and CollaborationCybercrime Law and Its Implicationsto National Security_______________________________________________________________________________I. BackgroundThe Office of the Vice President (OVP),in partnership with the NationalDefense College of the Philippines(NDCP) and the NDCP Alumni AssociationInc (NDCPAAI), conducted a forum entitled,“Cybercrime Law and Its Implications toNational Security” on 12 October 2012, atthe NDCP Honor Hall.The forum is organized for thestakeholders of Republic Act Number 10175or the Cybercrime Prevention Act of 2012. Itaims to present a comprehensive overviewof the law, which includes its rationale and provisions; provide a platform for discussionon how to effectively implement its provisions; and identify the rights, responsibilitiesand possible contribution of each stakeholder. A total of one hundred (100) participantsrepresenting various stakeholders, including the Department of National Defense (DND),Armed Forces of the Philippines (AFP), Department of Justice (DOJ), Department of Scienceand Technology (DOST), National Bureau of Investigation (NBI), National Security Council(NSC) and other relevant members of the private sector attended the event.Experts from the government, the private sector, and the academe were invited totalk about issues, concerns, rights, and responsibilities concerning which was confronted byunwelcoming reaction from the public, particularly the country’s cyber citizens. Finally, AttyIvan John Uy, Former Commissioner, Commission on Information and CommunicationsTechnology (CICT) provided a synthesis and way ahead of the activity.II. Plenary SessionsWelcome Remarks by Fermin R De Leon Jr, PhD, MNSAPresident, NDCPOn 12 September 2012, President Benigno Aquino signed RA 10175 (CybercrimePrevention Act). The law states that the state recognizes the vital role of the informationand communication industries. It declares the law’s intention to create a cyber environment
  • 49. 49ICT Development and Cyber Security Readerwhich is free and secure from malicious and injurious intent which may cause havoc inthe cyberworld. However, there are provisions of the law which caused public uproar;among them was libel through computer or other similar means. The ratification of thelaw has caused defacement of government websites by the so-called hacktivists, one ofthem is identified as the Anonymous. Academics, media, civil society organizations, andnetizenz have aired reservations to the new law. There were cries of the flagrant reversalof the efforts to promote fundamental rights and freedom. The disdain to the law, whetherin full or in part, has sparked an intense debate which involved the private and the publicsectors alike.Amidst the challenges of the 21stcentury to national security, cyber space hastruly become a host to public and political discussions and national security concerns andphenomena; it has become the 5thdomain. Amidst the ongoing issue on the West PhilippineSea, there were attacks to defile both Philippine and Chinese websites. Given the expandingimplications of cybersecurity in the political milieu, the OVP, the NDCP, and the NDCPAAIdecided together, to conduct this Forum on the Cybercrime Law and its Implications toNational Security. It seeks to contribute to the active and lively debate on the cybercrimelaw. As a society with many cyber security concerns, it is imperative to take a serious lookon how this law will affect us. This forum seeks to float serious matters that may springright in our faces later on, if we let them pass without healthy and friendly debate.On behalf of the organizers, I hope that this forum would gather all of our efforts andcontributions to ensuring cyber security, upholding our national security, and protecting thefundamental rights and liberties of our citizens. Benevolent cyber citizens, cyber activists,cyber ranges, and cyber defenders we are all in this together.An Overview of the Rationale and Provisions of RA 10175Hon Sigfrido R Tinga, Member of the House of RepresentativesWhen people talk about the Cybercrime Prevention Law, they usually fail to mentiontwo words—context and change. What is the context which brought such law and whatis happening in the world today? A decade ago, probably no one has heard about Twitteror Facebook. After a decade, our system of storage evolved from the floppy drive to Cloud.We experience drastic changes in a span of a decade. The world would change even faster.That is change for your and that is the context for me. Throughout history, we will havecontinual change and continual challenges.If you think the last 10 years is fast in terms of change, the next 5-10 years willshock you. Students will not be studying in school; people will not be working from offices;business models for the media will change; people will no longer use banks for theirtransactions; telecommunications industry will have to find new streams of revenues. Wewill be outsourced; all will be stored in the cloud. If you are losing x amount of peso in thereal world crime; you will end up losing multiple of that online.Resistance to change, being comfortable with the status quo, and being safe andrisk-averse are surefire recipe to extinction. Like any law made by man, the cybercrimeprevention law is not perfect; nevertheless, the challenges of time require us to have one.If one would look at the House version of the law, it is not too bad. However,we come together in a compromise in coming up with a legitimate document that would
  • 50. 50 ICT Development and Cyber Security Readerrepresent what we think is the best for the people. Arguments, debates, and concessionshave lead to the cybercrime prevention law as it is today. The uproar the ratification of thelaw brought about signaled the need for transparency in the law making process. Had thelaw been scrutinized prior to its approval, there would have been no public clamor in thefirst place.If an act is illegal in the real world, it should be illegal in online. This logic floatsridiculous laws we have and make them appear more ridiculous. For instance, the RetailAct prohibits foreign retailers to operate in the country. With the cybercrime preventionlaw, can the Department of Justice (DOJ) shutdown Amazon and E-bay? The current timespresent a borderless world, a progressing world presents a challenge but at the same time,an opportunity.Open ForumDuring the discussion, a participant asked whether the 120-day temporaryrestraining order issued by the Supreme Court provide enough time to correct mentionedimperfections of the law imperfections. As discussed, there are multiple ways of curingthese one of them; one of which is through the Implementing Rules and Regulations (IRR).Through the IRR, some of the issues and concerns can be clarified. One need not strike downthe law entirely. It would not be the last cybercrime law; amendments will surely follow.There were also questions on the provision on online label, if it can considered oneof the imperfections of the law. The question was answered based on the essence of thecyber crime law—to criminalize online commission of acts which are considered prohibitedin the real world. That means all the acts identified under the Penal code, including libel.If one wanted online libel to be decriminalized, the act should also be decriminalized inthe real world.With regard to the President’s support on the libel provision, there was a question onhow the congress would balance this with many legislators’ plan to revise said provision. Inthis case, there was a recommendation to wait for the arguments in the Supreme Court. If theSupreme Court decided to return the law to Congress, then should be amend as decided.Towards a Comprehensive and Effective IRR of the Cybercrime Prevention Law byDirector Philip Barilla, Information and Communications Technology Office, Department ofScience and Technology (DOST-ICTO)The DOST, the DOJ, and the Department of Interior and Local Government (DILG)are tasked to craft the IRR for the cybercrime law. The cybercrime prevention law in summaryprovides definition of cybercrimes, the measures related to the prevention, investigationand suspension of such crimes and imposition of penalties.The salient features of the law talks about punishable acts and enumerates differentcybercrime offenses. It groups offenses into three categories—against confidentiality,integrity, and availability of computer data; computer-related offense; and content-relatedoffenses.The fist category, includes illegal access which experienced drastic increaseworldwide; illegal interception which includes intrusion without right, interception of any
  • 51. 51ICT Development and Cyber Security Readerprivate transmission of data, and data interference or international alteration or damagingof computer data (e.g., website defacement); system interference or denial of service attacks;misuse of devices to use, produce, sell, procure, import distribute, or make available tocommit cybercrimes; cyber squatting or acquisition of a domain name similar to a trademarkor name of a person. Computer-related offenses, the second category, enumerate fraud,forgery, and identify theft. Phishing is one of the prevalent crimes in the Philippines. Creditcard fraud and online fraud scams through email and other means are also increasing.Lastly, content-related crimes include cybersex, child pornography, unsolicited commercialcommunications (spam) and libel.There was a discussion earlier about clarifying in the IRR some provisions. The IRRcan further clarify and clearly define acts which constitute cybercrime offenses. The DOSTshall coordinate this with committee chairs of both houses. We will formulate the IRR inconsultation with different committee secretariat of both chambers.The law provides a degree higher punishment on libel using ICT. Greater authorityis granted to law enforcement agencies such as the National Bureau of Investigation (NBI)and the Philippine National Police (PNP). It mandates them to systematically providereports for pre and post operations. The Regional Trial Court has the jurisdiction giventhat the offense is committed in the country; it was committed using a computer systemphysically located in the country; it caused damage to a natural or juridical entity while inthe Philippines. The law also provides general principles for international coordinationand cooperation which are hinged on international agreements on the basis of uniform orreciprocal legislation.The DOST-ICTO was made part of the Cybercrime Investigation and CoordinatingCenter (CICC) which is supposed to be under the administrative supervision of the Office ofthe President (OP). It is tasked for policy coordination and formulation on implementationof the Cybersecurity Plan. The CICC is mandated to craft National Cybersecurity Plan andprevent real time commission of cyber offenses through ASSERT, a computer emergencyresponse team. It is also mandated to coordinate and prepare measures to prevent andsuppress cybercrime activities through a consultation and coordination team. CICC is alsotasked to monitor cyber cases and facilitate international coordination not just on cybercrimemonitoring but also on awareness campaign and capability building, among others. It isalso supposed to coordinate the support of local government units, private sector, andcivil society organizations. CICC can also recommend reenactment of new laws related tocybercrime, and call upon the support of any government agency.Cybersecurity refers to the collection of tools, policies, risk management approaches,actions, training, best practices, assurance and technologies that can be used to protect thecyber environment and organization and user’s asset. This definition is in line with thedefinition of the international community. Cybersecurity aims to secure properties of anorganization and user’s asset against threats posted in the cyber environment.Cybercrime is the offenses, and its prevention is part of promoting cybersecurity.The use of risk management approaches which include assessing threat, vulnerability, andconsequence, identifying controls and mitigations, implementing controls, and measuringeffectiveness will help us strengthen our cybersecurity practices.
  • 52. 52 ICT Development and Cyber Security ReaderThere are a lot of best practices that we can adopt. The International Telecoms Unionand other governments publish their reports online and we can use them. One critical activityin promoting cybersecurity is building partnership between the public and private sectors.It is also necessary to secure our critical information infrastructure; promote awareness indifferent sectors of the society; build our capability; establish systems in every agency andconnect all of them seamlessly. Ultimately we need to develop a culture of cybersecurity.Open ForumA participant inquired on how the congress arrived at fifty (50) million pesos forsetting up defense against cybercrime and on the corresponding plan of action, given thesaid amount. As gathered from the discussion, with the Senate is said to have introducethe amount during the bicameral conference committee. Further, adequate consultationin arriving on mentioned amount. If one will put cybersecurity center, fifty million is notenough, one can only conduct vulnerability assessment with the amount.A participant commented that typically government agencies do not perfectlycooperate and queried about the law drafters’ reasons for assigning the crafting of theNational Cybersecurity Plan (NCP) to DOST, DOJ, and DILG. The reason of having acoordinating center, as mentioned, is to have the three agencies work together under oneroof. It would be easier for this agency to coordinate and collaborate if they work underone roof.A basic premise of the law is that whatever act that is punishable in the first 4domains should also be punishable in the 5thdomain, the cyber world. However the draftIRR, states that the penalties for offenses committed online is a degree higher compared tothose committed in the real world. A participant opined that it seems to be discriminationagainst the netizens. On the part of DOST, the speaker said that there are activities onlinewhich provide greater impact and therefore need greater deterrents.Given the case that one wrote a libelous statement on paper, scanned it, andposted it online, there was question on whether he will be charged under the Penal CodeLibel, the Cybercrime Prevention Law Libel, or both. The speaker presented his personalinterpretation of the law. The moment you posted that libelous statement online you arecharged as provided by the cybercrime law. It may also depend on the one who is suing you,if he would sue you under the Penal Code or the new cybercrime law or on the judgmentof court based on evidence and merits of the case. With regard to the second query, thespeaker opined that cybersecurity is a bigger concept than cybercrime. Nevertheless, thecybercrime law also secures our cyber environment. In line with this thinking, a participantsuggested establishing a Cyber Command to protect the 5thdomain as a nation protect itsland, sea, air, and space. It can be included on the Cybersecurity Plan.A participant commented that RA 10175 incorporated two entirely different concepts(i.e., cyber crime and cyber security) into one document. As the PNP and NBI are the onlylaw enforcement agencies authorized to secure date from the ISPs, they are also involvedin cyber security. He reminded the authorities to be careful in crafting the IRR as it provideas the measures and guidance in implementing the law. In clarifying issues, one may someprovisions require amendments through legislation; the congress can also file an amendatorybill; issues can also be clarified through the IRR.
  • 53. 53ICT Development and Cyber Security ReaderA participant requested for the timetable to finish the IRR. He also inquired on whatwill happen in the period between the cyber crime law and the IRR. On the timetable, thelaw defines a period in which the three departments can work on the IRR. Individually thethree agencies will come up with inputs to the IRR and this coming November we will meetto discuss the inputs. With regard to the second question, it will not be retroactive; withoutthe IRR, it is as if we do not have any law.A participant inquired if the law protects those who teach hacking to companiesand government agencies to protect their system. As confirmed by another participant,teachers are not liable; they are protected by RA 10173. If the organization allowed you tohack their system for academic purposes, you will not be charged. There is another provisionon the law that makes the possession of tools, programs, devices, etc. used for hacking ispunishable by law. Ethical hackers and professionals use the tools hackers use to simulatean actual attack to a company’s system. With regard to minors who committed offenses asprovided by the law the court may file civil cases against the parents.Section 6 of the law covers both cybercrime and cybersecurity. All violations coveredby the RTC and/or other special laws committed through ICT. However, it may not be veryeffective in terms of addressing cyber warfare and cyber terrorism. The law, like any otherlaws, is reactive. In case of hacking, websites are defiled. However, in the case of cyberwarfare, your critical infrastructures are attacked. In terms of making another accountable itis very difficult because a country, for instance China, can use a proxy country, for instance,Singapore to attack the Philippines. Singapore is hardly liable to such offense. Cyber warfareis an act of nation-state and so far, there has been no proof cyber warfare in history.A representative from the uniformed forces inquired on their responsibilitiesvis-à-vis cybersecurity law. The speaker opined that government agencies should defendtheir own systems. Establishing your own CERT is a good start. It is up for any agency toestablish its own CERT. It is also necessary for agencies to closely coordinate and facilitatea free flow of information to create the future of cybersecurity.A participant inquired on the differences of the National Cybersecurity Plan andthe National Security Strategy Plan drafted by the National Security Council. The speakerresponded that while the National Cybersecurity Plan is being drafted, there will be closecoordination with the NSC.It was mentioned that online libel may be punishable in both Cybercrime Law andthe Penal Code. A participant asked whether it is considered double jeopardy. Accordingto the speaker, the DOJ will decide which law applies; it will not be double jeopardy.National Security Implications of the Cybercrime Law: The Defense Perspective byDirector Nebuchadnezzar Alejandrino, DND Information Management OfficeIn the international scene, the 2001 Budapest Protocol was supposedly the goldstandard in cybercrime legislation. It was followed by the London Conference in 2011 andagain the Budapest Convention which was conducted a week ago.From the 2012 Budapest Convention, it was discussed that the US was mostlyconcerned on the privacy of the cyberspace i.e., human rights. In relation to this, the Europeanwants an open cyberspace for business purposes. In the Philippines, we are too preoccupiedwith crimes and I am not so sure if it is a good or a bad thing. The country’s cybersecurity
  • 54. 54 ICT Development and Cyber Security Readerplan is the cornerstone of its cybersecurity policies. The Philippines may be ahead of thecrowd in terms of cyberspace awareness and legislation.The strategy of the Philippines in terms of promoting cybersecurity is said to bearea-focused in the sense that it addresses the issue, through legislation, per category. Forinstance currently we are focused on addressing our cybercrime issues. Cybercrime should beunder the purview of the DOJ; cybersecurity, on the hand, should be the mandate of DOST.Threats in cyberspace can be grouped in two categories—threats brought by non-state actorsand those brought by a state. Non-state actors are typically motivated by self-interest. Onthe other hand, state actors are those engaged in cyber warfare in the sense that they trainpeople by the thousands.The cybercrime law empowers the law enforcement agencies in pursuing attackerswhether they are state and non-state actors. The clamor brought by the provision for onlinelibel is a blessing in disguise since it brought the reality of cyberspace and its threat to thegeneral public. In prosecution of cybercrime offenses, there is a problem on attribution oridentification. You can determine the IP address but is nearly impossible to determine whothe actual person is.The implications of the RA 10175 have not reached a national level security concernyet. The local hacktivists, before they become so, are Filipinos first; they will never jeopardizethe government. There is also a difference between national interest and national agenda.In the national agenda, the public participates on the debate. In national security, there isa sort of focus; the government is involved.The cybersecurity as the 5thdomain and the new arena levels the battle field in favorof those with limited economic resources such as the Philippines. Asymmetrical warfarein this context becomes de facto major strategy. In this new reality, it is critical to raisethe public awareness in ensuing relevant policies of the state in the context of promotingcybersecurity. The cybersecurity law is a demonstration that the country is preparing to grabthe opportunity the emergence of cyber arena presents. The passage of the law ushered theera where cyberspace becomes not only a second nature but also a defense of our economic,social, and political and national security interests. The Defense Department welcomes thepassage of the law as it will fast track the awareness level of our leaders and the public onthe criticality of the 5thdomain and the technology available to us in dealing with a morepowerful adversary.Open ForumA participant asked when one considers protest as a threat to national security.According to the speaker, a protest becomes a threat to national security when freedom ofexpression cease to exist; when there is disruption on the people’s daily activities; whenthere is denial of basic services (e.g., food, electricity, water, transportation).A participant shared that hacktivism is not a new concept. In fact, in the late1990’s, websites are already being defiled. People are already sending emails to systemadministrators informing them about loopholes on their web system. They did not getsatisfactory responses from system administrators so they resorted to actually defacing thewebsites to prove their point. In early 2000, some of this hacktivists joined criminal groups,
  • 55. 55ICT Development and Cyber Security Readerusing their intelligence to gain illicitly. Now we witness our youth counterattacking China’salleged attack to Philippine websites. If we would tolerate them, they may suffer the samefaith as their predecessors did. The government can actually tap their intelligences so theiractions are regulated and authorized.One of the participants presented a hypothetical question—In the instance whenChina attacked the Philippines using an ICT platform in Manila can we pinpoint if the attackcame from China and not from within? Can we establish that China is the enemy?—Thespeaker responded that though it is highly unlikely that China will launch a cyber attackagainst the Philippines, in the event that it did and it did so using a platform in the country,the authorities can detect the IP address, its location and launch a pursuit operation in amatter of hours.With regard to the speakers statement that the country has the capability to traceattacks and attackers, participants raised comments. The recent actions of local hacktivistsseem to signal the contrary. Based on the series of website defacements they inflicted on thegovernment they seem to be more than 100 percent sure that they cannot be traced.The Role of the Private Sector in the Effective Implementation of the CybercrimePrevention Law by Angel T. Redoble, President and CEO, ARMCI Solutions & ConsultancyThe presentation revolved around three concepts—Communication, Cooperation,and Coordination (or Collaboration). Communication is a very big problem even in realworld crimes. We do not usually report cybercrimes. Being part of the private sector, wehave to report cybercrimes and criminals. In the real world, we are hesitant to report crimesbecause of the fear of retaliation from criminals. In the cyber world, the criminals cannotharm us physically. We have to call the experts. Amidst recent hacking incidents, affectedparties did not complain; they did not give access to investigators. If the private sector willdo the same, we cannot fully implement the law.After communicating, we have to cooperate. However, companies do not trust lawenforcement agencies. They do not allow access to law enforcers for investigation; thereis conflict of confidentiality. Law enforcement agencies are the only parties mandatedto conduct investigation. If we fail to remove this barrier, there will be more cybercrimeincidences.Once trust is established, we can provide full assistance to forensic examiners andinvestigators i.e., cooperation. However, even affected government agencies are not open toinvestigators which send a wrong message to the private sector. We have to avoid the do-it-yourself initiatives. IT professionals are not security experts; they are not fully knowledgeableof computer forensics. It is important to call security experts because litigating a cybercriminal involves digital forensics and process to follow. Any person can gather informationfrom a computer, but the forensic element means it has to be gathered in a manner thatmakes it reliable to a court or other body and the information has to become evidence.One must follow the procedures of acquisition, identification analysis, reporting, andcourt presentation or else one will never have a successful litigation. Focusing on acquisitionand identification, these are processes involving physically or remotely taking possessionof computer data and network mapping from the external and physical storage. With theright acquisition procedures, one may proceed with identification wherein retrievable data
  • 56. 56 ICT Development and Cyber Security Readerare identified and actually retrieved using forensic tools and software. There is a need ofthe law that will obliged companies to save log files, implement security measures, andhave risk management process to facilitate easy gathering of evidences and presentationto court.There is a need to collaborate i.e., public-private partnership. We need to exchangeknowledge and expertise. There are a lot of patriots willing to help and assist. The lack ofskills must be recognized. Where there are lapses, the private sector can patch them up.Open ForumOne of the huge issues in the cyber world is the botnet attacks. Critical infrastructures(e.g., power, financial, communication) are susceptible to such attacks. A speaker askedhow one finds a botnet attack so that in launching retaliatory attack, the right people aretargeted. Botnet is not a one-on-one issue. One can use a single computer in launchingthousands of botnet attacks. One may also use hundreds of computers to launch a botnetattack. One may trace back up to an IP address but it is not 100 percent accurate. Thereis no such thing as absolute security but there is such thing as proactive security. This iswhere policies and standards come in.The presentation proposes what appears to be proposing that the government mustissue guidelines or standards on the use of ICT much like zoning laws and building codes.At present, there is problem of accountability. In instances, where a hacker intrudes in anorganization’s system using another organization’s network, the latter may easily get awaybecause there are no exiting laws that promote accountability.The Philippine National Police (PNP) has information policy in place, which iswhy the PNP websites has never been hacked. We have issue-specific and in-depth defensestrategies. The speaker added that is not enough to have policies; there is a need of manualor authority which will validate the effectivity of existing policies.The military is currently lacking of experts. It may afford the most expensivesoftware or vendor, but still it lacks human resources. Those that we train are easily attractedby the lucrative opportunities offered by private practice.Academic Perspective by Atty Harry Roque, Professor, UP College of LawAccording to the United Nations (UN), criminal libel is contrary to freedom ofexpression. Nevertheless, in the Philippines, libel is still criminalized under the RevisedPenal Code. The Cybercrime Prevention Act not only maintains this principle but alsoraised the penalties to a higher degree.On double jeopardy, Section 7 states that conviction under this law is withoutprejudice to conviction under the Revised Penal Code. Indeed there are many special lawsthat state the same. However, one may have multiple convictions if there are multipleelements on the crime the person committed. The elements of online libel as provided bythe law exactly has the same elements as the real world libel under the Revised Penal Codeexcept that the former was published online.One of the most controversial sections of the law is perhaps Section 19 whichprohibits the court from invalidating individual provisions of the law; one my apply the
  • 57. 57ICT Development and Cyber Security Readerseparability clause. The DOJ has the unilateral power to block websites motu propio basedon prima facie evidences of violation of any provision of the law. This runs contrary to theprinciple of separation of powers as this makes the Secretary of Justice an enforcement agentin charge of investigation; prosecutor arm in charge of prosecution; and judicial because heor she may decide when to exercise the power. Jurisprudence demands that while you havethese minimum provisions, you cannot invalidate parts of the law; you need to disregardthe law as entire unconstitutional.Child pornography is one of content-based restrictions of the law. The offense is alsodefined under the Child Pornography Act 0f 2009. Same with online libel, the cybercrimelaw provides punishment of higher degree against child pornography. We patterned thisprovision under an American law which also sought to prohibit child pornography onthe internet. However, this law was already declared unconstitutional in the US. Thoughchild pornography is one of the exceptions to freedom of speech along with hate speechand speeches that may cause actual danger, the US Courts decided that regulating onlinecontents based on child pornography presents a burden of restricting contents whichadults, as provided by their constitution, may read or address to each other. Because thislaw prima facie infringes on freedom of expression, the law is presumed unconstitutional.This somehow is confirmed by the issuance of the temporary restraining order (TRO). TROis issued when there is possible injustice and irreparable damages to the petitioner.There are other provisions that while not involving the constitution may presentproblems on the implementation. For one, the law demands that computer data be storedfor six months. According to the UP Computer Center, this is going to be expensive. If thisis to be done, the government should increase their budget by at least three times. While thelaw attempts to insulate computer use for criminal intent, let us remember that the internetwas invented to manifest the free-market place. In prohibiting the criminals, we should notforget the intent of internet in the first place.Open ForumIn cases when a country decriminalized libel a participant asked how one protectshimself from politically motivated demolition jobs. For one, the UN Human RightsCommittee stated civil libel as an alternative. Second, if one is a broadcast company owner,the possibility of going bankrupt because of humongous civil claim will prompt him toexercise more control what your writers write and your broadcasters say.If the libel provision will not be included in the law, a participant inquired onwhether question the aiding and abetting sections of the law will be also put into question.The speaker recommended reexamining the provision stating that all prohibited acts underthe Penal Code are punishable under the Cybercrime Law if committed electronically. Eachcrime is unique and conditions may alter once we shift from the real to the virtual world.Way Ahead by Atty Ivan John UyThe intention of the Cybercrime Law was to target the cybercrime aspect; it barelytouched on the cybersecurity aspect. Nevertheless, as the presentations demonstrated, thetwo can be interrelated concepts.
  • 58. 58 ICT Development and Cyber Security ReaderThe forum highlighted the struggle between governmental power and the rightsof the citizens. When governmental power is increased the exercise of the citizen’s rightstends to decrease. Election is coming up and we must be extra sensitive and vigilant inselecting intelligent officials who can espouse our ideals, aspirations, and the principleswe stand by.Indeed we need to pursue cybercriminals who, for the longest time, has remainedunaccountable. These criminals act as if they are anonymous though the tools to trace themare available. The challenge is for the government is to hone and keep the talents that wehave. Experts tend to leave government service because of the lucrative opportunities inprivate practice.There is need for cooperation not just among the government agencies and privatesector within the country but also the international organizations. We are all here becausewe share a common need for accountability on the part of those who resort on illicit meansfor private gain. But we must also remember that in our zealousness, we also have rightsto be considered and protected. There is always a room for compromise wherein we bothprotect our infrastructure and the citizens’ basic human rights. All of the debates that wehad are a reflection of a healthy democracy that we have.With respect to the uniformed services’ sentiments on the lack of ability, we havefriends from different embassies and countries whom we can engage in the exchange ofexperiences, practices, and expertise in enhancing our cybersecurity.Closing Remarks by Shirley Marie Pelaez-Plaza, MNSASecretary-General, NDCP Alumni Association, IncThe past several weeks arguably have been the most challenging and most politicallycharged moment of the Philippine Cyberspace. Upon the reenactment of the RA 10175,sentiments against the law came rushing in like a tsunami that has swept away the executiveand the legislative branches of the government and even the private sector.Yet if we are to conduct ourselves in an intelligent and civilized manner, everyonewho has a stake in this issue should see through the fog and cut through the noises of knee-jerk reactions. This forum on RA 10175 organized by the OVP, NDCP, and NDCPAAI isour humble contribution to further encourage sober but intelligent but perceptive publicdiscussion on the issue that has swept away our cyber citizens. There are three cardinal principles which must be observed at all times regardlessof the ferocity of public debates and pressures:1) Freedom of expression is a core element in a vibrant democracy. When an individualis allowed to speak about any issue without undue malice, public policy is well-informed. Feedback mechanisms brought about by this basic freedom providespressure to government officials, both elected and appointed, to ensure that ahealthy and vibrant democracy lives on.2) Vaguenessontheprovisionsofthelawopenslegalgatesformalevolentinterpretationof the law. Amidst the vagueness of some of its provisions and the bothersome
  • 59. 59ICT Development and Cyber Security Readerimplications of law enforcement, the online and offline public felt a great measureof anxiety. Those who expressed reservations to the law called its crafters and urgedthem to be more precise on the parameters and standards contemplated by the law.We should take the view that the undefined and unrefined provisions of the lawconstitute the black hole that zapped the law most if not all of its credibility.3) No amount of public disgust can ever justify the cowardly acts of online vandalismand hacktivism. The public must be strongly discouraged to admire those who defacegovernment websites to express opposition against an unpopular law. Apparently,unscrupulous hackers take advantage of the widespread contempt against certainprovisions of the law in order to push for the total abandonment of the law whichin the future will track down them. All opposition to this law or any other law forthat matter must be expressed through proper means and channeled to the rightforum. This cybercrime prevention act is a start manifestation of a work in progress. Itshould be seen as a sum total of our desire to protect not just the individual citizen but alsothe nation.# # #
  • 60. 60 ICT Development and Cyber Security ReaderPapers on ICT Development and Cyber security
  • 61. 61ICT Development and Cyber Security ReaderWORKSHOP OUTPUTPrioritizing ICT Development and Cybersecurity:A Matter of National Security PolicyAconsolidatedreportoftheparticipantsduringtheSeminarTowardsInformationandCommunicationsTechnology Development and Cybersecurity Enhancement held on 6-8, 11 June 2012 at the HonorHall, NDCP, Camp General Emilio Aguinaldo, Quezon City.____________________________________________________________________________________________________________________________________OutlineI. IntroductionII. National Vision on ICT and CybersecurityIII. State of ICT development and CybersecurityIV. Proposed ActionsI. IntroductionInformation and Communications Technology (ICT) is a well-developed managementtool and is widely used by government, private sector and individuals to communicateeasier and faster in real time. The modes of communication have evolved from wiredto wireless to cloud computing. ICT development is not just about the technology but alsoinvolved the human dimension of using these media. This can be a cybersecurity concern.Those with ill intentions can use the same technology to harm a person in particular, andthe country in general.However,cybersecurityisinearlystagesofdevelopment.Cybersecuritymanagementprocesses are ad hoc at best and stove-piped. There are enthusiastic groups handling cybersecurity, but problems overtake solutions and situations occur ahead of legislations. ICTDis focused too much on websites and not on the interconnectivity. Presence of agenciesin the internet is good but it is not yet transactional because of the need for more securityfeatures and procedures. Transparency and efficiency of services of government agenciesare demanded through e-governance.The Philippines lags in ICT and cybersecurity compared to other developingcountries in the region. The existing ICT systems are fragmented, i.e. each bureau has itsown system. There is lack of integrated ICT development effort by the government and acommon communications culture among stakeholders.There is a need to enact comprehensive law on cybercrime and cybersecurity as wellas a need to enhance capacity of stakeholders on ICT access, use and skills, and literacy levels;also the need to improve systems of interconnectivity and interoperability and harnessingprivate resources and efforts is minimal.
  • 62. 62 ICT Development and Cyber Security ReaderNonetheless, the Government is taking the issue of cyber-security seriously. Noless than the Vice President himself is personally interested in the ICT governance andis committed to resolve the challenges such as the absence of national direction towardscybersecurity and fragmented Government efforts.As such, there is an urgent call to elevate ICT development and cybersecurity as anational agenda through formulation of national policies.There is a need to promote ICT development and cybersecurity as a matter ofURGENT national security policy and a priority of the President.II. A National Vision on Information and Communications Technology(ICT) and CybersecurityThe following are the participants’ visions on ICT and cybersecurity:“A digitally empowered, innovative, and globally competitive nation whereICT and Cyber Security work harmoniously to deliver reliable, affordableand secure information access in the Philippines. A government that leadsand practices accountability and excellence in providing responsive andefficient online citizen-centered services.”“An ICT that establishes an efficient, integrated, interoperable andsecure information environment that enables national productivity andcompetitiveness and promotes Filipino values and human security.”“A nation with a fully developed ICT and Cybersecurity that support aviable and sustainable national development and national security”“A secure, friendly, reliable and effective ICT environment and cyber spacefor all citizens, residents and, business establishments in the Philippines;thus facilitating growth, safety, security and an enriching life for thepeople”“A relevant and effective ICT and cybersecurity capabilities, which harnesspublic and private partnership for the national interest and the commongood by 2022.”“Internet enabled, digitally empowered, innovative, globally competitiveand prosperous society where everyone has reliable, affordable and secureinformation access and adequate protection of their constitutionally-guaranteed privacy and human rights. A government that practicesaccountability and excellence to provide responsive online citizen-centric services. A thriving knowledge economy through public-privatepartnership.”
  • 63. 63ICT Development and Cyber Security ReaderIII. State of ICT development and CybersecurityThere is an increasing number of Filipinos using the cyberspace. The averageage of internet users range between 22-24 years old. There are six international internetgateways which have bandwidth limitation and are disjointed. Because there are nosignificant coordination efforts across various segments to address cyber security issues,cybercrime incidents in the country are increasing with possibility of cyber-terrorism. Thereis an apparent lack of adequate resources and technology and solutions often fall short ofexpectations.The Philippines may be regarded as an “ICT neo-colony.” Filipinos are mere IT-consumers and not producers. There is none Filipino-developed or owned cyber securityimplements. There is no real “Philippine ICT-industry.”The level of awareness and readiness is deemed average for the Government (3)and even lower for the People (2) (1 lowest, 5 highest). The Government is still incapable ofdetecting threats embedded in available IT and very weak in interdiction. Pirated softwarestill proliferates in many government offices. Visioning and long-term planning is lacking.Implementation is weak, not cohesive, and lacks “continuity.” There is no authority onstrategic ICT concerns or a “Cyber Command.”Concern for cyber security has yet to cascade to the grassroots. Yet, Filipino youthare increasing to be cyber literate or are at least interested in science.IV. Proposed ActionsListed below are the proposals for actions categorized according to strategy,structure, legislation, system, staff and skills.1. Strategya) Include in the Government’s policy that cybersecurity is a matter of nationalsecurity priority.b) Do not reinvent the wheel. Develop past initiatives i.e. Where to ICTO? The“Philippine Digital Strategy 2010-2016”? and the “National Cybersecurity Plan2009”c) Develop a national policy on information as a resourced) Elevate Cybersecurity and ICT development as a national agenda throughformulation of national policiese) Develop National ICT Development and Cybersecurity strategic Plansf) Plan for and hold a national Cybersecurity Summitg) Maximize use of locally available ICT resourcesh) Advocate for the enactment of policies/ laws on ICT and Cybercrimes to includeCybersecurityi) Cybersecurity awareness program for various sectorsj) Encourage local and international ICT industry support and cooperationk) Improve citizen rights and strengthen laws to penalize use of cyberspace incriminal activitiesl) Cyber world is a “commodified experience.” Review pertinent franchises andthe main resource itselfm) Government should have its own gateway/cables
  • 64. 64 ICT Development and Cyber Security Reader2. Structurea) To pump-prime ICT Development and Cybersecurity and integrate nationaleffort (convergence of government, private sector, civil society, people efforts),an executive authority within the Government at the appropriate level may bedesignated as responsible for directing ICTD and Cyber security initiatives atthe National level.b) The designated authority may be supported by an ICTD and Cyber Securityadvisory board comprising of members from Government Departments,Academic, Defense, Law Enforcement and Industry segments that supportnational critical infrastructurec) Create an inter-agency task force group to make an inventory of what we have,what the challenges are, and come-up with a solution/s for implementationacross the whole government. It will be headed by the cybersecurity czar.d) Establish the following positions and organizations:— National Chief Information Officer (CIO) – Information governance— Secretary DICT – information managemente) DICT agencies – component administration (automation, networking,communication, etc)f) Creation of a multi-sectoral Technical Working Group (TWG) and a CabinetLevel Committeeg) Establishment/creation of a cabinet-level committee to recommend nationalcybersecurity initiativesh) Create a lead agency, a National Coordinating Center, to oversee theimplementation of ICTD policies, plans and programs (DICT Bill)i) Initiatives to protect Philippine cyberspace by PhCERT and law enforcementagencies (PNP/NBI)3. Legislationa) Prioritize pending legislation related to cybersecurityb) Pass the Department of Information, Communication Technology (ICT) billc) Formulate a concrete and long term Policy/legislation focusing on CyberSecurity Concerns (Cybersecurity Bill)d) Expedite passage of needed laws, craft implementing rules e.g. the Anti-Cybercrime Prevention Act of 20124. Systema) Creating a government cyberspace infrastructure with its own Internetexchange connecting to the AP Region. Data and information in governmentare confidential in nature and thus it needs to be protected and monitored solelyby the government.b) Establish a government intranet which will be used as network infrastructurefor e-government applicationsc) Impose minimum standards and mandatory procedures for all agencies tofollowd) Employ knowledge management to develop automated applicationse) Set-up Incident Response Teams (IRTs) in all government agencies under thesupervision of G-CSIRTf) Periodic vulnerability assessment of government cyber-infrastructure andwebsitesg) Consider creating a government-owned cloud facility to house sensitivegovernment data
  • 65. 65ICT Development and Cyber Security Readerh) Support the establishment of local internet exchange pointsi) Governance, Risk and Compliance management may be embedded intogovernment ICT systems and servicesj) Regulate import and entry of dual purpose technologies and systems into thecountryk) Implement government controls on the access pathways to cyberspace (Registerall internet connections, all SIM cards, all Satellite phones and Satellite terminalsetc.)l) Ability to monitor and control contents delivery through cyber space to enforcemutual respects for civil liberties and national interestsm) Acquire a communication Satellite or dedicated satellite transponders forengineering secure encrypted communication links for sensitive military andgovernment communications to augment current commercial channels5. Staff (Personnel)a) Create a top-caliber technical working group to pursue these initiatives andrelated concernsb) Create more ICT-savvy positions and plantillac) Create a pool of ICT professionalsd) Make salary and compensation of government ICT workers commensuratewith the commerce and industry6. Skilla) Implement continuing educational programs / capacity buildingb) Establish national level scholarships in ICT with service obligation (similar withDOST scholarship)c) Establish linkage with international educational organizations (i.e., Colomboplan, JICA, KOICA, etc) for ICT scholarshipd) Adopt PPP approach for ICT education (IT companies will sponsor local ITschools)e) Education/awareness on the vital role of ICTD and Cyber Security targetingthe Decision Makers as the priority.f) Disseminate pertinent information to the general public. Conduct an advocacyprogramg) Identify strategic capability building needs, develop training programs— Setup a Cybersecurity instituteh) Improve IT and science education — a scientifically literate citizenry is the bestdefense against cyber attacksi) Create a protocol – Who is in charge of ICTD and cyber security? i.e. “Whoshould we report to once a cyber threat is detected?”V. ConclusionThe Philippine national security and national defense must take a “whole of nation”approach. It cannot be any longer the sole domain of those who wear uniforms, or servein government. ICT networks are not the sole domain of the government. An attack thatdestroys the network owned by the power grid can break a nation’s will more quickly thana bombing sortie by an air force.
  • 66. 66 ICT Development and Cyber Security ReaderUniformed services, such as the military and police, play a vital role in this defense ofthe nation, due to their ability to train and focus resources on issues. But other governmentoffices play a role as well, through their regulatory, enforcement and licensing powers.Private industry is equal partners due to their ownership of targets, but also because oftheir expertise and willingness to protect their trade.This new dimension of national security and national defense requires an evolutionof thinking. As one former FBI agent recounts— The “old” threats are still present. But the“new threats” require the national security administrators and professionals adapt to thenew field.But it has to start from the precept that ICT development and cybersecurity is amatter of URGENT national security policy and a priority of the President. The nation mustprepare for the new terrain. The nation’s security depends on it.# # #
  • 67. 67ICT Development and Cyber Security ReaderUnderstanding Cyber Security fromGlobal and Regional PerspectiveStephen P. Cutler, PhDPresident, FSC Holdings(FBI Ret)Paper presented during the Seminar Towards Information and Communications TechnologyDevelopment and Cybersecurity Enhancement on 6 June 2012 at the Honor Hall, NDCP, CampGeneral Emilio Aguinaldo, Quezon City._______________________________________________________________________________The World of TodayThe words “cyber security” often intimidateor discourage people who are not yetfamiliar with computers and networks,or “e-commerce” and databases. It carries oftenemotional implications that it may be beyondtheir understanding, and they are incapable ofaccomplishing anything of value in the “cybersecurity” arena. This paper seeks to not onlyovercome that individual mind-set, but todemonstrate that national security depends onthe involvement of all members of this nation,and those to which it is connected, in securing itsnetworks, grids and even individual computersand users. The “traditional” physical worldconcepts and ideas with which national securityprofessionals are quite comfortable are easilyadapted to and explained in the cyber context.Unlike the 1992 Disney song from the film Aladdin, this is decidedly not “A Whole NewWorld.” Now, twenty years later and in a new century, the cyber and physical worlds areinter-mingled to a great degree. This mingling greatly affects the ability to secure nations,and requires an adaptation to the current global and regional perspectives to the conceptof “national security.” Before beginning a discussion of cyber security, it is of great value to give thoughtto some basic ideas. These touch points of understanding are often assumed to exist amongthose who discuss cyber security, but are just as often lacking in one party or the other.Thus, a common ground for the discussion, and for decision making based on solid sharingof information and commonality, is missing. For example, give serious thought to the verybasic ideas below.o Are you able to describe a “botnet” to someone who is unfamiliar with computers?Are you able to describe in even a cursory and “plain English” manner how itworks? Are you able to describe how a computer becomes a “zombie?”
  • 68. 68 ICT Development and Cyber Security Readero Are you able to define “phishing” so that a person without a security backgroundcan understand the concept? Are you able to give an example of how phishingmight be used to compromise data?o Are you able to explain “malware” in a way that beginner level computer usersare able to understand the idea, and its danger to individual computers andnetworks?o Are you able to express the concept of “social engineering” in a way that noviceswill understand the dangers of answering probing questions asked by unauthorizedpersonnel?o Are you able to convey the value, but also the dangers, associated with a “USB” tonetworks and data storage?o Are you able to articulate, in a way that even non-engineers and non-securityfocused personnel can understand, the dangers of an “insider attack” to grids andnetworks? If pressed, and given time to formulate our thoughts, most of us will be able todescribe these important concepts in a way that those who are quite comfortable withphysical security will be able to understand. This is an important accomplishment, becauseit brings to bear many good minds and thinkers who are currently restricting their work tothe physical world, but who have valid ideas to bring to bear on the cyber world. The Old Testament book of Ecclesiastes, chapter 1:9, says “So, there is nothingnew under the sun.” This ancient piece of wisdom is valuable to remember in the cybersecurity context. This is true as far as it goes. Many of the concepts, ideas and viewpointsof security are those many practitioners have practiced for many years, but applied to adifferent operating environment. However, the speed at which events happen in the cyberworld, and the ability of people, or “actors,” to reach around the globe and cause events tohappen, requires national security professionals to adapt and grow in skills and knowledge,and to make decisions, in unprecedented ways. In the physical world, a typical bullet fired from a .45 caliber pistol travels atperhaps 950 feet per second. A typical round fired from the cannon of an M1A2 Abramstank travels perhaps 3,500 feet per second. Most current national security professionals arequite comfortable in discussing these parameters and their impact on security. In the cyberworld, a byte of information or instruction from one computer to another travels at perhaps186,000 miles per second. Thus, our operational and decision making cycles must adapt tothis “speed limit.” The ability to detect, deter, disrupt and dismantle groups, or the effortsof an individual, who intend to do us harm remains critically important to national security,but it must occur at a much faster pace than in the physical world. Trusted and trustworthyinformation sharing with allies and team members must be included in this growth area.The time-proven concepts of national sovereignty, territorial integrity and equalityof nation states, and resulting mechanisms of treaty compliance, diplomatic notes andother means of information sharing, developed under ideas first embodied in the Treatyof Westphalia in 1648 are still valid. But they must be adapted to an environment that ties
  • 69. 69ICT Development and Cyber Security Readernations together in unprecedented ways, an environment that allows virtually instantaneouscommunications between entities in various parts of the globe in ways not yet fullyexplored, and an environment that truly equalizes nations in ways that are also not yet fullyunderstood. The cyber world not only equalizes nations in ways not yet understood, but italso equalizes people in ways that are not yet fully understood, nor even fully identified.The ability to act in the cyber world empowers individuals in the remotest areas of a nationin many of the same ways as it empowers the richest of citizens in the hubs and corridorsof power in the biggest cities of the world.ThreatsThe nation faces an evolving array of cyber-based threats arising from a variety ofsources. Most of these may, at first glance, seem to affect only individual computers, or users,or even business networks. But all have an impact on national security since they impactthe ability of the nation to participate reliably and safely in the world’s economy and tradeschema. It is of value to broaden the definition and view of the term “national security” toinclude the entire range of activities within the nation that affect its ability to thrive and becompetitive in the global economy. Thus, “national security” must account for much more“The cyber worldnot only equalizesnations in ways not yetunderstood, but it alsoequalizes people in waysthat are not yet fullyunderstood, nor evenfully identified.”than numbers of jets in the inventory of the Air Force,or ships at sea for the Navy, and soldiers and Marineswho are ready to march to combat.Unintentional threats to national securityin the cyber field may arise from software upgradesthat have been applied without systemic planningand coordination. Software, the programming thatcommands computers to act in certain ways, maycontain instructions that conflict with other softwarealready installed on the machine or network. Theseconflicts may cause system outages in the worst case, or simply cause inefficient and slowoperations in other cases. In other instances, “defective” equipment may be used thatinadvertently disrupts systems. Such equipment may be defective due to lack of maintenanceor may develop defective operations due to actions or accidents from the environmentin which the equipment is operated. Both software and hardware issues are often basedupon or exacerbated by budget issues that inhibit proper planning and implementation ofupdates, and maintenance. Unintentional threats may also “set the stage” on which actorswith intent to do harm to the nation may perform their acts.Intentional threats are those that often come to mind, and more often make headlines.The nation is at risk of targeted and untargeted attacks from a variety of threat sources suchas criminal groups, hackers, terrorists, organization insiders, and even foreign nations whoconduct espionage and hostile acts in the cyber arena.Trends/Emerging ThreatsThreats to key critical infrastructure are of vital national security interest. Pastthinking in the national security field often focused on uniformed military versus uniformedmilitary, and it was often considered solely the domain of the uniformed services, or
  • 70. 70 ICT Development and Cyber Security Readerentities closely aligned with those services. For the most part, this served nations well inthe physical world, but may not serve so well in the cyber world. In the physical world, keycritical infrastructure such as dams and bridges or armories and rail yards were, and stillare, often government/publicly owned. Privately owned entities often suffered collateraldamage, but were not usually the main targets of hostile acts.In the cyber world, however, key critical infrastructures are often owned byprivate entities. Publicly, i.e. government, owned critical infrastructures are networkedinto electronic “relationships” with private networks in unprecedented ways. Even more,many of these are networked into a web that has no true owner at all: the internet, or “worldwide web.”Among the highest priority targets for intentional threats are “Supervisory Controland Data Acquisition,” more commonly referred to by the acronym “SCADA Systems.”These systems are used to oversee and direct complex systems that are not easily otherwisemonitored and controlled. For example, manufacturing processes that have many variablesmay be more easily monitored and controlled by computer than by an engineer’s sightand senses. But SCADA systems may be vulnerable to attack. This may alter the abilityof the system to correctly control the process. A well-reported example of such an attackwas named the “STUXNET” virus. This attack stopped all activity at a nuclear plant inIran. A search engine that indexes servers and other internet devices is helping hackers tofind industrial control systems that are vulnerable to tampering. While the example givenwas operated by the Iranian government, other such systems are often under the controlof private businesses, but affect the public. One example of this may be the dispatchingand aircraft control systems operated by airlines. The national air traffic control system isoperated by the government, but each airline also operates its own internal systems. Shouldthose systems be disrupted, there will be a strong negative impact on the public transportsystems. Financial systems are similarly situated.Greater use of cyberspace by the “bad guys” must be taken into account by nationalsecurity planners and implementers. The term sounds simplistic and juvenile, but is chosenon purpose to refer to a wide variety of “actors” who intend to harm, in any number of ways,the well-being of the nation. This group may include state or non-state actors, includingsingle individuals, who want to disrupt commerce, or communications or the ability of agroup or state to act in a particular issue. These groups may work to compromise securesystems handling national security classified information, but a wide variety of publiclyavailable reporting indicates that their efforts provide great returns in disruptions andcompromise of sensitive but unclassified (SBU) networks over which the bulk of the workof government and private entities are done.Use of this bandwidth to facilitate criminal activity is common according to publicreporting. This may include traditional crimes such as extortion, thefts, stock manipulations,but may extend into non-traditional crimes such as national security espionage, commercialand trade secret espionage, and other such activity.Swarm Theory: A Changing Paradigm The national security apparatus is comfortable with dealing with threats. It mayfocus on an invasion by a foreign army, and strengthen beach defenses. It may focus on airassaults. It may focus on an insurgency, and bombings or ambushes conducted by irregular
  • 71. 71ICT Development and Cyber Security Readerforces. It may develop defenses that are employed during convoys and patrols. It maymaintain information gathering efforts to learn of the capabilities of nations who may tryto harm its own nation. It may deal with symmetric threats, which are those which havecapabilities and thought processes substantially similar to its own. Or the national securityapparatus may deal with “asymmetric” threats, which have substantially differing from itsown constructs of “how the world works.” In the cyber world, the paradigms must adapt. Whereas physical attacks that posean existential threat to a nation must utilize thousands, if not hundreds of thousands ofpeople, with vast resources and time to develop and marshal capabilities, that time andeffort is not necessary in the cyber world. It has been clearly demonstrated, in Estonia andGeorgia, that nations may be attacked through their electronic networks. In the physicaldefense realm, its “players” may be able to focus on relatively tight areas and directions ofattack. Armies and nation level decision makers are familiar and comfortable with speakingin terms of “fronts” and “rears”, as well as “obliques” and “defilades.” Those terms havelittle actual application in the cyber world. In the cyber world, the national security apparatus must become familiar andcomfortable with operating in a “swarm” environment in which attacks on the infrastructureand well-being of the nation come from many directions and in many forms virtuallysimultaneously. This requires a flexibility and rapidity of response that is difficult tomaster without practice and forethought. One may picture this as a being a child who hasjust disturbed a hornet’s nest, and is attacked by the hive. Thousands of hornets appear toact independently, flying in seemingly random and uncoordinated patterns to attack thetarget. And some get through the child’s swatting defenses to inflict painful stings on her.That is a simplified, but visually effective, way to explain a botnet attack that is aimed atdenying service of targeted computer networks. The term “botnet” is shortened from “robotnetwork.”A defense against this cyber attack requires an adaptability and speed that isn’tnormally found in the physical world. For example, one of the reasons given in popularhistorical literature for the success of the Normandy invasion on 6 June 1944 is that the Nazihigh command expected the actual invasion at Pas de Calais, miles away from Normandy.They heavily fortified that site, and refused to move those forces in a timely manner toreinforce Normandy. Thus, the Allies were able to gain control of the beachhead, andultimately move inland. This lack of decisiveness and inability to respond to multiple attackswill result in much more rapid failure in the cyber world than in the physical world.How does a “botnet” work? In essence a hacker, or a group, will use a computer code to infect other computers,and allow the hacker to take control of those computers. These computers may be used bytheir normal users, while still under the control of the hacker for other uses. The normal,and authorized user, may or may not notice some diminution of speed in response of hercomputer. The hacker maintains control, and can use the computer to launch attacks againstother computers. This intermediate computer becomes, simply, a “robot” on the hacker’snetwork of robot computers. Thus is born the term “botnet.” The “robot” computer is oftenreferred to as a “zombie” since it has a “life” under the control of unauthorized users. The hacker may be an individual actor, and may or may not be connected with astate. A state, or a criminal group, may pay or not for the hacker to conduct attacks. They
  • 72. 72 ICT Development and Cyber Security Readermay simply acquiesce to the hacker’s work, realizing it achieves goals with which theyare happy, but for which they bear no risk and responsibility. The hacker is likely to “takeover” hundreds, thousands, hundreds of thousands, or more computers. These computersare then instructed to “swarm” a target computer or network, and overwhelm its defensesso that it cannot operate as intended. This is known as a “distributed denial of service”attack, or “DDOS.” The DDOS attack was used to cripple both Estonia and Georgia in thelast decade. The attack is still effective.What else can we do? A new paradigm of cooperation between the national security professionals andprivate industry must be developed. Law enforcement and military services, as well asother government entities such as the Department of Science and Technology, Departmentof Trade and Industry and others have a critical role to play. Many of the networks thatare subject to attack are privately owned. In addition, botnet attacks may appear tooriginate in many different countries, from privately owned computers as well as those“In the cyber world, thenational security apparatusmust become familiar andcomfortable with operatingin a “swarm” environmentin which attacks on theinfrastructure and well-being of the nation comefrom many directions andin many forms virtuallysimultaneously.”owned by governments. It is difficult inthe first critical stages of an attack toattribute the actual perpetrators with agreat deal of certainty. The computersand the electronic signals of the attackdo not wear uniforms, nor carry easilyidentified markings that one finds onenemy aircraft and warships. Withoutsuch certain attribution, it is difficultto launch offensive actions to disruptthe true source of the attack. Thus, it iscritical to have a solid and well-practiced“whole-of-society” response capabilityin these attacks, and develop attributionand counter-attacks as soon as feasible,but focus on defense and minimizing ofdamage at the initial stages. In this sense,the target system is not unlike a naval vessel under attack by numerous small and fast armedboats. Keeping afloat and undamaged is of paramount importance, while determining the“flag” of the boats will be done in time.Mike McConnell, Director of the United States National Security Agency from1992-1996, was quoted in the Washington Post in February 2010 as saying “No doubt, sucharrangements will muddy the waters between the traditional roles of the government andthe private sector. We must define the parameters of such interactions, but we should notdismiss them. Cyberspace knows no borders, and our defensive efforts must be similarlyseamless.” But these arrangements must be made within the nation, as well as regionally,and internationally. These arrangements must be practiced from time to time as well so thatthey may be correctly and timely used when needed.The United States Congressional Research Service wrote, in its paper entitled“Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress”issued in 2008 that “Ultimately, reducing the threat to national security from cybercrime
  • 73. 73ICT Development and Cyber Security Readerdepends on a strong commitment by government and the private sector to follow bestmanagement practices that help improve computer security.” Although their statementfocused and stated “cybercrime” the ideas it propounds apply to all cyber threats and notjust what are typically referred to as “criminal.”In summary, physical world differentiations and divisions of national security intomilitary, criminal and commercial areas are counter-productive and crippling to protectingthe nation’s interests in the cyber world. The total nation must work together to protect itsnetworks and infrastructure. The nation must work with other nations to develop trusted andsecure but quick ways to exchange information that conforms to treaty requirements, andinternationally accepted norms, while enabling appropriate responses to cyber emergencies.The nation’s security depends on it.# # #“Ultimately, reducing the threat tonational security from cybercrimedepends on a strong commitmentby government and the private sectorto follow best management practicesthat help improve computer security.”____________________Steve is the President and Chief Executive Officer of FSC Holdings, a consultancyfirm in Makati. He lectures frequently on technology, security, anti-moneylaundering and terrorism. He also has strong experience in data and physicalsecurity management, and disaster preparedness arenas. Mr. Cutler is retired fromthe U.S. Federal Bureau of Investigation.
  • 74. 74 ICT Development and Cyber Security ReaderCyber War and Cyber TerrorismStephen P. Cutler, PhDPresident, FSC Holdings(FBI Ret)Paper presented during the Seminar Towards Information and Communications TechnologyDevelopment and Cybersecurity Enhancement on 6 June 2012 at the Honor Hall, NDCP, CampGeneral Emilio Aguinaldo, Quezon City._______________________________________________________________________________Cyber war. Cyber-terrorism. These are chilling words, and concepts that strike fearinto our hearts. We have visions of dark cities, frozen bank accounts and financialruin, airliners exhausting fuel supplies in mid-air because they can’t land withoutcoordination and communications from ground based air traffic controllers, and powerplants running amok. The terms call to mind certain images. These may both illustrate thenature and magnitude of potential problems, but they may restrict our thinking as well.Attachment of a modifier to the word “war” puts that concept into an area that brings muchemotional and subjective “baggage” with it. Visions of masses of uniformed troops, andweapons systems such as fighter or bomber jets, tanks and big ships with big guns come tomind. Death and devastation isn’t far behind.The words may work well in the physical world, but may not serve us well in thecyber world. They carry the implication that wars are carried out by certain organizations,and not others. Wars are conducted by armies, and navies, and air forces, but not bycivilians and civil forces. Wars are generally conducted under guidelines and the “rules ofwar.” Uniforms clearly identify, even from a distance, who belongs to which side. Theseconcepts, the development of which began hundreds of years ago in an agrarian age, workfairly well if imperfectly in the physical world. They are less effective in the cyber, or non-physical, world.Just as Clausewitz wrote about the relationship between war and a nation’s interestsand objectives, we must apply certain time-honored concepts to our policy developmentin the cyber arena. John B. Sheldon, a noted author in the field, writes “Cyber power doesindeed have strategic purpose relevant to achieving policy objectives. This strategic purposerevolves around the ability in peace and war to manipulate perceptions of the strategic environmentto one’s advantage while at the same time degrading the ability of an adversary to comprehend thatsame environment.”Sheldon’s observations demonstrate that the development of national policy oncyber security must take place as part of the overall scheme of securing the nation’s interests,development and competitiveness in the international arena. In that way, it is part andparcel with the evolution of policy on physical security and defense issues, and economicsecurity and defense issues. Many of the same principals with which we are very familiarin the physical world may translate into the cyber environment.It is helpful to develop a common understanding of some terms that are frequentlyused. Sheldon’s views and explanations are, again, quite helpful. He sees “cyberspace” as “a
  • 75. 75ICT Development and Cyber Security Readerglobal domain within the information environment consisting of the interdependent networkof information technology infrastructures, including the Internet, telecommunicationsnetworks, computer systems, and embedded processors and controllers.” At first glance, thisis quite a bit to understand. But upon reflection, the definition is quite simple. It emphasizesthat the field of concern is global, and not necessarily restricted to the territory of a singlenation or region. The field is networked, and not focused on discrete and separate parts.Thus, planning and responses, and the view or mind-set of national security professionalsas they work in the field, must be much broader than what we find in the physical world.Sheldon elaborates that “cyberspace operations include the employment of cybercapabilities where the primary purpose is to achieve objectives in or through cyberspace.Such operations include computer network operations and activities to operate and defendthe Global Information Grid.” This carries the strong idea that a single nation, or entity withinthe nation, must defend itself, but it also bears a responsibility for defense of the entire grid.This is a very large step forward in thinking for many national security professionals, anddemands a change in “world view.”Sheldon describes a “computer network attack,” or CNA, as those “actions takenthrough the use of computer networks to disrupt, deny, degrade, or destroy informationresident in computers and computer networks, or the computers and networks themselves.”Unlike the physical world, the defense of the cyber world is focused on information andnetworks. These exist, but in forms that are not readily seen by the human eye. Thus, theycarry with them some mystery and unfamiliarity.It is easy to deal with the speed of a bullet, or an artillery shell. The bullet fired froma .45 pistol travels at about 950 feet per second. The round fired from an M1A2 Abramstanks covers about 3,500 feet per second. Digital bytes of information, code and “orders”from one computer to another travels at about 186,000 feet per second, and is not restrictedin impact to a single target. Multiple computers may receive the bytes at the same time,with no diminution of effect. The main difference in the physical world security conceptsand their application to the cyber world is the speed at which events may happen, and thedistances between “trigger point” and “impact point.” National security professionals mustunderstand and become comfortable with the ability of an actor on any part of the globeto attack any other part of the globe at the speed of light. While this understanding andcomfort level is daunting, it is doable.Sheldon further describes “computer network exploitation, or CNE, as “enablingoperations and intelligence collection capabilities conducted through the use of computernetworks to gather data from target or adversary automated information systems ornetworks.” This is a critical capability within the national security framework, so that anation’s security apparatus may, so to speak, “play on the same field” as those who seek toharm the nation. In the physical world, national defense was thought of in terms of tanks,ships, jets and rifles. Ownership of these tools was restricted to the nation state. In the cyberworld, however, most of the networks in which operations are conducted are owned byprivate entities. This new paradigm will require a degree of integration of “private andpublic partnerships” into the national security framework that has not been seen before.He writes of “computer network defense, or CND, as “actions taken to protect,monitor, analyze, detect, and respond to unauthorized activity within the Department
  • 76. 76 ICT Development and Cyber Security Readerof Defense information systems and computer networks.” This definition, written from aUnited States’ perspective, seems overly restrictive in a networked world, where the linesbetween “Department of Defense” and “other” systems are indistinct and immaterial.Sheldon elaborates by defining “computer network operations, or CNO, as being “comprisedof computer network attack, computer network defense, and related computer networkexploitation enabling operations.” This definition is not restricted to those networksbelonging only to military and governments of nations. This is appropriate in the cyberworld.What is “Cyberspace”?Some context is valuable. In the physical world, access to a given area, or even anation, was normally provided through certain gates, or ports. These entry points wereidentified, and “advertised” in certain ways. Nations could defend these gateways. Theycould identify intruders. Doors could be closed. Guns could be trained on specific points.The “New” Gates to nations are electronic, and carried by cable, but the concept isthe same as in the physical world. Access to the Philippines, for example, from other nationsis gained through one of six cables that connect the Philippines to the world. Should thesecables be disrupted in some fashion, by the hands of man or nature, the Philippines willlose all connection to the rest of the world, and all but internal commerce and trade willstop. But the defense of these ports of entry is still feasible, and imperative. It simply mustbe done with the same tools and mindset of the attackers, adapting to the threats faced.The threat constantly and rapidly changes Philippine national security and national defense must take a “whole of society”mind set. It cannot any longer be the sole domain of those who wear uniforms, or serve ingovernment. The concept of “total war” in which civilian populations and civilian buildingswere specifically targeted was clearly demonstrated in the American Civil War, as well asWorld War II. It finds application in the physical world today in the actions against terrorists,who kinetically target civilian populations to force governments to take certain actions. Thecyber arena is also one in which the idea of “total war” is played out. Networks are not the sole domain of the nation’s government. An attack thatdestroys the network owned by the power grid can break a nation’s will more quickly thana bombing sortie by an air force. Uniformed services, such as the military and police, playa vital role in this defense of the nation, due to their ability to train and focus resources onissues. But other government offices play a role as well, through their regulatory, enforcementand licensing powers. Private industry is equal partners due to their ownership of targets, butalso because of their expertise and willingness to protect their trade. This new dimension ofnational security and national defense requires an evolution of thinking. The “old” threatsare still present. But the “new threats” require the national security professional to adaptto the new field.Together the nation must prepare for the new terrain. The nation’s security dependson it.# # #
  • 77. 77ICT Development and Cyber Security ReaderPhilippine Cyber Security: General SituationAngel S. Averia, Jr.The paper is a post-write up of the presentation with the same title delivered at the seminar, “TowardsICTD and Cyber Security Enhancement”, held at the National Defense College of the Philippineson June 6-8 and 11, 2012._______________________________________________________________________________What is Cyber Space?Before we begin to gain an understanding and appreciation of the Philippine CyberSecurity Situation, let us first try to gain an understanding cyber space. There is anabundance of literature that chronicles the development of the Internet that evolvedinto a platform host of what we know today as cyber space. In the earlier days of theInternet, the interconnectivity of independent networks allowed for the basic exchangeand sharing of data/information between and among select groups of individuals. Thedevelopment of packet switching, IP addressing, and domain name systems, among others,provided the building blocks of the Internet. Advancesinthedevelopmentofapplicationslikebrowsers,web-basedapplications,and search engines provided efficiencies in information sharing and independent searchfor information, ushering the transformation of the Internet into cyber space. As electronicmail evolved in the Internet platform, groups or online communities started to developand, with the development of enabling applications, transformed and expanded intowhat we now know as social networks. In the meantime, in parallel developments, onlinemarket places also started to evolve, triggering commercial and trading activities. Cyber space has not been fully defined, but it exists. As a virtual domain, cyberspace consists of physical, logical, and social components. [See: TRADOC Pamphlet 525-7-8, U.S. Army, Cyberspace Operations Concept Capability Plan 2016-2028 at ] The cyberspace components are:1. Physicala. Geographic Locations – locations in the physical world where computers,electronic devices, networks, wired and wireless telecommunications facilitiesand infrastructure, people, communities, and organizations may be found.b. Networks – the interconnected information system networks and devices andtelecommunications infrastructure that make up the internet and allows easyconnectivity2. Logicala. IP Address – the logical address of devices connected to the internet, such devicesare used to access cyberspace
  • 78. 78 ICT Development and Cyber Security Reader3. Sociala. People and Juridical Entities – users in cyberspaceb. Internet Identity – The identity of persons and organizations adopted by users incyberspace, real or cloaked in anonymity The illustration below presents a conceptual image of cyberspace: Cyber space may be viewed as follows:• a virtual domain where persons, natural or juridical, and communitiesoperate,• a venue for social interaction• a new marketplace where products and services are traded• the birthplace of a new global culture• virtually reversed diasporaCyber Security Concerns The internet is a vulnerable infrastructure. Its basic design goals are openness, easeof connectivity, physical resilience, and interoperability. Even as developers of devicesand software adhere to security standards in designing new products, openness, ease ofconnectivity, and interoperability are paramount concepts that they have to meet. Securityof devices, databases, and applications cannot be guaranteed a hundred percent. As internet users became netizens taking advantage of the benefits that cyber spaceoffered, the same virtual domain gave birth to a culture with malevolent designs. Overthe last 2 decades we saw an increase in the volume, velocity, and sophistication of cyberattacks targeted at individuals, communities, and business and government organizations.At the extreme, some attacks are aimed at the destabilization of the state.Status of the Philippine ICT Infrastructure With the foregoing as background, we now look into the status of the PhilippineICT infrastructure.
  • 79. 79ICT Development and Cyber Security Reader There are presently 6 internet exchanges operated by telecommunicationscompanies which are not peered so that messages and data exchange are routed globallybefore said messages and data exchanged reach the intended local destination. Mobiledevices and the use of the cloud infrastructure and social network sites have also been onthe upswing, Amid the positive developments in cyber space, malevolent activities have alsobeen noted. In 2011 alone, 57 local cases of identity theft, hacking, scamming, harassment,estafa/fraud, pornography, and extortion were recorded. Many more have goneunreported. Port 23/TCP scanning activities were also observed during the period December1, 2011 to May 1, 2012. ICMP Port scan peaked at 14Mbps at 13:44 (GMT +8) on March 30,2012. Port scanning is the precursor activity conducted by malevolent actors looking forvulnerabilities in networks prior to an attack.Philippine TLD Among the Riskiest In its Mapping the Mal Web Report, McAfee noted that Philippine Top LevelDomain (TLD) ranked 6th in 2009 among the riskiest TLDs in the world. In 2010, PhilippineTLD risk profile improved, ranked at 25th.Scarborough Shoal Territorial Dispute As the dispute between the Philippines and China heated up, defacement activitiesbetween the two countries’ hacker groups over the period April 20, 2012 to May 11, 2012,though attribution cannot be confirmed, were noted.Hostage Incident Rewinding to 2010, within two weeks following the hostage incident involvingHong Kong nationals at the Quirino Grandstand in Manila, defacement of national andlocal government websites were recorded.More Web Defacements The 2011-2012 witnessed the defacement of a number of national and localgovernment websites, including that of the Department of Transportation andCommunication, Land Transportation Office, Vice President Binay’s website, and Bulacangovernment website. On the weekend of June 2-3, 2012, the websites of the Department of Justice, thePhilippine Drug Enforcement Agency, and the National Economic Development Authoritywere likewise defaced. The list also includes the following:• Technical Education and Skills Development Authority
  • 80. 80 ICT Development and Cyber Security Reader• Department of Health• Department of Social Welfare and Development• Bases Conversion and Development Authority• Philippine Nuclear Research Institute• Department of Trade and Industry• Department of Interior and Local Government• Philippine Information Agency• Philippine Army, 4th Infantry Division in Mindanao• Housing and Land Use Regulatory Board• Office of the Ombudsman••••••••• Culprits The perpetrators identified themselves as:• PrivateX• Philker• iSKORPiTX - a Turkey based group of hackers• China Hacktivist• BatangMahiligMagbatibot• Black AtTacKer• MISTA Haxor• Clienc0de bgh7 m3rcil3sS• Freeman• KuTaHYaLıBeLa• team crimes linux -• 1923Turk Grup• Ha[c]kingFor[c]es• Mr-CaCaRoTe• Saudi Arabia Hackers• Ma3sTr0-DzPhishing Phishing, a type of social engineering attack, is designed to lure netizens toprovide personal information. Phishers (as perpetrators of phishing attacks are referredto) masquerade themselves by mimicking bank websites and requests random targetsto update their account information. Three local universal/commercial banks weremimicked by phishers in 2011. Cost of damage is unreported as banks sought to protecttheir identities and reputation.
  • 81. 81ICT Development and Cyber Security ReaderSpam Spam is basically an unsolicited communication (email or text/SMS) sent torandom targets designed:• To gather personally identifiable information and other sensitive data• For commercial offers such as real estate, medicines (Viagra, cialis, etc.), high endwatches, and other products• For fraudulent offers, like fake lottery Cebu used to be the center of commercial type of spam. From snail mail to email, the Nigerian scam has also found its way in cyberspace and has been translated in several languages. The Nigerian scam offers randomtargets access to large amounts of cash, which perpetrators claim to be funds provided byinternational funding agencies but which can no longer be returned to the donor. Randomtargets are asked to provide the perpetrators access to personal bank accounts where thefunds can be remitted. To initiate the fund transfer, the perpetrators request the accountowners to deposit a certain amount to fund the remittance fees. Another kind of spam requests financial assistance from random targets usingemail addresses known to random targets. The sender reports that he is in a foreigncountry and has fallen victim to thieves and lost everything, including cash, credit andATM cards, and passport.Advanced Persistent Threats (APTs) APTs are the most sophisticated type of attacks to date, reportedly sponsored bynation-states. APTs are targeted at governments, financial institutions, industrial concernslike power generators, nuclear facilities (eg. Iran), research facilities (eg. Oakridge NationalLaboratory), and information security companies (eg. RSA), among others. An exampleof APT is Stuxnet. Analysts report that Stuxnet is a computer worm designed to targetSiemens Industrial Software and Hardware. It reportedly includes a programmable logiccontroller rootkit, possibly a prelude to an artificial intelligence type of malware. In the case of the Stuxnet attack in the Iranian nuclear refinement facility, thecomputer worm reportedly altered operational data to show normal operations when infact operating conditions were altered. The attack was reportedly launched through socialengineering. Since the facility is not connected to the telecommunications infrastructure,reports indicate that attackers used USB thumb drives as attack vectors. USB thumb driveswith the payload were dropped in strategic places at or around the nuclear facility in thehope that facility workers would find them. Flamer is reportedly a variant of Stuxnet.Cyber Warfare, Cyber Terrorism The 1st web war was launched against Estonia, the world’s most wired nationwith unified services. The unified services that sit on Estonia’s ICT infrastructure put it athigh risk to distributed denial of service attacks that crippled the nation’s integrated ICTinfrastructure.
  • 82. 82 ICT Development and Cyber Security Reader While the Philippines’s disjointed ICT infrastructure appears to be at low risk, itstill faces a concerted DDOS.National Security: Misuse, Abuse of ICT ICT can be used as a propaganda machinery and may be used to coordinate rebelactivities. This has been demonstrated where mobile phones with unregistered prepaidSIM cards have been used to detonate improvised explosive devices.Threats from WithinGlobal surveys have shown that internal users of information systems rank high inthe vulnerability scale. Disgruntled workers may launch attacks to an organization’sinformation systems, abusing their access credentials/privilege. Information may also beaccidentally disclosed. Information may be used for personal (financial) gain.Readiness Assessment As previously pointed out, the Philippines’s internet exchanges are not peered,exposing unencrypted data in transit to risks of pilfering as it traverses the global internetinfrastructure. Government agencies face risks as evidenced by defacement of websites –an indicator of weak information security practice. Human capacity – skills and practice– need to be enhanced. Acquisition of technology resources is challenged by budgetaryconstraints. Government officials and workers use free email (gmail and yahoo, amongothers) to exchange data and messages.Information Security Practice To improve the country’s information security posture, government needs to lookoutside of its borders. Some countries have set out to develop and implement informationsecurity plans and programs through the creation of information security agenciesmandated to address information security concerns. Examples are:• Korean Information Security Agency• Cyber Security Malaysia• Pakistan Information Security AgencySolutions and Practices The country needs to:• establish and implement a well-defined set of information security policies andmeasures;• develop and disseminate information security awareness programs;• adopt and implement Information Security Management Systems in national andlocal government agencies, offices, and instrumentalities;• use technology solutions such as intrusion detection and prevention sytems,firewalls, and other security solutions and must consider other security measuresas migration to cloud services are considered to reduce and/or mitigate risks;and
  • 83. 83ICT Development and Cyber Security Reader• adopt and institutionalize risk management practiceWhere are we? The Electronic Commerce Act or Republic Act No. 8792 was enacted in 2000.Section 33 of said law hacking or cracking as a criminal act:• unauthorized access into a computer system/server• unauthorized access into an information and communication system• Interference in a computer system/server• Interference in an information and communication system• any access in order to corrupt, alter, steal, or destroy using a computer or othersimilar information and communication devices• the introduction of computer viruses and the like, resulting in the corruption,destruction, alteration, theft or loss of electronic data messages or electronicdocumentThe law, however, does not provide definitions for:• unauthorized access• interference• virus A year after the enactment of RA8792, the Supreme Court promulgated the Ruleson Electronic Evidence. There is, however, a need to train judges and lawyers.Proposed Legislation A Cyber Crime Bill is under consideration in Congress. The bill provides thefollowing features:• definition of illegal acts targeted at the integrity, confidentiality, and availability ofinformation systems and data that reside in it:o Illegal Accesso Illegal Interceptiono Data Interferenceo System Interferenceo Cyber Squattingo Misuse of Devices• Definition of other illegal acts committed with the use of computers and theinternet:o Computer-related Forgeryo Computer-related Fraudo Cybersexo Child Pornography (in relation to RA 9775)o Unsolicited Commercial Communicationso Libel (RPC Art. 355)
  • 84. 84 ICT Development and Cyber Security Reader• Definition of other illegal acts:o Aiding or Abetting in the Commission of Cybercrimeo Attempt in the Commission of Cybercrime The proposed law also prescribes penalties for the illegal acts. Other features included are:• Restricting or Blocking Access to Computer Data. – When a computer data isprima facie found to be in violation of the provisions of this Act, the DOJ shallissue an order to restrict or block access to such computer data.• Creation of a Government Agency: Cybercrime Investigation and CoordinatingCenter (CICC), among the functions of which is:• To formulate a national cyber security plan and extend immediate assistance for thesuppression of real-time commission of cybercrime offenses through a computeremergency response team (CERT);Status of ICT Related Bills:• Data Privacy – went through the Bi-Cameral Conference Committee on May 24,2012• Cybercrime Bill – went through Bi-Cameral Conference Committee on May 31,2012• Awaiting ratification of the Bicam Reports• Will be endorsed to the President for promulgation into law after ratificationCapability Building The Criminal Investigation and Detection Group of the Philippine NationalPolice, over the last decade, has been building capacity and capability in addressing andinvestigating cyber crimes. It has established digital forensics laboratories in Cebu, Davao,Legaspi, Zamboanga, and in Quezon City. The National Bureau of Investigation has also created its Cyber Crime Unit and ispresently building digital forensics capability. The Department of Justice has also launched a training program forprosecutors.Cyber Space Needs To recap, the country needs:• A Central Authority that will address Cyber Security• A cohesive Cyber Security Framework• Cyber Security Plans and Programs• Information Security Practice
  • 85. 85ICT Development and Cyber Security Reader• Response Capability• Address cyberspace security as a national security issue• Create and promote awareness among citizens• Collaborate with local and international experts and organizations_______________The author is President, Philippine Computer Emergency Response Team (PhCERT),Business Continuity Planning and Senior Information Security Consultant, RigeltechIT Consultancy. He is also a Resource person of the Supreme Court’s Subcommitteeon e-Commerce and Resource person of the Technical Working Group, House ofRepresentatives and Senate, that assisted in the drafting of ICT related bills.About PhCERT The Philippine Computer Emergency Response Team (PhCERT) is a volunteergroup of information security professionals and practitioners, responding to informationsecurity incidents. As a member of the Asia-Pacific Computer Emergency Response Team(APCERT), it serves as the country’s point-of-contact, coordinating and collaboratingwith APCERT’s member economies and CERTs in other countries outside of the Asia-Pacific Region in addressing and resolving information security incidents. PhCERTalso participates in policy development and legislation, conducts information securityawareness programs, and provides consultative assistance in building incident responsecapabilities.
  • 86. 86 ICT Development and Cyber Security ReaderHistorical Notes on Technology andCyber Security InitiativesDr. Lorenzo A. Clavejo, DPAIntroduction This is an article written not to present a technical exposition or an in-depth treatiseon a very challenging subject matter – Cyber Security, but a thinking aloud process of anIT user, an inquiry of where we are heading to with our cyber security discourses and themultiplicity of institutional initiatives we have noted within and outside our country. Thisarticle therefore, does not reflect any official perspective but that of the author’s personalreflection. It does, however, present some courses of action and institutional initiativesapplicable to all netizens of the world.Some Initiatives and Courses of Action Four months ago, last August 7-8, 2012, the APEC Ministers tasked for theTelecommunicationsandInformationIndustryconvenedinSt.Petersburg,Russia,andcameup with the firm commitment with their declaration “Building Confidence and Security inthe Use of ICT to Promote Economic Growth and Prosperity.” One of the highlights of thisdeclaration was the collective realization that there is a need to elevate the level of cybersecurity awareness and collaborate in the efforts of enhancing this awareness through suchrecognition as the APEC Cyber Security Awareness Day. Consequently, October 29, 2012marked the third annual APEC Cyber Security Awareness Day with respective nationalefforts in upgrading the awareness level of the people on Cyber Security. Thus, APECTelecommunications and Information Working Group came up with the CybersecurityTop Tips that highlighted the following:A. Use Strong Passwords and Keep Them Secure: Use passwords that have atleast eight characters and include both numbers and symbols.- Change your password regularly, at a minimum every 90 days.- Keep your password safe. Do not share it on the internet, over the phone,or over email.B. Use Security Technology and Keep It Up to Date: Protect your computer andall devices that connect to the Internet by using firewalls, anti-virus, anti-spyware and anti-phishing technology.- Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from viruses and malware.- Ensure your system and these programs are regularly updated andpatched guard against known vulnerabilities.C. Stay Safe Online: Think before you act; do not open attachments or open linkssent by individuals who are unknown to you or that you were not expecting.- Do not provide unnecessary private personal information on the net.
  • 87. 87ICT Development and Cyber Security Reader- Monitor your children’s internet activities.- When available, set the privacy and security settings on websites to yourcomfort level for information sharing.D. Secure wireless networks: Minimize the risk on your wireless network byenabling encryption, changing the default password, changing the ServiceSet Identifier (SSID) name (which is the name of your network) and usingthe MAC filtering feature, which allows you to designate and restrict whichcomputers can connect to your wireless network.E. Be a Good Online Citizen: Safer for me more secure for all: What you do onlinehas the potential to affect everyone – at home, at work and around the world.- Practicing good online habits benefits the global digital community. In addition to these top tips disseminated through various posters and nationaladvisories by the APEC member countries, other efforts by the various working groupsof APEC likewise intensified their courses of action and initiatives. Such APEC workinggroup would include the Security and Prosperity Steering Group, whose scope of workfocuses, among others, on the following:• Promoting security, trust and confidence in networks/ infrastructure/ services /technologies / applications / e-commerce;• Computer Emergency Response Teams (CERTs) and Computer Security IncidentResponse Teams (CSIRTs);• Spam/Spyware;• Cybercrime prevention;• Human resource development and capacity building on combating cybercrimeand implementing effective cyber security awareness initiatives ; and• Business facilitation through discussions with the private sector on promotingsecurity, trust and confidence in the use of ICT for business and trade. And what is Cyber Security then, in the eyes of researchers, policy analysts, andplanners who are IT users and consumers?Thinking Aloud in the Market Place of Ideas For the past several years, since I came across such contingency challenge of the ITIndustry, with the much anticipated computer glitz on the cross over year of 2000, globallytermed “Y2K”, IT practitioners and users have sustained that level of sophistication andtechnical expertise that somehow to ordinary computer literate person, like me, wouldstop and listen if only to learn some lessons on cyber security and its trajectory in thefuture. I have stopped being intimidated with terminologies such as URL, PDF, or gettinginto the superhighway with such esoteric concepts as protocol, lynx, mosaic, Mozilla’sFirefox, Safari and their related concepts. Over the years, my IT user’s instinct taught meto instead focus on what I could avail of in preparing reports, graphical illustrations andtabular presentations of studies and researches, of knowing the basic difference betweenan open office system from the Windows and the Microsoft systems.
  • 88. 88 ICT Development and Cyber Security Reader What has changed over the years in this perspective, as probably shared by thecohorts of good netizens, are the anxiety and apprehensions that real international cyberthreats and cyber crimes which affect not only individuals but strategic institutions andorganizations anywhere and everywhere are rushing in much faster than the concertedefforts of putting up firewalls, virus scans and other preventive measures to combat thesereal cyber threats. Raising the alarm and providing advisories have become the regularactivities of many institutions not only by the government agencies but also by the businesssector, private enterprises, ranging from food, water supply, medicines, power and energysupplies, banking and finance, and trading, among others. In fact, in the Philippines, ourCongress has just enacted the Law on Cyber Crimes. And faster than its application onthe ground, was the flurry of dissenting opinions and opposing views of how to applythe same. Thus, cyber defence in the context of those defined cyber crimes have nowbecome the subject matter of the continuing discourses among policy makers, policyimplementors, law enforcers and businessmen both in the urban setting as well as in therural environment of the country. Cyberspace is certainly expanding very fast to encompass the whole globe, fromAsia to Africa, from Americas to Europe, and from insular and littoral states to mainlandand continental countries. Our ball park estimates would indicate that there are morethan a billion netizens, with mobile Internet promising to double that number; data andprocesses moving to the cloud; an Internet of things, with email addresses created orinvented; where business and government agencies digitizing their core processes, andeven online elections in some countries, to include the Philippines. To better understandthe future direction of cyber conflicts, from our own limited perspective and level ofexperience as an ordinary IT users, as distinguished from those IT experts and specialists,who are the sources of our information, advisories and courses of action. We must listen tothem and follow their advisories what with their wider glance and extensive experiences.On the other hand, the limited information being shared as well as the narrow perspectivewe developed could also be the source of our anxieties and apprehensions. With the number of focused group discussions and conferences that have beenconvened over the past decades, the focus has been much on the technology and compara-tively too little on the broader security issues and corollary implications. Looking back inthe past, the industrialization in the 18th to 19th centuries started a process which led onthe one hand to the West overtaking the Rest in wealth creation and ultimately in powerand influence over the world’s resources. This was then the divide. Unfortunately, it alsocreated the instruments and vehicles for the industrialization of death and destruction inWorld Wars I and II. Consequently, it would be naïve to think that technology enhancesand facilitates wealth creation alone. For history has taught us some lessons that it alsomatters strategically, politically and morally. We need to keep in mind the bigger pictureand what is at stake when we discuss different civilizations and nations’ assumptionsabout the nature of technology such as now applied in the cyber space. These assumptionswould define and describe that trajectory in terms of how the internet will be applied bysome countries over other countries. The physical and the cyber worlds are converging and boundaries between the"cyber" and the "real" world have started to disappear. This in turn implies a convergencebetween cyber security and overall global security. And whether we realize it earlier or lat-er, we have entered into that age that does not anymore invent nor create “future shocks”in the words of Alvin Toffler, but in the paradigm shift of cyber security initiatives for a
  • 89. 89ICT Development and Cyber Security Readerbetter world to live in. To many students of society, like us, perhaps understanding cyberspace and information highway would be a good starting point. Perhaps, we can still saywe trust in the goodness of man as a rational being, but we have to hastily add, however,that we must also realize that technology is very much neutral with its uses and applica-tions, for the driving forces and assumptions in the cyber space are dictated by conflictinginterests and opposing world views. Perhaps, this is just an afterthought of reading Sam-uel Huntington’s clash of civilizations. Thinking aloud also necessitates allowing otherideas to sink into one’s liberal mind if only to be rational and proactive in the cyberspace.# # #________________Dr. Clavejo, is connected with the National Security Council, as Director of Planning andManagement Staff, Strategic Planning Office (PMS/SPO). His public service spannedmore than thirty years starting as a tax researcher, provincial and regional manager ingovernment corporation before joining in the security sector services. He earned post-graduate courses as fellow on development planning at the ITC, Enschede, the Netherlandsin 1984; the advanced National Security Course in the 1990s at the National Security Bureau(NSB) in Taiwan and the Advanced Security Cooperation Course at the Asia Pacific Centerfor Security Studies (APCSS), Honolulu, Hawaii, in 2009. Director Clavejo holds a postgraduate degree, Master of Science in Economics from Asian Social Institute, Manila anda doctoral degree, Doctor of Public Administration, from the National College of PublicAdministration and Governance, University of the Philippines, Diliman, Quezon City(2008).
  • 90. 90 ICT Development and Cyber Security ReaderCyber security: Perspectives on AttacksJohn Peter Abraham Q. Ruero, PhD-Candidate, MSIM, ECEVP for Information Systems Security Association (ISSA) Phil ChapterPaper presented during the Seminar Towards Information and Communications TechnologyDevelopment and Cybersecurity Enhancement on 6 June 2012 at the Honor Hall, NDCP, CampGeneral Emilio Aguinaldo, Quezon City.____________________________________________________________________________________________________________________________________Alot has been said about cyber attacks—from simple website defacement to actualmalicious activities like hacking, phishing, malware infection, and social engineering,and there seems to be a multitude of ways to gain access into computer systemswithout the approval or knowledge of systems and network administrators. These malicioushackers, known in cybersecurity world as black hats, have proliferated throughout the worldusing variety of sophisticated tools, and applying methods and techniques to perpetratetheir “dark agenda”—either for financial gain, recognition, bragging rights, entertainment,and, more recently, the use of the Internet to promote a particular political, religious, socialor scientific cause or ideology. Recently, in the 2010-2011 Computer Crime and Security Survey Report, one keyfinding was that malware (short for malicious software) continued to be the most commonlyseen attack, with 67.1% respondents reporting it. Malware includes viruses, trojans and thelike, capable of propagating the malicious codes into unsuspecting victims (that is, computersystems), thereby compromising critical information technology (IT) infrastructure. Further,in the Symantec Internet Security Threat Report Trends in 2009, there were interestinghighlights on global trends on threats in information security. For instance, Brazil rankedthird behind US and China in malicious activity in 2009. One of the attacks in Brazil resultedinto a massive power grid blackout, while another one resulted in the exposure of valuabledata and a USD 350,000 ransom request after a government website was compromised wheremore than 3,000 employees were unable to access the site for more than 24 hours. In 2009,India also accounted for 15% of all malicious activity in the Asia Pacific-Japan region, anincrease from 10% from 2008, which consequently earned India its title of being the thirdhighest country of spam origin globally. In January 2012, attack patterns like SQL injection attacks, in particular, the MassSQLi automated attacks such as the lilupophilupop, had infected approximately 1.17M sites,with Netherlands topping the list, followed closely by Russia, France, Germany and theUK. In the same year, geographic distribution of attackers came from US (1st), Korea (3rd),France, Germany and Poland in the 4th-6thplace, with a 26% unknown source of attacks (2nd). Russia, Thailand, Hongkong and Taiwan completed the top 10 list. In contrast, US, Indonesia, the Slovak Republic, Malaysia, and Poland were thetop five geographic distribution of victims. Most victimized applications per top remotefile include (RFI) attempts were Joomla and Wordpress. These were additional applicationvulnerabilities discovered on victimized servers.
  • 91. 91ICT Development and Cyber Security Reader On recent cyber attacks, most of the targeted ones were focused on enterprises, with75% of enterprises surveyed experienced some form of cyber attack in 2009.• Targeted attacks using advanced persistent threats (APT ) that occurred in 2009made headlines in early 2010. Most notable of these was the Hydraq Trojan (a.k.a.,Aurora). In January 2010, reports emerged that dozens of large companies had beencompromised by attackers using this Trojan.• In 2009, 60 percent of identities exposed were compromised by hacking attacks,which are another form of targeted attack. The majority of these were the result ofa successful hacking attack on a single credit card payment processor. The hackersgained access to the company’s payment processing network using an SQL-injectionattack. The attackers then installed malicious code designed to gather sensitiveinformation from the network, which allowed them to easily access the networkat their convenience. The attacks resulted in the theft of approximately 130 millioncredit card numbers. Despite their beliefs, industry data shows the number of organizations under attackare closer to 100% (Fallon, 2012). Some companies are fighting intrusions and spend USD50,000—100,000 a week (Baker, 2012). Web-based attacks take on all corners as well. The top Web-based attacks observedin 2009 primarily targeted vulnerabilities in Internet Explorer and applications that processPDF files, namely:• Microsoft Windows SMB2 ‘_Smb2ValidateProviderCallback()’ Remote CodeExecution• Adobe Reader and Flash Player Remote Code Execution• Microsoft Internet Explorer 7 Uninitialized Memory Code Execution• Microsoft Windows ‘MPEG2TuneRequest’ ActiveX Control Remote CodeExecution• Adobe Reader Collab ‘getIcon()’ JavaScript Method Remote Code Execution Hackers are not only exploiting vulnerabilities of the operating systems, webbrowsers, and web applications by using sophisticated coding techniques. They also haveat their disposal, a toolkit that allows people to customize a piece of malicious code designedto steal data and other personal information. One such toolkit is called the Zeus crimewarekit, or simply Zeus kit. It can be purchased for as low as USD700. Crimeware kits likeZeus make it easier for unskilled attackers to compromise computers and steal information,and also allow anyone who buys them to customize based on the attackers’ own needs. In2009, Symantec observed nearly 90,000 unique variants of the basic Zeus toolkit, and hasbeen observed as the second most common new malicious code family observed in the AsiaPacific-Japan region. The attacks keep going, the more recent ones include large commercial banks,government sites, social network sites, and the biggest irony of it all, RSA was attacked.An increasing number of services offered in the cybercrime underground allow miscreantsto purchase access to hacked computers at specific organizations. For just a few dollars,these services offer the ability to buy your way inside of Fortune 500 company networks.(Wilson, cited in Krebsonsecurity, Oct 2012).
  • 92. 92 ICT Development and Cyber Security Reader What do these attackers get from stealing information from compromised systems?The obvious reason is that the stolen information can be bought in the underground economy.It has become easier, even for neophytes, to operate in an online underground economy.The table below may give a “fairly good incentive” to these cybercriminals, as there is nofinancial crisis to think of.Table 1: Goods and Services Advertised on Underground Economy Servers(From Symantec Global Internet Security Threat Report Trends for 2009)What can be done? As the attacks proliferate, what can be done to minimize, if not eliminate, attacksthat come from all fronts? What options are available? There are some methods that maybe considered, and one of the more effective ones is to follow the three levels of responsesknown as the PDAD approach.a. Protect the critical information and technology infrastructure through the use offirewalls, intrusion detection and prevention systems, antivirus and anti-spamsoftware utilities, monitoring tools, etc.b. Detect malicious codes through the use of security analytics software, forensics,and deep analysis down to the packet level.c. Active Defense, which is a “military-style” approach through the use of intelligencetools and techniques to anticipate attacks, as well as effectively stop and potentiallyidentify attackers once discovered in the infrastructure. This revolves around theconcept of self-defense as a necessity—in order to interrupt an in-progress cyberattack and mitigate immediate harm to target system especially to protect criticalinfrastructure. Besides the PDAD approach, another effective method is to employ IT and securitybest practices in enterprises and community, including consumer best practices. SecurityGoods and Sevices Advertised on Underground Economy Servers*2009 2008 2009 2008 Range of Prices1 1 Credit card information 19% 32% $0.85–$302 2 Bank account credentials 19% 19% $15–$8503 3 Email accounts 7% 5% $1–$204 4 Email addresses 7% 5% $1.70/MB–$15/MB5 9 Shell scripts 6% 3% $2–$56 6 Full identities 5% 4% $0.70–$207 13 Credit card dumps 5% 2% $4–$1508 7 Mailers 4% 3% $4–$109 8 Cash-out services 4% 3% $0–$600 plus 50%–60%10 12 Website administration credentials 4% 3% $2–$30Overall Rank PercentageItem
  • 93. 93ICT Development and Cyber Security Readertechnologies that rely on signatures should be complemented with heuristics, behavioralmonitoring techniques, and reputation-based security. Generating awareness, training, and curricular reforms should integrate IT securityas a core, and the exposure and immersion of the business, government, and academiccommunities in security technologies. Laws, policies, and regulations concerningcybersecurity need to be evaluated for their influence on how people use or misuse electronicinformation. Political forces need to be marshaled to support and fund the many lines ofresearch that will be needed to accomplish the complex task of protecting cyberspace fromattack. Attacks can come from all fronts. Although the forms, shape, technologies, andconsequences may have changed dramatically, the motivations of the hackers and the hackingcommunity still remain the same. Remember that security is everybody’s business.# # #_____________________ John worked in IBM, Oracle, Misys, Accenture, and Macquarie Offshore Servicesholding positions of progressive responsibility, namely systems engineer, IT Manager,technical support, project manager, consultant, trainer, Associate Director, and others.  Hehas taught in DLSU, ADMU, UAP, UIC and SISC. He is a PhD Candidate of EducationalLeadership & Management in DLSU. He earned MS Information Management in ADMU,and BS ECE in DLSU.  He is the VP of Information Systems Security Association (ISSA)Philippine chapter, and VP Externals of Philippine Society of IT Educators (PSITE).  Johnhas been involved in Information Security since 2005.
  • 94. 94 ICT Development and Cyber Security ReaderCyberwar and Rules of EngagementDrexx D. Laggui CISA, CISSP____________________________________________________________________________________________________________________________________DefinitionsCYBERWAR is generally defined as a hostile, state-sponsored operation to conductsabotage, espionage, or subversion through information systems, the Internet,or other telecommunications media referred to as cyberspace. Another widelyaccepted definition of "cyberwar" is the use of the Internet and related technological meansby one state against political, economic, technological and information sovereignty andindependence of any other state[1]. The employment of the word "war" is derived from a description of a conflictbetween state or non-state peoples, declared or undeclared actions, and highly-organized,politically controlled wars as well as culturally evolved, ritualistic wars and guerillauprisings, that appear to have no centrally controlling body and may perhaps be describedas emerging spontaneously[2]. Further, when considered from a strategic point of view, war in this context is anactual, intentional and widespread conflict between political communities [3], with the lessviolent design[4] of:- crippling economies,- manipulating political views,- undermining the authority of a state,- disturbing a states relationship among its allies,- reducing a states military efficiency if not their effectiveness in physicalcombat domains,- equalizing the fighting capacity of richer nations to that of third-world nations,and- denying access to a nations critical infrastructure so they can be coerced toobey a dictated action.Long-term threats The conduct of cyberwar is an attractive option to a state because it is a relativelycheap activity with remarkable benefits, vis-à-vis very low short-term risks on the livesof its attacking combatants. However, the "use of force" in cyberspace can have violent orcrippling effects in the physical world of the states targets. As an identifiable long-term threat against Philippine national security, it isoften misunderstood and thus not managed correctly, simply because cyber warriors aretypically anonymous, that the individual users of ICT (information and communicationstechnology) assets believe they are very familiar with technology, and ICT administratorscan control cyber attacks in an ad hoc manner. The human mind reacts slowly to long-term
  • 95. 95ICT Development and Cyber Security Readerrisks, thus comes the unfortunate realization that many elderly statesmen view cyberwaras merely an abstract restricted to the imagination of science fiction writers. The paradigm behind cyberwar is not a concept born out of a vacuum. Recentdevelopments reported on international news media brings to light the beginning, butdramatically improving capabilities of state-actors. Famous examples include:- 2003 to 2006: Titan Rain was the designation given by the US government to aseries of coordinated attacks on American computer systems by China [5].- 2007: a three-week wave of massive cyber-attacks came upon Estonia byRussia, the first known incidence of such an assault on a state, caused alarmacross the Western alliance, with NATO urgently examining the offensive andits implications [6].- 2008: Weeks before bombs started falling, attacks against Georgia’s Internetinfrastructure were conducted by Russians. The cyberwar had the effectof silencing the Georgian media and isolating the country from the globalcommunity. Furthermore, the Georgian population experienced a significantinformational and psychological defeat, as they were unable to communicatewhat was happening to the outside world [7].- 2009:GhostNetisthenamegivenbytheInformationWarfareMonitortoalarge-scale espionage operation by China. High-value targets included ministriesof foreign affairs of Iran, Bangladesh, Latvia, Indonesia, Philippines, Brunei,Barbados and Bhutan; embassies of India, South Korea, Indonesia, Romania,Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan; theASEAN (Association of Southeast Asian Nations) Secretariat, SAARC (SouthAsian Association for Regional Cooperation), and the Asian DevelopmentBank; news organizations; and an unclassified computer located at NATOheadquarters [8].- 2010: Stuxnet is a highly sophisticated computer worm that sabotaged theuranium enrichment equipment of the Natanz nuclear facility in Iran, byIsrael and USA [9]. This operation was deemed as a cheaper alternative thansending attack aircraft to bomb the nuclear facility.- 2011 and 2012: Duqu was found on 2011 [10], and Flame on 2012 [11]. Bothworms are related to Stuxnet.- 2011: the Syrian Electronic Army used DDoS attacks, phishing scams, andother tricks to fight opposition activists where theyre strongest, which isonline[12]. Syrian President Bashar al-Assads forces are currently in a state ofcivil war, and determined to defeat the protest movement that toppled fellowdictators in Egypt, Libya, and Tunisia.- 2012: Here at home, a barrage of website vandalisms and e-mail intrusionattempts were experienced and are co-related to the diplomatic tensionsbetween the Philippines and China arising from territorial disputes in the WestPhilippine Sea. The events are tracked and reported by local news media[13].
  • 96. 96 ICT Development and Cyber Security ReaderKnown State Actors Several nations have declared their respective government policies and militarystrategies on cyberwar. Basically, these nations have come up with their cyberwardoctrines and their rules of engagement, defined what can constitute an act of war, andhave established what are their proper measures to take in response. The North Atlantic Treaty Organization (NATO) has established a strategicconcept for the defense and security of their member states. On 19 November 2010, NATOstated that "We will ensure that NATO has the full range of capabilities necessary to deterand defend against any threat to the safety and security of our populations. Therefore,we will...develop further our ability to prevent, detect, defend against and recover fromcyber-attacks, including by using the NATO planning process to enhance and coordinatenational cyber-defence capabilities, bringing all NATO bodies under centralized cyberprotection, and better integrating NATO cyber awareness, warning and response withmember nations[14]." Also on the later part of year 2010, U.S. DoD Deputy Secretary William J. Lynn IIIsaid that "the Pentagon has formally recognized cyberspace as a new domain of warfare.Although cyberspace is a man-made domain, it has become just as critical to militaryoperations as land, sea, air, and space. As such, the military must be able to defend andoperate within it. To facilitate operations in cyberspace, the Defense Department needs anappropriate organizational structure." [15] On May 21 of 2010, the U.S. Cyber Command(USCYBERCOM)achievedtheirinitialoperationalcapability,withGeneralKeithAlexanderas their commander [16]. USCYBERCOM is a sub-unified command subordinate to U. S. Strategic Command(USSTRATCOM).Theirmissionstatementis"USCYBERCOMplans,coordinates,integrates,synchronizes, and conducts activities to: direct the operations and defense of specifiedDepartment of Defense information networks and; prepare to, and when directed, conductfull-spectrum military cyberspace operations in order to enable actions in all domains,ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries." The work focus is that "USCYBERCOM will fuse the Department’s full spectrumof cyberspace operations and will plan, coordinate, integrate, synchronize, and conductactivities to: lead day-to-day defense and protection of DoD information networks;coordinate DoD operations providing support to military missions; direct the operationsand defense of specified DoD information networks and; prepare to, and when directed,conductfullspectrummilitarycyberspaceoperations.Thecommandischargedwithpullingtogether existing cyberspace resources, creating synergy that does not currently exist andsynchronizing war-fighting effects to defend the information security environment. USCYBERCOMwillcentralizecommandofcyberspaceoperations,strengthenDoDcyberspace capabilities, and integrate and bolster DoD’s cyber expertise. Consequently,USCYBERCOM will improve DoD’s capabilities to ensure resilient, reliable informationand communication networks, counter cyberspace threats, and assure access to cyberspace.USCYBERCOM’s efforts will also support the Armed Services’ ability to confidentlyconduct high-tempo, effective operations as well as protect command and control systemsand the cyberspace infrastructure supporting weapons system platforms from disruptions,intrusions and attacks."
  • 97. 97ICT Development and Cyber Security Reader IntheUnitedKingdom,theUKCyberSecurityStrategy[17]publishedonNovember2011, called for the creation of a dedicated and integrated civilian and military capabilitywithin their MoD, and setting up the Defence Cyber Operations Group (DCOG)[18]. Aninterim DCOG is supposed to be in place by April 2012, and is expected to achieve fulloperational capability by April 2014. The DCOG "will include a Joint Cyber Unit hostedby GCHQ at Cheltenham whose role will be to develop new tactics, techniques and plansto deliver military effects." "A second Joint Cyber Unit embedded within the centre atCorsham will develop and use a range of new techniques, including proactive measures,to disrupt threats to (UKs) information security." Basically, DCOG is developing anoffensive capability to respond to UKs enemies who are trying to launch attacks againsttheir critical infrastructure, detect and disrupt espionage operations, or disable weaponsof mass destruction through cyber attacks. Many counter-terrorist operators in the world appreciated a taste of British humor,when MI6s "Operation Cupcake" became public on June 2011 [19]. British intelligencepenetrated an al-Qaeda online magazine and replaced bomb-making instructions with arecipe for cupcakes. Australias Cyber Security Operations Centre (CSOC), based within the DefenceSignals Directorate (DSD), focuses on identifying and responding to cyber incidents ofnational significance[20]. It is interesting to note that the language used by CSOC is lessaggressive than their American and British counterparts. Unit 8200 is from Israel, and known to be one of the most active and advancedgroup of cyberwar operators in the world[21]. Although they are the largest unit in theIsrael Defense Forces (IDF), and their alumni have started-up many international high-techcompanies like Check Point Software Technologies, there is not much information knownabout them. It is observed that their missions fit very well the Israels defense doctrine,including conduct of pre-emptive strike operations, and that any combat should take placeon enemy territory as much as possible. In the South East Asian region, South Koreas Ministry of National Defense [22]launched a Cyber Command on January 2010, under the control of their Defense SecurityCommand (DSC). They also added that with their 200 specialists, they have the capabilityto conduct both defensive and offensive cyber operations, under the direction of thedefense minister. Meanwhile, North Koreas Reconnaissance Bureau of the General Staff Department[23] is credited to be trailing only with the capabilities of the Americans and the Russians[24]. On April 28 until May 13 of 2012, GPS signals were jammed in S. Korea by the electroniccombatants of N. Korea, causing difficulties in air and marine traffic controls. Senior Colonel Geng Yansheng, spokesperson for the Chinas Ministry of NationalDefense as well as director-general of the Information Office of the Ministry of NationalDefense, announced on May 2011 that their Peoples Liberation Army (PLA) establishedan "Online Blue Army" in order to enhance Chinese troops network protection only [25].Many observers worldwide however, believe that their unit with at least 30 operators,organized under the Guangdong Military Command, is an essential part of Chinas assetswho are responsible for being the single largest source of cyber attacks [26].
  • 98. 98 ICT Development and Cyber Security Reader Very recently however, Chinese telecom companies Huawei and ZTE are taggedby the U.S. Congress as a security threat to the critical infrastructure of the United States,by providing equipment that are alleged to be capable of relaying American secrets backto China. In their intelligence report, the Americans state that "China has the means,opportunity and motive to use telecommunications companies for malicious purposes.""Based on available classified and unclassified information, Huawei and ZTE cannot betrusted to be free of foreign state influence and thus pose a security threat to the UnitedStates and to our systems," the report says [27].Casus Belli Article II, Section 2, of the 1987 Constitution of the Philippines states that ournation "renounces war as an instrument of national policy, adopts the generally acceptedprinciples of international law as part of the law of the land and adheres to the policyof peace, equality, justice, freedom, cooperation, and amity with all nations" [28]. ArticleII, Section 7 also says that "The State shall pursue an independent foreign policy. In itsrelations with other states, the paramount consideration shall be national sovereignty,territorial integrity, national interest, and the right to self-determination." The Philippines is a very peaceful nation, and throughout history, it has nevereven dreamt of occupying another nation-state. On the contrary, the Philippines havebeen occupied by other nation-states in its hundreds of years of existence as a nation. Therejection of war as a national policy is consistent with the Charter of United Nations, whichsays in Chapter I, Article 1, that "All Members shall refrain in their international relationsfrom the threat or use of force against the territorial integrity or political independence ofany state, or in any other manner inconsistent with the Purposes of the United Nations"[29]. However, the 1987 Constitution of the Philippines only disowns aggressive war,but not defensive war which will only for the preservation of national honor, integrity,and the security of the Filipino. The nation-state of the Philippines will not waive thefundamental right of self-preservation. President Benigno S. Aquino III upholds the 1987Constitution by documenting his statement of principles in his National Security Policy2011-2016, saying that "The Philippines needs to develop a defensive capability againstperceived or real external security threats" [30]. The National Security Policy intends to promote internal socio-political stabilityby: ensuring the effective delivery of basic services; helping to protect the nations naturalresources and reducing the risks of disasters; promoting economic reconstruction andensuringsustainabledevelopmentthroughincreasedinvestmentsincriticalinfrastructures;pursuing reforms in the security sector; strengthening institutions and internal mechanismsto safeguard public order and security; contributing in the strengthening of the rule of lawthroughout the country; promoting the peace process as the centerpiece of the InternalSecurity Program; and launching a holistic program to combat terrorism. The NationalSecurity Policy also wants the Philippines to develop a defense capability to protect itssoveriegnty and strategic maritime interests. The term "critical infrastructure" has been officially defined and recognizedback in 24 September 2003 when the Cabinet Oversight Committee on Internal Security
  • 99. 99ICT Development and Cyber Security Reader(COC-IS) created the Task Force for Security of Critical Infrastructures (TFSCI), headedby Undersecretary Abraham Purugganan [31]. Critical infrastructures are vital not onlyfor economic growth and development, but also as necessary means for the conduct ofeach Filipinos daily lives. Critical infrastructure include assets or facilities for: energygeneration, transmission and distribution; information and communications systems;transportation systems; public health facilities; financial services; government publicsafety and emergency services; agriculture and food production and distribution; strategiccommercial centers; as well as religious and cultural centers. TFSCI, now defunct, thencoordinated all government efforts to manage and mitigate any threats against the criticalinfrastructure as those are deemed threats to the national security of the Philippines. Any threat or attack conducted through cyberspace, against the national securityof the Philippines, should be identified, assessed, and then mitigated, if not eliminated.These threats involve espionage, terrorism, sabotage, or subversive activities. If an attackthrough the domain of cyberspace by another state yields death or physical injury ofpeople, property damage, disruption of critical infrastructure, overthrow of the legitimategovernment of the Philippines, hostile disclosure of state secrets, with an outcomeequivalent to a conventional military attack, then that event should merit an appropriatemilitary action. The amount of damage caused by the cyber attack, whether actual orimplied, should be used a metric as to what will justify proper retribution. To add to previously mentioned real-world examples of cyberwar operations, otherscenarios that could cause harm to the national security of the Philippines are not limitedto: opening of dams to intentionally drown entire communities; disruption of air trafficnavigation controls to chaos in, or death from the skies; suppression of TV or public radioinfrastructure; theft of confidential e-mail containing state secrets regarding the diplomaticposition of the Philippines versus China, in relation to disputes in economic trade as wellas territories in the West Philippine seas; as well hijacking of phone and Internet assets forespionage purposes. The guidelines set by the National Security Policy of President Aquino may beinterpreted to allow only the undertaking of defensive actions in a foreign state, or ifwithin the Philippines, only if reliable intelligence reports indicate that there is a clearand present danger against national security, that would have disastrous consequenceslike death or loss of critical infrastructure. This practically means that the Armed Forcesof the Philippines may not be tasked to employ kinetic weapons against the aggressor, butinstead employ cyberwar operations to stop the source of cyber attacks.Rules of Engagement (ROE) The directive that controls the use and degree of force, how and when, for whatduration and what target, that generally specifies the circumstances and limitations forengagement, is called the Rules Of Engagement. The complexity and technical aspect ofa cyber attack operation, coupled with the fact that targets may appear or disappear in amatter of seconds, would required careful planning and development of the ROE.
  • 100. 100 ICT Development and Cyber Security ReaderGuidelines for crafting the ROE ROE must take into consideration all applicable domestic and international law,operational concerns, and political considerations [32]. The recommended underlyingdoctrine for drafting the ROE should be Bellum Iustum, or the Just War theory. Part 3,Section 2, Chapter 2, Article 5, Paragraph 2309, from the Catechism of the Catholic Church[33], gives us the following "conditions that are subject to the prudential judgement ofthose who have responsibility for the common good."- The damage inflicted by the aggressor on the nation or community of nationsmust be lasting, grave, and certain;- All other means of putting an end to it must have been shown to be impracticalor ineffective;- There must be serious prospects of success;- The use of arms must not produce evils and disorders graver than the evil tobe eliminated. In general peacetime conditions, which the Philippines expect to find itself in mostof the time, the ROE is to be dictated by the principles of necessity and proportionality [34]."Necessity" requires that cyber operations conducted in self-defense require that a hostileact occur (i.e. acts of espionage, sabotage, or subversion), or a force or terrorist unit exhibithostile intent. An example would include a cyber attack on a positively identified targetthat has been qualified by reliable intelligence reports. The "proportionality" principlestates that the force used must be reasonable in intensity, duration, and magnitude, basedon all facts known to the cyber commander at the time, to decisively counter the hostile actor hostile intent. Components, other than hostile threat or hostile act, that affect the principles ofnecessity and proportionality may include:- Threat sources and their identification, capabilities of the adversary,characteristics of adversarys intent, how the adversary analyzes their target,and range of effects for non-adversarial threat sources- Threat event identification, and its relevance- Vulnerabilities of Philippine critical infrastructure and other assets affectingnational security, pervasiveness and severity of the said vulnerabilities- Likelihood of the hostile threat to occur- Impact or effects on critical infrastructure and other assets affecting nationalsecurity After the ROE has been analyzed, and permissions have been granted to thecyber combatant by the commander, the following steps may occur in the cyber attack:Set Mission Objectives > Establish Baseline Condition of Targets > Recon: Research TargetInformation > Discover and Assess Vulnerabilities > Analyze Situation; Plan Attack >Execute War Plans; Exploit Vulnerabilities; Escalate System Privileges > Re-Engage OtherTargets > Produce Analysis and Report > Re-Set Targets Information Systems to OriginalCondition (Optional)
  • 101. 101ICT Development and Cyber Security ReaderConclusion Mary Ann Davidson, the Chief Security Officer of Oracle Corporation, testified on10March2009totheHomelandSecuritySubcommitteeonEmergingThreats,Cybersecurityand Science and Technology. She says that there are a few challenges to when applying theAmericans Monroe Doctrine on Cyberspace [35].- Credibility: the deterrence strategy needs teeth to be credible.- Invocation Scenarios: there should be an escalation framework, where someinstances can invoke cyberwar.- Attribution: Detecting attacks is hard enough already, and attributing themcorrectly is even harder, but not impossible. Taking those said technical and ethical challenges into consideration, the unsettleddoctrine guiding cyberwar, the unformulated jus ad bellum of cyberwar, while state andnon-state actors in cyberspace build up their capacity for initiating threat events, the timeto recognize cyberspace as a new combat domain, is now. The correct time to investigatethe Philippine capacity to engage in cyberwar, should be prior to the conduct of cyberoperations, not during an emotional or desperate situations, or after being shamed on theinternational scene. The Philippines have all the pieces to put a Cyber Command in place,and can have it done right from the start, to engage, sustain, and achieve objectives incyberspace.# # #Endnotes[1] Alexander Merezhko; International Convention on Prohibition of Cyberwar inInternet;[2] Alexander Moseley; The Philosophy of War;[3] Brian Orend; War;[4] Sandro Gaycken; Cyberwar – Das Internet als Kriegsschauplatz;, https://www.OpenSourcePress.DE/index.php?26&tt_products=313[5] Nathan Thornburgh; The Invasion of the Chinese Cyberspies;,8816,1098961,00.html[6] Ian Traynor; Russia Accused Of Unleashing Cyberwar To Disable Estonia;[7] Capt. PShakarian; The 2008 Russian Cyber Campaign Against Georgie;[8] Information Warfare Monitor; Tracking GhostNet;[9] NateAnderson;Confirmed:UsAndIsraelCreatedStuxnet,LostControlOfIt;[10] Budapest University of Technology and Economics; Duqu: A Stuxnet-LikeMalware Found In The Wild; http://www.CrySys.HU/publications/files/bencsathPBF11duqu.pdf[11] Kim Zetter; Meet ‘Flame,’ The Massive Spy Malware Infiltrating Iranian Computers;
  • 102. 102 ICT Development and Cyber Security Reader[12] Max Fisher & Jared Keller; Syrias Digital Counter-Revolutionaries;[13] Chiara Zambrano; Chinese Hackers Have More Sinister Plans;[14] NATO; Active Engagement, Modern Defence;[15] William J. Lynn III; Defending a New Domain;[16] (Access restricted.)[17] The UK Cyber Security Strategy;[18] http://www.MoD.UK/DefenceInternet/AboutDefence/WhatWeDo/DoctrineOperationsandDiplomacy/JFC/[19][20][21] http://Dover.IDF.IL/IDF/English/News/today/2008n/09/0101.htm[22][23][24] Choi He-Suk, The Korea Herald; N. Korea Has Third Most Powerful CyberwarCapabilities;[25][26][27] U.S. House of Representatives; Investigative Report on the U.S. National SecurityIssues Posed by Chinese Telecommunications Companies Huawei and ZTE;[28] The 1987 Constitution Of The Republic Of The Philippines; http://www.Gov.PH/the-philippine-constitutions/the-1987-constitution-of-the-republic-of-the-philippines/the-1987-constitution-of-the-republic-of-the-philippines-article-ii/[29] Charter of the United Nations;[30] National Security Policy 2011-2016: Securing the Gains of Democracy; http://www.Gov.PH/2011/08/18/national-security-policy-2011-2016/[31] Rose Palacio; Task Force To Protect Critical Infrastructure;[32][33] Catechism of the Catholic Church; http://www.Vatican.VA/archive/ENG0015/__P81.HTM[34] Defining The Rules Of Engagement;[35] MaryAnnDavidson;TheMonroeDoctrineinCyberspace;
  • 103. 103ICT Development and Cyber Security ReaderThe Evolving Landscape onInformation SecurityWilfred G. Tan, Carlos T. Tengkiat & Simoun S. UngIntroductionWe all have a preconceived notion on information technology security; howeverfor a lot of organizations this value is subjective because there is an acceptabilityof risk. This is not to imply a particular organization is unaware of the valueof security; it may simply be that the organization needs to consider the allocation of itsresources for security relative to the value of the asset being protected. A large number of organizations, as evidenced by strong growth and interest insecurity standards such as PCI-DSS [1], either depend on or follow guidelines set forth bygovernment institutions and standards bodies. Conventional wisdom dictates that followingguidelines is normally a good approach. As a security officer, planner or executive, oneshould always consider going beyond the existing standard and to be reminded that thesecurity standards are developed in response to already recorded and occurring incidents.Moreover, security standards take time for the standard setting bodies to create, review,approve and implement. Security is a living practice and needs the proper attention, timeand consideration. Laying out and maintaining a comprehensive cyber security plan not only requiresexpertise, but also involves careful thought, assessment, and constant refinement andadjustments. In addition, legal frameworks differ from country to country; therefore, bestpractices in one country are not directly portable to a different country, even within similarindustries. Unlike more traditional crimes such as theft and robbery, the specific rules andregulations tend to be varied at best for cyber-security and cyber-crime related incidents. Computer security related incidents have risen significantly over the past decade[2] and there is every indication that this trend will continue for the foreseeable future. TheGlobal Security Report of Trustwave[3] presents the origin of cyber-attacks: Russia leads the statistics with 29.6% in the data[3]. However, because 32.5% of allattacks are from of unknown origin, it can be as likely (or equally unlikely) that any onenation is the single source or culprit of all of the incidents. Pinpointing the location in atimely manner is very difficult, if not impossible, given that the technology today allowsusers to use anonymous proxies to connect to the Internet which further compounds theproblem. This article is written for non-technical executives and policy makers, whoseresponsibilities require them to interact with information security professionals, as a primeron the current landscape of information security as well as its likely evolution. Securityprofessionals and practitioners are already well-versed in the material contained herein.The paper examines the motivation behind cyber-attacks followed by a survey of commonthreats and attack variants. It then presents the popular defensive strategies followed by adiscussion of future challenges and developments.
  • 104. 104 ICT Development and Cyber Security ReaderMotivation Behind all threats and cyber security breaches are either individuals or organizations.Cyber security incidents do not occur in a vacuum. Generally, the motive behind a cyber-attack can be classified as follows: personal reasons, unlawful profiteering, corporate ornational interests, and other purposes.Personal Reasons Personal reasons for conducting a cyber-attack include peer recognition, revenge,personal gain or satisfaction, and even curiosity. Some intruders derive a perverse senseof fun from conducting the attack and revel in the psychic income of being noted fornotoriety.Unlawful Profiteering Perhaps the most common motivation for conducting a cyber-attack is financialgain. The primary goal of fraud is to gather information that can be used to access funds ofother entities for illicit proceeds. Popular targets include savings accounts and payment,debit and credit, card data. Organized criminal syndicates are the primary perpetrators ofthese attacks. Inopportunely, the skill and savoir-faire developed are often adopted for usein cyber-terrorism and other cyber-attacks. Although there is no data for the Philippines, a study conducted by eWEEK Europein 2010[4] on a simulated auction of stolen data determined that the relative value of data
  • 105. 105ICT Development and Cyber Security Readeris primarily determined by purchaser. The end goal remains the same, obtain informationthrough illegal and fraudulent means which can be used for financial gain. Informationitself has become a commodity; it can be traded, bought and sold.Corporate or National Interests The strategic objectives for a corporation or nation-state are sometimes achieved byattacking others using cyber-warfare capabilities. The intent may be to disable a nuclearenrichment program or a more mundane purpose such as spy, steal or subvert a rival’splans and secrets. In mid-2010, Stuxnet was discovered. The singular target of this worm was to disableand destroy Siemens industrial equipment which were specifically used to control centrifugesthat create nuclear material for a fissionable weapon. According to a study by Symantec inAugust, 2010 [5], 60% of the computers infected by Stuxnet were in Iran suggesting a highly‘targeted’ operation. The worm’s sophistication and intelligence suggested a nation-statelevel of sponsorship; speculation was rife that the United States and Israeli forces were atleast partially responsible for the development and deployment of the worm.[5]Threat Evolution Approaches to attacks have evolved over time, adapting to developments intechnology. Tools for exploiting systems have evolved considerably; likewise, tools thatare available for testing and exploiting vulnerabilities are readily available in the market.There are even attack platforms freely available that ironically were intended to test thesecurity of a system. Several of the more common threats are outlined below: physical,cyber-stalking, social engineering, phishing, distributed denial of service, network attacksand malwares.Physical In the 1980s, the common practice was to actually go onto the premises of thetarget company or to harvest data from unprotected sources. Criminals would find waysto physically obtain storage media or hardcopies of data. Dumpster diving, or the siftingthrough garbage and trash to find bits and pieces of information, is still practiced today.The careless disposal of seemingly innocuous information such as an obsolete version of aninformation security plan, PIN mailers, passwords, social security numbers, et cetera canfacilitate an attack via social engineering or phishing. Today, practices have improved to include tapping into data cabling that areaccessible from unsecured areas and the access of unlocked, accessible computer serversand systems. It is still a common occurrence for unencrypted, sensitive data to be lost orstolen from physical media such as USB flash drives, laptops and cellular phones.Cyber-Stalking Cyber-stalkers assault their victims using electronic communication: email, instantmessaging (IM) and/or posts to a website or discussion group. While most cyber-attackstarget an organization, cyber-stalking tends to be of a more personal nature. Cyber-stalkers
  • 106. 106 ICT Development and Cyber Security Readertypically gather personal and private information about their target then send them harassingor threatening messages. Trolling is a form of cyber-stalking in which negative posts, comments or otherdefamatory statements are made which are injurious to the reputation or emotional healthof the victims. When committed by more than one individual, trolling is also known ascyber-bullying. Sadly, there are cases involving teens which have resulted in the victimscommitting suicide.Social Engineering Social engineering cyber-attack involves the manipulation of people to performcertain actions that can compromise security; this requires a solid understanding of humanresponses and behaviour. Although physical contact is not necessary, some form of trickeryto gain the confidence of the target is employed. Social engineering attack occurs in twophases: information gathering then the pretext stage in which a believable story is craftedin order to earn legitimacy and gain the trust of the target. Social engineering is not strenuous on the attacker, thus it is normally employedin conjunction with other forms of cyber-attack. The insertion of malware into otherwisehardened, secure systems is a common combination with social engineering. Many enterprisesystems are well protected and require significant time and effort to breach. However, ifthe attackers are able to use social engineering to insert physical media such as USB flashdrives into the internal network, then all the external defences are immediately bypassed. Based on recently conducted social engineering study[6], companies with well-implemented security awareness protocols are more resistant to social engineering tactics.Participants in the oil industry fared better compared to less security aware industrieslike retail. This study was designed such that questions were designed that would exposesecurity design and architecture of the respondent’s organization: The study[6]revealed that certain data can be harvested from the internet itself.Researchers were able to utilize the data culled from the internet in their social engineeringtasks to profile a target’s internal security implementation. The table below displays thedetails gathered from the questionnaire above in blue while the additive informationgarnered from the internet is shown in red: Recently, face-to-face social engineering tactics have been increasing; this isdisquieting since it may expose the targeted individual to physical danger.
  • 107. 107ICT Development and Cyber Security Reader
  • 108. 108 ICT Development and Cyber Security ReaderPhishing Phishing is an email-based fraud method using legitimate looking email designedto gather personal and financial information from its targets. Crafting emails blendinga false premise while spoofing trustworthy websites, victims are encouraged to click onlinks, send information and otherwise respond. The attackers then use social engineeringtechniques to extract information to steal personal and financial information. Since emailsare generally from an external source, incorporating dangerous payloads in the messagerequires negligible effort. There are several types of phishing techniques:· Phishing – Emails are masqueraded so as to obtain usernames and passwords fromthe users via electronic communication.· Spear Phishing – Targeted phishing to specific individuals, personal informationon target are gathered to increase probability of success.· Clone Phishing – A previously legitimate and delivered email is used as a templateand cloned; the cloned email, with links and attachments modified, is resent tothe victim. This method exploits the social trust between the parties that sent theemail.· Whaling – Phishing targeting high profile victims. Phishing is not restricted to electronic information nor to electronic communicationchannels. Some phishing emails contain telephone numbers, purporting to be customerservice; the unsuspecting victim is lured to call and unwittingly give personal informationthat can later be used by the attacker. One of the best known phishing emails is the “Nigerianscam.”Although there are many variations, the content is essentially the same with thesender pretending to have access to large amount of funds and requiring the assistance ofthe victim to gain access to the said funds:FROM: MR DAN PATRICK. DEMOCRATIC REPUBLIC OF CONGO.ALTERNATIVE EMAIL: ( Sir,SEEKING YOUR IMMEDIATE ASSISTANCE. Please permit me tomake your acquaintance in so informal a manner. This isnecessitated by my urgent need to reach a dependableand trust wordy foreign partner. This request may seemstrange and unsolicited but I will crave your indulgenceand pray that you view it seriously. My name is. DANPATRICK of the Democratic Republic of Congo and One ofthe close aides to the former President of the DemocraticRepublic of Congo LAURENT KABILA of blessed memory, mayhis soul rest in peace. Due to the military campaign ofLAURENT KABILA to force out the rebels in my country,I and some of my colleagues were instructed by LatePresident Kabila to go abroad to purchase arms andammunition worth of Twenty Million, Five Hundred Thousand
  • 109. 109ICT Development and Cyber Security ReaderUnited States Dollars only (US$20,500,000.00) to fightthe rebel group. But when President Kabila was killedin a bloody shoot-out by one of his aide a day beforewe were schedule to travel out of Congo, We immediatelydecided to divert the fund into a private securitycompany here in Congo for safe keeping. The securityof the said amount is presently being threatened herefollowing the arrest and seizure of properties of Col.Rasheidi Karesava (One of the aides to Laurent Kabila)a tribesman, and some other Military Personnel fromour same tribe, by the new President of the DemocraticRepublic of Congo, the son of late President LaurentKabila, Joseph Kabila. In view of this, we need a reliableand trustworthy foreign partner who can assist us to movethis money out of my country as the beneficiary. WE havesufficient ‘’CONTACTS’’ to move the fund under DiplomaticCover to a security company in the Europe in your name.This is to ensure that the Diplomatic Baggage is marked‘’CONFIDENTIAL’’ and it will not pass through normalcustom/airport screening and clearance. Our inabilityto move this money out of Congo all This while lies onour lack of trust on our supposed good friends (westerncountries) who suddenly became hostile to those of uswho worked with the late President Kabila, immediatelyafter his son took office. Though we have neither seennor met each other, the information we gathered from anassociate who has worked in your country has encouragedand convinced us that with your sincere assistance, thistransaction will be properly handled with modesty andhonesty to a huge success within two weeks. The saidmoney is a state fund and therefore requires a totalconfidentiality. Thus, if you are willing to assist usmove this fund out of Congo, you can contact me throughmy email address above with your telephone, fax numberand personal information to enable us discuss themodalities and what will be your share (percentage) forassisting us. I must use this opportunity and medium toimplore You to exercise the utmost indulgence to keepthis Matter extraordinarily confidential, Whatever yourDecision, while I await your prompt response. NOTE:FOR CONFIDENTIALITY, I WILL ADVISE YOU REPLY ME ON MYALTERNATIVE EMAIL BOX ( and God Bless.Best Regards,MR DAN PATRICK.
  • 110. 110 ICT Development and Cyber Security ReaderDistributed Denial of Service (DDOS) DDOS is one of the older forms of attacks that are still popular today. In a DDOSattack scenario, the victim typically finds their system slows to a crawl or unable to respondat all. There are several variants that are commonly used such as ICMP Flooding, SYNflooding, Teardrop, and others. The defining aspect of DDOS attacks is the rendering ofthe target system crippled or inoperable, thereby denying service to the system’s legitimateusers. As recent as mid-2012, DDOS attacks against major financial institutions such asHSBC, Bank of America, and JP Morgan Chase were recorded. [7] The duration and severity of the attack is dependent on the number of zombies,or slave computers, used by the attacker, and the resiliency of the target computer(s) towithstand the attack. A DDOS attack may be used in conjunction with other attacks to exploitvulnerabilities exposed while the DDOS attack is in progress; sometimes, a DDOS attack isa diversionary tactic to enhance the probability of success of other attack methods. Majordisruptions to critical infrastructure like defense, utilities and banking will result not onlyin mere inconvenience due to loss of services but cause significant financial and economiclosses.Network attacks TheU.S.DepartmentofDefensereferstonetworkattacksas“…actionstakenthroughthe use of computer networks to disrupt, deny, degrade, or destroy information resident incomputers and computer networks, or the computers and networks themselves.”[8]If anattacker successfully connects to the network of the target, innumerable opportunities tolaunch attacks are made available. Commonmistakesinnetworksecurityareweak,defaultornon-existentadministratorpasswords. Moreover, ill-designed networks also allow easy access to database servers,the usual targets for data mining. Attackers can use SQL injection, in which direct SQL textis encoded as part of the attack stream, in an attempt to subversively access a back-enddatabase system.Malwares The current trend of cyber-attacks is predominantly associated with malwares.Trustwave defines malware as “… often purposefully designed to capture and extricatedata, provide remote access, or automate compromised systems into a botnet — or to justcause general mayhem.”[9]Malware comes in a myriad of types and varieties. The commoncategories known today include computer viruses, worms, trojan horses, spyware, adwareand root kits. Entire software product suites and solutions have been created to combat malwares.However, malwares have evolved and continue to do so; they are constantly being updatedto meet challenges of exploiting new vulnerabilities and avoid detection by the users andby third-party security products. These accounts for the discouraging statistics that showinfections often go undetected. The popularity of malware as an attack vector is evident inthe fact that by 2007 the number of malwares created on that one year alone is the equivalentto the combined total of the previous twenty years.[10]
  • 111. 111ICT Development and Cyber Security ReaderMalwares are used with great efficacy to achieve a beachhead in infiltrating systems. Someof the recent incidents involving malware are listed below:Flame Discovered by the Iranian National Computer Emergency Response Team (CERT),Kaspersky and CrySyS Lab, Flame is widely considered as one of the most sophisticatedmalware ever created.[11] It spreads via local area network or USB. Infected computers actas a bluetooth beacon and attempts to harvest contact information from nearby bluetooth-enabled devices. At twenty megabytes, Flame is uncharacteristically large for a malware. Itscapabilities include recording of audio, keystrokes, screenshots and Skype conversations;thus Flame is deemed a cyber-espionage tool.RSA Breach RSA experienced a security breach in 2011.[12] The attack vector was an emailsent to an employee with an Excel attachment that contained a malware. This malwareexploited vulnerabilities in Adobe Flash and installed a variant of Poison Ivy, a commonremote administration tool. The attackers then obtained critical information including thetoken seeds in SecureID and algorithm designs used by RSA; consequently, the RSA securitytokens were rendered vulnerable for exploitation. This directly resulted in cyber-attacksagainst Lockheed Martin and L3 Communications, both US military contractors. Malwares have proven to be a very effective and potent tool for cyber-attacksand their continued use will foster further evolution in sophistication and complexity.Organizations should take steps to detect and eradicate malwares; depending solely on thehardening of perimeter defense is a common fallacy to prevent malwares from infiltratingan organization.Common Defensive Strategies Information security personnel and teams tend to use several common defensivestrategies. Unfortunately, there is no perfect defensive strategy; therefore, to be effective,a defensive strategy must be continuously upgraded and assessed against the constantlyevolving cyber-attack mechanisms and methodologies.Physical There are numerous physical defensive strategies; the most common are thefollowing:1. Deployment of access systems secured by biometric, ID card, PIN and/or acombination thereof;2. Closed circuit TV (CCTV) security cameras; and3. Doors, cages, locks and man-traps. One of the simplest and cost-effective strategies is to locate critical servers andsystems in a secure facility; failing that, the servers and systems should be locked in a cageto prevent unauthorized tampering and access.
  • 112. 112 ICT Development and Cyber Security ReaderEducation, Awareness and Security Policies One of the most effective tools to implement or improve security is education andawareness. Increasing awareness among the staff, peers, management and other employeesis crucial in building support towards implementation of an effective defensive strategy.Unfortunately, countless executives fail to appreciate the value of security; security seemsto be an afterthought at best, rather than being a critical factor designed into systemsand procedures. Part of the education and awareness processes involve formulating,disseminating and implementing security policies. This is one of the most effective shieldsagainst social engineering attempts by reducing the chances of an employee being fooledto divulge crucial information. The value of information security is not apparent until after an intrusion or breachoccurs. Once such an event occurs, organizations suffer at the minimum reputationaldamage. Oftentimes, banks and other financial institutions prefer to pay off the perpetratorsin order to preserve their image since the loss of confidence in their security could cost themtheir entire client base.Prevention The old adage, “an ounce of prevention is better than a pound of cure”, is certainlyapplicable to information security. Pro-active measures implemented to prevent a cyber-attack is more cost-effective than reactive security patches and hardware upgrades inresponse to a security incident. In recent months, several Philippine government websites have been defaced.Most agencies repaired the damage within several hours then simply moved on. Popularsentiment was that since there is no physical harm done, such acts, while not condoned,should be tolerated as a form of expression. On the other hand, the U.S. Congress has enactedlaws that consider any form of computer attack on any level against any U.S. governmentwebsite as an act of war against the United States. Although defacing a website does notnecessarily compromise any data, the economic cost and reputational damage that suchattacks should be considered and an appropriate, measured response executed.Anti-Virus / Anti-Malware Anti-virus and anti-malware software packages are basic tools of the defensivetrade. A properly updated program helps secure the systems and protects users when theyinadvertently browse or visit pages with malicious content. Most popular packages nowinclude features and functionality to help protect a web browser.Patch Management There is no perfect software. As such, the software industry relies heavily onpatches or upgrades to address flaws in the design, implementation, or performance of thesoftware. Malware exploit known flaws in the installed software to subvert and ultimatelygain control over a machine. Therefore, as a defensive strategy, applying patches on theoperating systems, anti-virus, anti-malware, and other applications help safeguard computersystems by fixing the known flaws and vulnerabilities. Beyond the issue on intellectual
  • 113. 113ICT Development and Cyber Security Readerproperty rights, this is the most important, self-serving incentive to procure properlylicensed software as it guarantees that there will be support and maintenance. With open-source software, it is critical to implement a maintenance cycle to ensure that any bugs orvulnerabilities in the software are patched quickly and consistently.FirewallsFirewalls are network devices that filter traffic; it attempts to segregate public oropen traffic that exist beyond the organization’s network perimeter. Firewalls range fromthe basic that protect your home network costing a few thousand pesos to the enterpriseversions costing several millions. There are many brands of firewalls from manufacturers:Cisco, Juniper, Checkpoint, Fortinet, Huawei, ZTE among others. Of special interest latelyis the Congress of the United States position that Huawei and ZTE pose a security threat.[13] A properly configured and maintained firewall defends against many threats. It isa key component in many security strategies implemented today. Ensuring that the firewallis properly patched is another important key to having a good defensive strategy.Regular Testing and Backups Regular tests of information security systems are crucial in maintaining readiness.Internal and external penetration tests, scans, and verification procedures all contributetowards ensuring that systems are configured properly. Regular backups are akin to buyinginsurance. Failures are an unavoidable part of the human experience and informationsystems are not exempt. Having a ready backup is no longer a luxury but a necessity.Intrusion Detection Systems/Intrusion Prevention Systems Intrusion detection and intrusion prevention systems(IDPS) are a class of devicesthat have come into the forefront of defensive arsenal about a decade ago. Such devicesare capable of detecting incidents by monitoring events or inspecting packets and, at thestart of an incident, trigger some automated response including reconfiguration of firewalls,sending out alerts by SMS or email, locking down ports, et cetera. Most systems in the market today involve the deployment of hardware appliances,few are software based, and these are usually installed in-line either behind, or adjacent tothe firewall(s) in an organization’s network. The NIST[14]lists four types of technologiesavailable today:1. Network based: examination and detection based on network segments, or networkand application protocol.2. Wireless: examination of wireless network traffic.3. Network behaviour analysis: examination of system-wide behaviour including thesudden rise of packets, policy violations, et cetera.4. Host-based: limited to single host examination and events linked to the singlehost.
  • 114. 114 ICT Development and Cyber Security ReaderIDPS are useful in detecting and identifying potential incidents. Therefore, theyare an indispensable tool in the defensive toolkit of many information security managers.An IDPS provides intrinsic value by adding automated detection, logging, recording, andmonitoring capabilities to an organization, when configured and maintained properly.Outsourcing of information security Within the Philippine context, many organizations, including government agencies,do not have the budget, expertise or capability internally to properly secure their informationsystems. Accordingly, to properly prepare for a cyber-attack, organizations may resort tooutsourcing, analogous to the deployment of private security guards for the protection ofphysical assets. There is a prevailing misconception regarding the role of law enforcement ininformation security. By definition, law enforcement agencies provide post-incidentinvestigation, apprehension and filing of charges against suspected perpetrators. Theirresponsibilities do not include ensuring an organization’s systems are safe and secure.Typically, a Computer Security Incident Response Team (CSIRT) or a Computer EmergencyResponse Team (CERT) is engaged to assist an organization to prepare, simulate cyber-attacks and conduct post-assessments of information security systems.Future Developments and Challenges Current technological trends are likely to continue in the foreseeable future. Withthe rapid and accelerating pace of change in technology, a discussion of the pervasivetechnologies and their prospective impact to information security is warranted.Mobile technology Today’s smart phones are truly mobile computers; some have greater processingpower than desktops from less than a decade ago. Penetration rates in more advancedcountries have exceeded 50% and have reached 78% in the United States. [15] This trendwill rapidly be replicated in emerging markets like the Philippines, particularly with thecommonplace availability of smart phones retailing for less than one hundred US dollars. With the advent of mobile commerce and the Philippine propensity for rapidadoption of mobile phones, there will be a host of new, unforeseen security challenges. Thiswill be accelerated by the deployment of LTE empowering mobile broadband by the localtelecommunication carriers. Compounding the security challenges with mobile is the lackof a legal framework and the non-existent registry of mobile SIM cards: attackers utilizinga mobile platform will enjoy even greater anonymity. Initial malware on the mobile platform were largely limited by the fragmented,proprietary operating systems that ran the previous generation of phones. The industryhas already consolidated to four major mobile platforms: Apple’s IOS, Google’s Android,Windows Mobile and Blackberry. With this convergence, the mobile platform presents atantalizing target for cyber-attackers. There have been numerous incidents involving socialengineering with deceptive messages sent to victims asking them to send money to processtheir contest winnings or to help a friend or relative in a supposed emergency situation.
  • 115. 115ICT Development and Cyber Security ReaderVideo/Voice Over IP (VOIP) Skype™was one of the pioneers that allowed people to make voice calls, later addingvideo calls, for free utilizing IP technology. Nowadays, multi-party video conferencing isalready commonplace. The National Telecommunication Commission has issued VOIPlicenses for several years already. From an implementation and technology angle, VOIP isterrific: provision of clear communications enabled by constantly improving compressiontechnology. Commercialized form of 3-D hologram communication may soon beachievable. Cyber-attackers recognize that networks carrying voice and video data as anattractive target. A Brazilian CERT noticed an upsurge in scanning for VOIP traffic in theirhoney pot network. [16] Intruders that gain access to a VOIP system would potentially beable to monitor, access and even reroute all communications made through it.Outsourcing cyber-attacks Insofar as protecting information security systems are being outsourced to trustedprofessionals, cyber-attackers have also begun to resort to outsourcing. The Russianunderground market in cybercrime is vibrant. The inexpensive cost for outsourcing ofvarious methods of cyber-attacks is alarming; a sampling of the available services and itsprices is listed below: [17]Service Price in US dollarsHiring a DDOS attack $30 to $70 per dayEmail spam $10 per million emailsBots for a botnet $200 for 2,000 botsZeuS source code $200 to $500Hacking a Facebook or Twitter acct $130Hacking a Gmail account $162Scans of legitimate passports $5 eachTraffic $7 to $15 per 1,000 visitors from US & EUAs cyber-attacks continue to grow in sophistication, this development of outsourcingcyber-attacks will not only continue unabated, but likely escalate geometrically.Conclusion The notion of information security tends to be organization-specific. In thePhilippine context, there is a relatively high tolerance for risk. Even within the defenceestablishment, some of the prevailing attitudes are best characterized by the tongue-in-cheek responses gathered in a series of interviews: “Our approach is security throughobsolescence” and “It’s only 1’s and 0’s anyways, who can read it?” With the pervasivenessof the internet and technology in human society today and the resultant diminishing barriersof distance and geopolitical borders, information security must be everyone’s problem andresponsibility. The Information and Communications Technology Office under the Departmentof Science and Technology has already set policy that information and communications
  • 116. 116 ICT Development and Cyber Security Readertechnology must be governed due to its pervasive and essential nature in today’s society.[18] The recent attacks to deface government websites should serve as a clarion call forimperative action. Perhaps due to the technical or the rapidly evolving nature, some of thenational leadership still do not recognize the gravity of the situation, or lamentably, simplychoose to believe it will go away. For some context within the Philippine environment, consider the IT-BPO industry,a sunshine and rapidly growing sector of the Philippine economy:[19] 2011 2012 2013Industry revenues (USD) $11 Billion $13.6 Billion $16 BillionFull-time employees 638,000 772,000 926,000How much loss, potential or otherwise, must be suffered by the Philippine economyfor information security to be considered a matter of national security? What is the impactto this single sector of a single or a series of cyber-attacks or data breaches exacerbated byinadequate response from government? Government and the private sector must worktogether to secure our national interest.This article presented an overview of the current landscape of information security.From the motivational aspects behind cyber-attacks to a review of current commonthreats and attack variants to a presentation of the popular defensive strategies endingwith a forward look to future challenges and developments. Although technology andmethodologies continue to evolve, the human factor, not rapid technological advancement,continues to be the biggest source of vulnerability:· Many continue to blindly follow security standards set by governments andstandards bodies without proper evaluation of their suitability for their ownsituation.· Lax stewardship is the leading cause of security breaches in establishedorganizations.· Social engineering is still the most prevalent cause of data compromises.· Senior leadership, especially at the national level, typically fail to recognize thecritical nature of information security to their organizations until after a breach orother incident has occurred. If the Philippines were to experience a cyber-attack today, there is no single officeof primary responsibility within government to mount a coordinated response. At best, thecountry can only rely on the Philippine Computer Emergency Response Team (PHCERT),“… a non-profit aggrupation of Information Security Professionals providing Technical andPolicy Advisory Services Pro Bono Publico.”[20] The National Computer Center recognizesthe limited programs and projects that PHCERT can support: “PHCERT ONLY acceptssecurity incident reports from its members. Technical advice may be provided dependingon volunteer availability. Forwarding and coordination to the appropriate law enforcementagency can also be done if the situation warrants or member organization desires to do
  • 117. 117ICT Development and Cyber Security Readerso.”[21] On the legal front, although the Philippines recently enacted the CybercrimePrevention Act of 2012,Republic Act 10175, to empower law enforcement to better combatcybercrime, the Supreme Court issued a Temporary Restraining Order delaying itsimplementation by 120 days in response to questions about the constitutionality of certainprovisions. Information security is so pervasive that even a superpower like the UnitedStates and advanced societies like Japan with relatively unlimited budgets find it difficultto cope with the immense challenges. Government and private sector must cooperate tomake significant progress in this regard. Forging ahead, given the current landscape ofinformation security and its likely progression, the Philippines must take two foundationalsteps to improve its information security:1. Government must designate a single office of primary responsibility to prepare,mitigate, and coordinate a response to cyber-attacks; and2. Government and the private sector must work together and establish a pro-active,independent, fully-functional Computer Emergency Response Team (CERT) and/or Computer Security Incident Response Team (CSIRT).# # #ReferencesThis article relied extensively on the collective knowledge-base andexperience of the authors as well as sources from both the internet andprinted material. Similar references were grouped together for brevity.1;;;;; U.S. Department of Defense, Joint Publication 1–02: DOD Dictionary of Military and AssociatedTerms (November 8, 2010, as amended through May 15, 2011).9; Cyber-warfare – The new battlefront for Defence Forces by Dr. Peter Holliday
  • 118. 118 ICT Development and Cyber Security Reader13;; Guide to Intrusion Detection and Prevention Systems -; CyberSecurity Challenges in Developing Nations –Dissertation by Adam C. Tagert 12/1/2010,Carnegie Mellon University17 ”Russian Underground 101” by Max Goncharov, Trend Micro Incorporated Research Paper 2012- “2012 Programs” Presentation of the Undersecretary Louis Casambre, Executive Director of theInformation & Communications Technology Office of the Department of Science and Technologyon 21 June 2012 at the Chancery Hall of the US Embassy Manila.19 IT-BPO Road Map 2011-2016 Business Processing Association of the Philippines is the current Vice Chairman of the Overseas Security Advisory Council of the U.S. EmbassyManila, a federal advisory committee under the State Department. He also serves as the Chairmanof the Security Disaster Resource Group of the American Chamber of Commerce of the Philippines.He was a Consultant to the Office of International Policy and Special Concerns of the Department ofNational Defense and an Advisor to the Supreme Court. He was formerly with the Philippine CoastGuard Auxiliary 101st Squadron, where his last rank was Commander prior to retirement. He holdsa Master of Business Administration from the Ivey School of Business, University of Western Ontario,Canada, and a Bachelor of Arts degree in Psychology and Economics from the University of BritishColumbia. He is currently the CEO and President of PVB Card Corporation, and the Vice Chairmanof Bastion Payment Systems in the Philippines, and serves at the boards of several listed firms, bothin the Philippines and United States. Simoun has also been tapped as the speaker and lecturer formany engagements, including the Federal Bureau of Investigation and the National Defence Collegeof the Philippines.Wilfred is the founding CEO and President of Bastion Payment Systems. He formerly worked atUnisys for over a decade, where he was involved deeply as a senior systems architect on several notableIT projects of the Philippine government including the National Statistics Office Census RegistrySystem (CRS-ITP), Land Transportation Office, Philippine Ports Authority, and others. Beyond this,Wilfred also worked on many international, government and financial sector projects in the UnitedStates, China, Singapore, Hong Kong, Sri Lanka, Vietnam and Australia. Wilfred holds a Master ofScience in Computer Science degree from De La Salle University, Manila (with high distinction), anda Bachelor of Science in Computer Science from the same school. He is a Certified Rational UnifiedProcess Consultant.Carlos is the current Chief Security and Operating Officer of Bastion Payment Systems. He wasformerly the assistant director at the Computer Center of the University of Santo Tomas, where hecontinues today as a senior instructor for computer science. Carlos holds a Bachelor of Science inComputer Science from Chiang Kai Shek College Philippines and master’s degree units from De LaSalle University. He is a certified Cisco Networking Academy Instructor, and a Microsoft CertifiedProfessional.
  • 119. 119ICT Development and Cyber Security ReaderThe Need to Secure Our Cyber SpaceAngel T. RedoblePresident and CEO, ARMCI Solutions & ConsultancyA paper presented during the Cybercrime Law and its Implication to National Security on 6 October2012 at the Honor Hall, NDCP, Camp General Emilio Aguinaldo, Quezon City._______________________________________________________________________________The recent passing of RA 10175 has shifted netizens’ (Cyber Citizens) anxiety and wrathfrom the RH Bill, into cybercrime. While the “Cybercrime Prevention Act of 2012,”aims to protect the same people who are now protesting, various opinions are nowarising and questioning whether the law is constitutional and necessary to begin with.I have been an IT and Cyber security practitioner for 16 years, and I have beenpushing in my personal capacity this agenda (Cyber space protection) for over a decade now.Witnessing how cyber attacks have become dramatically sophisticated, I have foreseen thepossible catastrophic impact should these malicious hackers launch an attack against ourcritical infrastructures. So if you will ask me whether we need this cybercrime law or not,then my answer is YES we definitely need the law. In fact we needed it 10 years ago.I believe, however that the law was incorporated with some provisions that deviatedfrom its original objective; and that is to prosecute cyber criminals. But then again, thedefinition of what constitutes a cyber crime is very crucial in the implementation of the law.From a cyber perspective, a cyber crime includes (but is not limited to) the following: Identitytheft, compromise of confidentiality and integrity of information, distribution of wormsand Trojans, disruption of online services (DOS/DDOS), systems intrusions, unauthorizedmodification of data and other online information, information theft and installation anddistribution of unlicensed software. As we all know, the libel provision in RA 10175 pushedour netizens to all the more commit cyber crime by attacking websites owned by the differentgovernment agencies. While I do not agree with the way these perpetrators have aired theiropposition to the said law, I, on the other hand also agree that libel shouldn’t be consideredas cyber crime and that those who commit libel with the aid of ICT cannot and shouldn’tbe branded as cyber criminals. The Cybercrime law is obviously not a perfect law, but thenagain, nothing is perfect in this world of ours, such as life, and such as the cybercrime law.It still needs to be perfected.The libel clause, has caused wide-spread pandemonium with netizens and has beenused as an excuse for the recent activities, or rather ‘hack-tivities’. This flagrant demonstrationof disagreement by vandalizing government websites is exactly what the Cybercrime Lawaims to prosecute. These ‘hac-tivities’ not only were counter-productive, but also showedto the whole world, how vulnerable our systems are and how easy it is to disrupt onlineservices in the Philippines. This is sufficient enough to conclude that the Cybercrime Lawis indeed necessary and must be implemented as soon as possible.But above Cybercrime, what worries me more is the bigger threat to our cyber space,the threat of cyber war. The main actors in cyber war have evolved from script kiddies andhacktivists to cyber terrorists and nation-state sponsored hackers whose objective is no longer
  • 120. 120 ICT Development and Cyber Security ReaderGoods and Sevices Advertised on Underground Economy Servers*2009 2008 2009 2008 Range of Prices1 1 Credit card information 19% 32% $0.85–$302 2 Bank account credentials 19% 19% $15–$8503 3 Email accounts 7% 5% $1–$204 4 Email addresses 7% 5% $1.70/MB–$15/MB5 9 Shell scripts 6% 3% $2–$56 6 Full identities 5% 4% $0.70–$207 13 Credit card dumps 5% 2% $4–$1508 7 Mailers 4% 3% $4–$109 8 Cash-out services 4% 3% $0–$600 plus 50%–60%10 12 Website administration credentials 4% 3% $2–$30Overall Rank PercentageItemGoods and Sevices Advertised on Underground Economy Servers*2009 2008 2009 2008 Range of Prices1 1 Credit card information 19% 32% $0.85–$302 2 Bank account credentials 19% 19% $15–$8503 3 Email accounts 7% 5% $1–$204 4 Email addresses 7% 5% $1.70/MB–$15/MB5 9 Shell scripts 6% 3% $2–$56 6 Full identities 5% 4% $0.70–$207 13 Credit card dumps 5% 2% $4–$1508 7 Mailers 4% 3% $4–$109 8 Cash-out services 4% 3% $0–$600 plus 50%–60%10 12 Website administration credentials 4% 3% $2–$30Overall Rank PercentageItemto merely deface websites and steal facebook accounts, but to disrupt and compromise theeconomic security of our country.By definition, one of the pillars of National Security is Economic Security. And incyber war, the enemy can successfully take down the economy of a nation or state, by merelypressing the enter button. A cyber terrorist can cause havoc without necessarily blowinghimself up. A nation spy can steal and gather vital information about a specific countrywithout being physically present in the target country. In this modern and technology-driven world, the war has shifted from guns and bombs to bits and bytes. And it has beenperceived that a war using cyber space can be won without firing a single bullet.On the other hand, the Cybercrime law, while necessary, is also limited in termsof proactively protecting our cyber space. It is by nature reactive. And much like our otherlaws, ‘No crime, no use’. In addition, there is also the issue of attribution, ‘Who has doneit?’. While others claim that it is easy and possible to trace the real source of an attack andidentify the real perpetrator, I have to disagree in the strongest possible term. Having beenexposed to the defensive and offensive areas of cyber security, I can categorically say thatit is very difficult and almost impossible to trace the real source of an attack, much moreidentify the real identity of the perpetrators. Using various hacking tools, hackers may“ In this modernand technology-driven world, thewar has shiftedfrom guns andbombs to bitsand bytes.”launch cyber attacks while sitting in an internet café or acoffee shop in Manila, Philippines, yet make it appear likethe attack is coming from other cities or countries. I believethat this is exactly the reason why the hackers responsiblein the recent cyber attacks are so defiantly aggressive- thefact that they are certain that they cannot be traced or thatthey know that the government is not equipped enough totrace and identify them. Make no mistake, Cyberspace is aborderless world and the internet provides a perfect coverand refuge to everyone, and these hackers have almostperfected the skills anonymity.I never failed to mention in all of my speakingengagements that there is a growing need to protect thePhilippine cyberspace from all potential external threats.Cybercrime deals with internal/local threats, while Cybersecurity, on the other hand, is more aligned with NationalSecurity. Paired together, you become secure both from internal and external cyber threats.As a private company, we can always deploy all policies and security mitigations to protectour organization, but who will protect our communication once it exits our organization’sarea of network responsibility?What will happen to the Philippine economy if our telecommunication providers aretaken down by massive and organized Denial of Service attack coming from both internaland external threats? Given the fact that our BPO businesses are heavily dependent onthese telecommunication companies, there is a possibility of losing the more than 10 billionpesos revenue and more or less the 900,000 jobs provided by the BPO industry. What willhappen to our country if cyber terrorists and nation-state sponsored hackers attack ourpower grids and distribution companies? Knowing for a fact that these companies haveSCADA (Supervisory Control and Data Acquisition) systems deployed and are using theinternet as a means of connectivity?
  • 121. 121ICT Development and Cyber Security ReaderConsidering the recent surveys conducted by different entities, the number andfinancial impacts of cyber attacks have increased at a rate faster than ever, even thoughcyber security measures are improving and becoming more sophisticated. This could onlymean one thing, that the people behind these attacks are always one step ahead of thosewho develop cyber security measures.The imminent danger posed by cyber terrorists, cyber criminals and hostile countries,to launch attacks that could cause grave damage, potentially leading to economic failure inour country must be considered as a basis to why there is a need to implement an effectivecyber security policy and address the broader issue of cyber warfare.There is no middle ground in cyber warfare; you can either be a victim or a pawnused to hide identities or to be used as a strike point to attack other nations. The increasingcomplexity of cyber weapons and cyber warfare issues makes it more difficult to deter cybersecurity threats. These facts make it all the more important for our country to address cyberthreats from an international perspective down to the national level.As focus grows on cyber security all over the world, nations are now seriouslyconsidering cyber security threat as a national security issue. A threat that if realized couldpossibly affect a nation’s very reason of existence. A threat that could easily be exploitedby cyber criminals, cyber terrorists and rogue nations who are continuously seeking to takedown other nations considered to be an adversary.Compromising the critical infrastructure’s network system of our country couldprovide a catastrophic effect on our capability to function economically and socially.The focus now, should no longer be directed to ‘whether the Cybercrime law wasnecessary’ but rather, in calling both private and government entities to actively respond tothe call for Cyber security. A strong relationship, cooperation and coordination between allgovernment agencies together with the private sector would be a key factor in the successof deterring cyber threats. Cyber war cannot be won by merely calling in the military.While integrating cyber security issues to the military doctrine is a good idea, as well asformulating cooperation and coordination strategy internationally, the involvement of theprivate sector is still an integral part to effectively defend our cyber space.# # #_________________Angel is the President and CEO of ARMCI Solutions & Consultancy. He is a holder of anMA degree in Information Security Management from UPSAM-ASIMILEC in Madrid,Spain. Angel is a Certified Ethical Hacker and Computer Hacking Forensic Investigator withover 16 years of local and international experience in consultancy related to cyber security.His extensive experience includes vulnerability assessment, penetration testing, cyberwarfare, enterprise security risk assessment with focus on information security threats andvulnerabilities. A Certified Lead Auditor of ISO 27001 Information Security ManagementSystem and completed the Cyber Warfare: Weaponry and Strategies of Digital Conflictprogram from Technolytics Institute (USA), he is a founding board member and Director forInternational Society of Cyber Security Professionals focusing on Cyber Warfare Researchand Capability and is a member of the Association of Certified Fraud Examiners (ACFE).
  • 122. 122 ICT Development and Cyber Security ReaderNational Security Implications of R.A. 10175:A Defense PerspectiveDirector Nebuchadnezzar S. Alejandrino IChief, Information Management Office, DND________________________________________________________________________5th Domain Cyberspace is the 5th Domain the other four are Land, Air, Water,and Space. It is now fast becoming a reality that no modern army in the worldcan defend its territory and people without strengthening and securing her cy-berspace where government, commerce, and industry are highly dependent.Asymmetrical Warfare The Philippines, having lesser economic resources and military assets at hercommand, to contend against external enemy equipped with modern arsenals, is leftwithout a choice but to bring the future battle to a manageable and winnable chancebased on what she has. And that manageable and winnable chance is offered in thebattle for control of the 5th Domain. Asymmetrical warfare, in this context doesnot become an attractive proposition, but also becomes a de facto major strategy.Cybercrime Law: First Logical Step Thus it follows that when that country whose winnable chance in defendingthe country against a formidable foe is in cyberspace, must begin to educate its lead-ers in this new reality and prepare the minds of the public in the ensuing strategiesand policies of the state. And that strategy is seen in the passage of RA 10175. It is anunderstatement that the country’s passing of this law is not only the first importantstep, but the first, logical, and critical step in building her defense and assuring herpeople that the government is on top of the situations. For the government will beremised not to use all the options available in defending her territory and people.Cyber Patriots If one perceived and or imagined enemy has been reported to be train-ing 28,000 cyber warriors, then preparing the Filipino patriots to defend thecountry in any way they can, is not too much to ask in this time of technology’suntried and untested times. The passage of the cybercrime law ushered that erawhere cyberspace becomes not only a byword and a second nature to all, butalso an active defense to social, economic, political, and national security threats.
  • 123. 123ICT Development and Cyber Security ReaderNational Security Implications The implications of RA 10175 in national security are simple and obvious.We need it to open our eyes to the technology available to us and the strategy itoffers. We have to wake up to the sad facts that we have inferior defense against amodern adversary. We need to convince all the leaders to get their acts together.The cybercrime law is not only a law to punish criminals and civil offenders, butalso, it is a law that places everybody on notice, that WE have to ACT, and to actNOW to confront first the criminal elements, then the emergent enemies of the state.Revolution In Military Affairs The Department of National Defense, the government agency constitu-tionally mandated to defend our territory, the state, and her people welcomesRA 10175. For it will not only fast track the awareness level of our leaders andpeople on the criticality of the 5th Domain and the technology available to usin dealing with a more powerful adversary, but it will also prod the peopleto learn to engage this new technology in constructive ways and in conflict.Hence, we need to be inventive and creative in confronting national securitychallenges both in real mode and virtual mode in cyberspace. The recognitionof this new paradigm and the AFP’s revolution in military affairs (RMA) thatthe ‘cyberspace awareness’ may consequently bring to fore, is an important,logical, and critical step towards staking our claim to independent nationhood.Incipient Issue There is a developing incipient concern that is doubtful. That concern is thecry of alarmists that the prevalence of critiques and objections to the cybercrimelaw will mushroom into a situation that may eventually affect national security.The contrary opinion on this issue, however, assumes that it is in the interest ofthe State to allow the healthy debate not only as a release valve, but in democraticcountry like ours, every voice must be heard. I believe that the noise that the CyberCrime Prevention Act of 2012 generated will neither flourish in the shorter termnor in the longer term. The Filipino culture, our respect for authority, and themajority of the 100 million Filipinos, will serve as the enemy of our future enemies.# # #
  • 124. 124 ICT Development and Cyber Security ReaderFighting the Crime of the Future:Responding to the Challenges of CybercrimesAssistant Secretary Geronimo L. SyDepartment of Justice_______________________________________________________________________________ICT Impact on Crime and Security Countries and states around the world today experience the endless challenges ofthe use and abuse of modern technology. Technology provides ease and comfort and thebenefit of applying science to problems. It can also be used to harm humans and society. Our need for technology is evident in almost every aspect of our lives: health,education, economy, and governance and law enforcement. Leveraging technology forjustice is a most novel and pressing need today. As civilization influences, inspires, and forces the global population to upgradeand transcend the current state and quality of life, the Philippine government is now facedwith the current challenge of coping with the strained capacity to provide protection tolives and justice for the people. Indeed, the internet is a promising zone for advanced communications and nearlimitless space for information and data sharing which authorities must engage, harnessand optimize. When crimes or criminal behavior extends to the cyberspace, the hand of the lawmust extend and operate to ensure the same level of protection and safety.Cybercrime: The Crime of the Future Cybercrimes are committed with or through the use of ICTs such as television,radio, cellular phone, computer and computer network, and other communicationdevice or application. Cybercrimes are punishable under special cybercrime laws andsubject to distinct law enforcement provisions. This much is acknowledged from a globalperspective. When compared to counterpart crimes committed in the physical world, multipleunlawful acts can be executed or performed by a single cybercriminal for a very shortperiod of time potentially affecting a vast number of users. In particular and for examplein cases of child pornography, the spread of the illegal criminal material can easily reacha wider and more perverted audience. Culprits can hide themselves, their locations andidentities because of the cloak of anonymity that is the internet. The impression thatcyberspace is a zone of impunity that is beyond the law or regulation is not misplaced.
  • 125. 125ICT Development and Cyber Security Reader There are various types and kinds of cybercrimes, based on the strictnessand scope of categorization. The International Convention on Cybercrime (CoC),1thefirst international treaty that seeks to address computer and internet crimes throughinternational cooperation, categorizes cybercrime offenses into four: (1) offenses againstthe confidentiality, integrity and availability of computer data and systems; (2) computer-related offenses; (3) content-related offenses; and (4) offences related to infringements ofcopyright and related rights.2Cybercrimes in the Philippines In a 2010 report of the security software firm Symantec, 87% of Filipino internetusers were identified as victims of crimes and malicious activities committed online. Thefollowing activities were: (1) malware (virus and Trojan) invasion; (2) online or phishingscams; (3) sexual predation; and (4) services in social networking sites like Facebook andTwitter. Since its creation in 2003, the Anti-Transnational Cyber Crimes Division of theCriminal Investigation and Detection Group (ATCCD-CIDG) in the Philippine NationalPolice (PNP) has already investigated 2,778 cybercrime cases.3ATCCD-CIDG Cyber Crime Cases Investigated Statistics CY 2003-2012________________________________________________________________________Year 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012No. of 30 50 155 523 171 300 268 286 433 562Cases ________________________________________________________________________Cybercrime Convictions The first case of ‘cybercrime’ in the Philippines in recent times was in 2000 with theonset of the “I Love You” virus. The case filed against De Guzman was dismissed at thefirst stage because there was no law punishing the deed as of that time in May 2000, in thePhilippines.4 On 14 June2000, Republic Act 8792 or the Electronic Commerce Act was signedinto law. The E-Commerce Act positioned the Philippines as the third country to enactan e-commerce law, next to Singapore and Malaysia. It placed the Philippines on the listcountries which penalize cybercrime. The first cybercrime conviction was in September of 2005, which was filed by thePNP-CIDG. The accused was convicted for hacking of the government portal “”and other government websites.5 A case investigated by the National Bureau of Investigation (NBI) led to thesecond cybercrime conviction in 2006. The accused was employed in a business processoutsourcing (BPO) provider in the country and illegally secured credit card informationfrom the company’s sister firm. The said cases were the only cybercrime convictions in thePhilippines which were secured under the provisions of E-Commerce Law.6
  • 126. 126 ICT Development and Cyber Security Reader Presently, cybercrime cases are still dealt with using existing cybercrime-relatedlaws. These laws are as follows: RA 10173 or the Data Privacy Act of 2012; RA 9995 or theAnti-Photo and Voyeurism Act of 2009; RA 9775 or the Anti-Child Pornography Act of2009; RA 9208 or the Anti-Trafficking in Persons Act of 2003; RA 8792 or the E-CommerceAct of 2000; RA 8484 or Access Devices Regulation Act of 1998; and RA 4200 or Anti-Wiretapping Law.Cybercrime Prevention Act of 2012 President Benigno Aquino III signed into law RA 10175 or the CybercrimePrevention Law on 12 September 2012, which adopted the basic approach of the CoC.It took effect on 3 October 2012 and was immediately challenged by 15 petitions whichquestioned the constitutionality of some of the law’s specific provisions, among othersthe sections on: cybercrime offenses (Sec. 4); inclusion of RPC and special laws-definedand penalized crimes and imposing higher penalty when these are committed throughor with the use of ICTs (Sec. 6); real-time collection of traffic data (Sec. 12); restricting orblocking access to computer data (Sec. 19); and the provision on noncompliance (Sec. 20).The Supreme Court subsequently issued a temporary restraining order (TRO)on the lawon9 October2012. The TRO is set to last for a period of 120 days, ending on 6 February 2013,while oral argumentations are scheduled on 15 January 2013. On the same date when High Court issued a TRO, the Department of Justice(DOJ), in partnership with the Information and Communications Office of the Departmentof Science and Technology (ICTO-DOST), held the first ever cybercrime forum that waslive-streamed on the internet. The forum was attended by different organizations andinstitutions from the government, private sector, media, academe, non-governmentorganizations and civil society clubs.7The forum sought to clarify misgivings about thelaw, and muster the support of various sectors and transform it into a multidisciplinarycoalition that will help craft the implementing rules and regulations (IRR) of RA 10175.International Cooperation The Cybercrime Prevention Act is not a Filipino invention. Elsewhere in the worldlike the United States, Japan, and European Union, there are existing policy models andtemplate laws that are of great standard, and are endorsed for emulation and adoption.In our case, RA 10175 was largely based on the provisions of the CoC of the Council ofEurope (COE). The Philippines was invited to accede to the CoC in 2008. A cybercrime law likethe RA 10175 that is compliant to the provisions of the convention is primarily needed forthe country to be a signatory to it.8 It is constructive for the country to be part of this very first International CoCbecause of the transnational support and cooperation that will be established andstrengthened among the nations party to it. The Justice Department is set to cooperatewith the US Department of Justice (US DOJ), International Criminal Police Organization(INTERPOL), and European Police Office (EUROPOL), for mutual legal assistance and towork on extradition cases involving cross-border crimes.
  • 127. 127ICT Development and Cyber Security Reader The government must support the participation of our national law enforcementunits in the Cybercrime Technology Information Network System along with 9 othercybercrime enforcement units in Asia namely China, Hong Kong S.A.R., India, Indonesia,Korea, Malaysia, Singapore, Thailand, and Japan.9This further improves our linkages tofight cybercrimes.DiscussionThe Need for an Effective Anti-Cybercrime Law The policy aim of Cybercrime Prevention Act of 2012 is to establish and protect anICT environment that would lead to a safe participation in the modern systems of exchangeand provision of data and knowledge. It also aims to safeguard the integrity of the systemsand networks of computers and communications, and databases, and protect the integrity,confidentiality, and availability of information and data stored within from abuse andmisuse. Furthermore, it aims to strengthen the cooperation of Philippine anti-cybercrimeauthorities and bodies with their counterparts in other countries. The law also provides empowerment and mandate, to the LEAs such as the NBIand PNP with regard to the collection, recording, preservation, disclosure, search andseizure, custody, and destruction of electronic information or data. The law also states asa requirement the cooperation and assistance that service providers10should give to LEAsin relation to the said enforcement and implementation functions. AlthoughtheoriginalintentofRA10175istofocusonpunishingthecorecybercrimeoffenses like cyberterrorism, hacking, phishing, child pornography and cybersex, our ownlegislative process resulted to the creation of a law that has a mixed up structure andimprecise phraseology, where the focus is held in disarray and distanced from its genuineintent. The enacted law has a provision that punishes online libel with a heavier penalty.This archaic provision of the law runs contrary to the growing international trend ofdecriminalization of libel that is in line with the Philippine government’s mandate toprotect and promote civil and political rights of its people.11 The law also has a provision on cyber-squatting that should not be part of a majorpenal legislation on cybercrime but of another piece of statute or public-private partnershipefforts. The legislation also confuses cybercrime with cybersecurity, even though thetwo are different concepts and have a lot of separate areas of concerns. Cybercrime is apenal legislation while cybersecurity is an information technology (IT) policy framework.12It would have been better if the Congress had passed separate bills on cybercrime andcybersecurity to give clearer focus on the importance of each of the major ICT concerns. The provision on cybersex13makes prostitutes and sexually exploited andtrafficked women liable to the law. This provision, among other provisions discussed inthis paper, needs to be clarified in the IRR once the suspension of the law implementationis already lifted.
  • 128. 128 ICT Development and Cyber Security Reader Furthermore, RA 10175 also punishes all crimes under the Revised Penal Code(RPC) and other special laws which are committed through and with the use of ICTs withpenalties one degree higher than those provided for by those laws.14The philosophy of thelaw15meting out heavier punishment for people who use modern technology for crimesis already out-of-date, for even the government itself can have the advanced technologicalcapability to seize law violators and combat State enemies. Moreover, that provision doesnot recognize the Philippine society’s rapid and radical transformation in the direction ofthe digital era. The law must not deviate from its original purpose. A cybercrime prevention lawshould punish ICT crimes which were not covered and anticipated by the RPC and otherspecial laws.16The timeline of cybercrime legislation A cybercrime prevention law should be used against transnational organizedcrimes and national criminal syndicates, and not against the principled media, not againstthe exploited and abused victims, and not against law–abiding everyman who exerciseshis right to free speech and expression.17DOJ’ Comprehensive Implementation Plan18 Substantially formulated between 2006 and 2007, and finalized after the firstInternational Cybercrime Conference (ICC), a consolidated cybercrime bill was producedafter weaving and harmonizing the provisions of numerous versions of the bill. Thegovernment then created the ICT legislation strategy which aims to adopt a three-prongedapproach in crafting ICT-related laws to highlight priority areas with a consideration ofthe dynamics of passing ICT-related bills. The three domains are data privacy, cybercrimeand cybersecurity.Revised PenalCodeRevised PenalCodeRevised PenalCodeSpecial PenalLawsSpecial PenalLawsCybercrime1932 1960s 2000 2012(E -Commerce Act)
  • 129. 129ICT Development and Cyber Security ReaderThe three-pronged approach of ICT legislation strategy The DOJ participated in the crafting of the Data Privacy Act, which the Presidentsigned into law on 15 August 2012. What followed was the enactment of RA 10175 but notwithout challenges and difficulties as explained previously. RA 10175 designates DOJ as the central authority for the implementation ofthe law that entails international mutual assistance and cooperation in prevention andinvestigation of cybercrimes which naturally cut across borders.19 Once fully operational, the DOJ Office of Cybercrime20shall achieve the followingtasks and steps:1. Creation of a Joint Investigation Manual for Law Enforcement andProsecutors2. Creation of a Question-and-Answer Guide on Cybercrime3. Issuance of a DOJ Guide on Electronic Evidence including a directory ofspecialized forms4. Accession to the CoC of the COE.5. Building of a network of investigators, prosecutors and state counselsnationwide for timely response to cybercrime incidents. Due to the nature of cybercrime and the growing threat it poses to the institutionsof society and to the aspects of nation-building, a united front composed of various sectorscoming from different community levels is an ideal formation against cybercrimes. Localtask forces and anti-cybercrime report and monitoring centers are envisioned to be createdthrough the partnership of civil society and our police forces. Information, education andcommunication (IEC) campaigns for cybercrime awareness and prevention are to be heldby businesses, schools and media for their own constituents, and conducted with resourcesupport from the anti-cybercrime experts from the government and IT professionals’organizations. There shall also be clear guidelines and rules for cooperation between serviceproviders and LEAs in order to develop mutual and beneficial relationships between theparties.World without Crime or Cybercrime? There is no such thing as a perfect crime, likewise a perfect cybercrime. These crimeswill surely leave traces and details which will inevitably lead cybercrime investigators,police forces, and courts of our justice system to pursuing, prosecuting, and convictingcybercriminals.Int’l CybercrimeConference (2007)Data PrivacyCybercrimeCybersecurity
  • 130. 130 ICT Development and Cyber Security Reader Equally, there is no such thing as a perfect law that can absolutely annihilateand prevent cybercrimes. Laws are as good as their implementers. Effective laws shapethemselves in the enforcement process; and a good system of laws and lawmaking is theone which accommodates changes and overhauls imperfections and deficiencies of existinglaws based on evidence-based inputs and feedbacks from the enforcers of the law. The optimum solution to combatting cybercrime and foiling its threats to societywould be to embrace a proactive approach in the application of the law. There is a needfor stepping up of community efforts and forging stronger cooperation between the LEAsand the society at large. Only then can we effectively secure ourselves from the abuse andmisuse of ICTs. Only then could we aspire for a cybercrime-free society – a world that isfuture perfect. # # #Endnotes1 Because the CoC was opened for signature on November 23, 2011 in Budapest,Hungary, it is also called the Budapest Convention on Cybercrime.2 The categories of crimes specified are titles of cybercrime offenses stated in the text ofthe Budapest Convention on Cybercrime.3 See Accomplishment Report of PNP Anti-Transnational and Cybercrime Division(ATCCD-CIDG) Provision of the E-Commerce Law.4 See ATCCD-CIDG Chief Col. Gilbert C Sosa’s Country Report on Cybercrime.5 Ibid.6 The writer was responsible for the two cybercrime convictions as a young prosecutorin the Justice Department7 See news article “DOJ sets forum on cybercrime,” posted on DOJ website on 5 October20128 See Cybercrime legislation – country profile: Philippines, Council of Europe Project onCybercrime9 See Accomplishment Report of PNP Anti-Transnational and Cybercrime Division(ATCCD-CIDG) Provision of the E-Commerce Law10 RA 10175 defines service provides as (1) “any public or private entity that providesto users of its service the ability to communicate by means of a computer system”;and (2) “any other entity that processes or stores computer data on behalf of suchcommunication service or users of such service.”11 See news article“Sec. De Lima welcomes Presidents’ stance on the possibledecriminalization of libel and passage by Congress of the Anti-Enforced DisappearanceBill,”posted on the DOJ website on 18 October 2012.12 See the presentation of the writer titled “Fighting Cybercrime, Fighting for Integrity inCyberspace” during the 9 October 2012 Forum on Cybercrime Prevention Act that washosted by the DOJ and the Department of Science and Technology.13 RA 10175 refers to cybersex as “The willful engagement, maintenance, control, oroperation, directly or indirectly, of any lascivious exhibition of sexual organs or sexualactivity, with the aid of a computer system, for favor or consideration.”14 See Section 6 of RA 10175.15 See Article 14(20) of Chapter 4, Book 1 of the Revise Penal Code of the Philippines.
  • 131. 131ICT Development and Cyber Security Reader16 See statement of Justice Secretary Leila de Lima on the Cybercrime Prevention Act,posted on the DOJ website on 1 October 2012. 17 Ibid. 18 This subsection was part of a memorandum submitted by the writer to theJustice Secretary regarding the comprehensive plan of action of the DOJ Office ofCybercrime19 See Section 23 of RA 1017520 The writer was officially designated by the Justice Secretary as the Assistant Secretary-in-Charge for the Office of Cybercrime effective 01 October 2012 as per DepartmentOrder No. 816Sources1. ASEAN-EU Programme for Regional Integration Support – Phase II (APRIS II)2. Council of Europe, European Treaty Series – No. 185: Budapest Convention onCybercrime 3. Department Order No. 816: Designation of Personnel for the Office of Cybercrime4. DOJ sets forum on cybercrime, DOJ Statement on the Cybercrime Prevention Act, Full Transcript of the Forum on Cybercrime Prevention Actof 2012, 9 October 20127. Memorandum for the Justice Secretary: Comprehensive Plan of Action for the DOJ –Office of Cybercrime8. Norton Cybercrime Report for 2011, Philippine National Police, Accomplishment Report of Anti-Transnational and CyberCrimes Division (ATCCD-CIDG) on the Enforcement of Cybercrime Protection of theE-Commerce Law10. Republic Act No. 10173: Data Privacy Act of 201211. Republic Act No. 10175: Cybercrime Prevention Act of 201212. Revised Penal Code of the Philippines13. Sec. De Lima welcomes Presidents’ stance on the possible decriminalization of libeland passage by Congress of the Anti-Enforced Disappearance Bill,’%20stance%20on%20the%20possible%20decriminalization%20of%20libel%20and%20passage%20by%20Congress%20of%20the%20Anti-Enforced%20Disappearance%20Bill&newsid=13414. Sosa, Gilbert C., Country Report on Cybercrime: The Philippines(Paper)15. Sy, Geroniomo L., Fighting Cybercrime, Fighting for Integrity in Cyberspace(Lecture)
  • 132. 132 ICT Development and Cyber Security ReaderKey Structuring Principles in theCybercrime Law DiscourseMs Shirley Pelaez-Plaza, MNSASecretary General, NDCP Alumni Association, Inc.Closing Remarks presented during the Cybercrime Act and its Implication to National Security on6 October 2012 at the Honor Hall, NDCP, Camp General Emilio Aguinaldo, Quezon City._______________________________________________________________________________The weeks that followed the promulgation into law of Republic Act 10175 also knownas the “Cybercrime Prevention Act of 2012” had been the most challenging andpolitically charged in the history of Philippine cyberspace. Upon the enactmentof the controversial law, sentiments against it, or some of its provisions, came rushing inlike a powerful tsunami that has swept both the executive and the legislative branches ofgovernment. Commentators, journalists, activists, members of the press, and a huge volumeof netizens here and abroad expressed utter disgust toward the new law and toward thosewho have contributed to its eventual enactment.If only to invite prodigious amount of attention to the complexities of cyberspacevis-à-vis the day-to-day workings of our people and nation, this Cybercrime Law reallymade great headway. Suddenly, Filipinos have become intensely interested in havinga deeper appreciation of the nexus between and among the elements and influences ofcyberspace, cybersecurity, criminality, constitutional rights, and politics. Netizens herein the Philippines and elsewhere have been closely following developments on this issue,indicative of the wide awareness on how such legislative handiwork will impact directly ontheir offline and online activities. Indeed, if there is any consolation to this massive uproaragainst Cybercrime Law, it must be the heightening of public attention on matters of publicpolicy, national interest and security.If we are to conduct ourselves in a very civilized and intelligent manner, everyonewho has a stake in this issue should be able to clear out the fog and cut through the noiseof knee-jerk reactions. We need to step back a little as we appreciate the bigger pictureby looking both at the upsides and downsides of the Cybercrime Prevention Act relativeto the basic tenets of our democracy, as well as the multitude of threats and opportunitiesthat exist in cyberspace.In order to structure and further focus existing efforts to merge and reconcileconflicting viewpoints on the Cybercrime Prevention Act, there are three cardinalprinciples that must be observed at all times regardless of the ferocity of public debatesand pressures.First, freedom of expression is a core element in a vibrant democracy. OurConstitution is a monumental testament to how this nation suffered from and reacted to aregime that had suppressed a long list of inalienable rights for a very long time. The framers
  • 133. 133ICT Development and Cyber Security Readerof the 1987 Constitution, guided by the spirit of that time, paid great emphasis on the nation’sdesire to preserve elemental rights and freedoms, including freedom of expression. Therecan be no debate about the fact that freedom of expression is one of the basic foundationsupon which our democracy flourishes.When one is free to express his or her opinion on just about anything without unduemalice, public policies and governance are effectively enriched and well informed. Feedbackmechanisms brought about by this basic freedom put pressure on government officials,both elected and appointed, to ensure that a healthy and vibrant Philippine democracy liveson. To take away such basic freedom is a regrettable betrayal of the sacrifices of those whoworked and died for our it, and a step backwards in our collective and continuous effort tonurture our relatively young democracy.Second, vagueness in the law opens the legal gate for malevolent interpretations.Since the news of the enactment of RA 10175 broke out, much of public indignationcentered on its shadowy provisions whose potential to wreak havoc on our constitutionallyguaranteed rights sends a chilling effect especially on those whose professions, passions,and interests find safe refuge in cyberspace. Because of the perceived vagueness of some ofits provisions and the bothersome implications to law enforcement, the online and offlinepublic felt a great measure of anxiety, most especially on how the executive branch willinterpret, substantiate, and execute the law.Such palpable confusion in the minds of the educated public sits at the very heart ofthe debate. Those who have expressed reservations to this law rightly called the attention ofits crafters, urging them to be more precise in the parameters and standards contemplatedby RA 10175. These undefined and unrefined provisions constitute the “black holes” thathad sapped the law of most, if not all, of its credibility. Should policy-makers fail to plugthese holes, the public will really find it extremely difficult to appreciate its other good andwell-intentioned provisions.Third, no amount of public disgust can ever justify the cowardly acts of onlinevandalism and hacktivism. The public must be strongly discouraged against the temptationto admire those who deface government websites as a way to express opposition to a very“When one is freeto express his orher opinion on justabout anythingwithout undue malice,public policies andgovernance areeffectively enrichedand well informed.”unpopular law. Although it is commendable that thepublic is very much engaged in this issue, it also mustbe ensured that they are equally informed about thenuances and merits of the law they so despise. RA 10175also seeks to go after those cyber predators that thrivein child pornography, identity theft, cyber-squatting,hacking, and other unpleasant acts.Apparently, unscrupulous hackers takeadvantage of widespread contempt against certainprovisions of the law in order to push for the wholesalescrapping of RA 10175, which, for sure, will track themdown someday. It is indeed mortifying that hackers,amidst the fury over the RA 10175 and under thebanner of fighting for freedom, victimized governmentwebsites whose functions are very crucial in the day-to-day workings of our economy and the delivery of basic
  • 134. 134 ICT Development and Cyber Security Readerservices. What is even more bothering is that some, if not many, of our netizens seem tohave even come to the defense of these wrongdoers. It must be emphasized that the passionto defend basic rights should never eclipse fair and intelligent discussion of the issues. Allopposition to this law, or any other law for that matter, must be expressed through proper“The controversyabout theCybercrimePrevention Actpresents anotherchannel by whichthe people caninfluence policieswith direct impacton national security.”means and channeled to the right forum. Dastardly actsof hacking and defacement cannot blur the unmistakableboundary between intelligent discourse and barbaricsaber-rattling.These important principles must be taken toheart by those who genuinely intend to take part infruitful and civilized public debates.ThecontroversyabouttheCybercrimePreventionAct presents another channel by which the people caninfluence policies with direct impact on national security.The security landscape has significantly evolved toinclude a wide array of issues that defy the traditionalnotion of security. As the influences of cyberspacepercolate through all of the aspects of our individuallives and national security, it is therefore an imperativeto make sure that this gift of modern technology and human ingenuity will always serve toprotect the people’s collective interests, societal values, and national security.It should not be mistaken that there are those who really seek to sow destructionand chaos in cyberspace, for they know that much of our day-to-day workings depend onit. These dangerous elements are not a figment of anyone’s imagination; they really doexist. Thus, the country cannot afford to let cyberspace fall into the hands of those whoseek to pursue malicious and pernicious ends vis-à-vis national security. This CybercrimePrevention Act is a stark manifestation of a work in progress … a work that should be seenas a sum total of our desire to protect not just the individual citizen, but also the nation.As relevant stakeholders continue to debate on the matter, it should never escapeour consciousness that ours is a free and democratic country, faced with a slew of cyberthreats. Everyone should be hopeful that the nation can arrive at something way better …something that is more responsive to cyber threats and more observant of our democraticcredentials.# # #
  • 135. 135ICT Development and Cyber Security ReaderNew Frontiers In CyberSecurity:Its Adverse Impacts in the Philippinesand ASEAN RegionProf Chester B CabalzaMNSA Module Director (NSA 204), NDCP_______________________________________________________________________________The second decade of the 21st century has beckoned rapid and massive importanceof the information age. The boom of the internet, social media, wireless and “4G”technologies, or the new media, and other forms of Information and CommunicationsTechnology (ICT), have indeed inescapably transformed today and tomorrow’s pace ofliving. The birth of the “dotcom” era likewise decongests and shrinks the world into aglobal village. In effect, cybercriminals vis a vis cyber terrorists have learned and acquiredsophisticated technology, and exploit it as new weapon of mass destruction. Furthermore,cyber security1inclusive of cybercrime and cyberterrorism, form part of the human-induced disasters in the crisis management discourse.2 As information and communication technology continue to invade and pervadehuman life; the risks for cybersecurity, without doubt will continue to grow. Certainly,the use of technology by cybercriminals and cyberterrorists attacks is plausible. Our veryglobal way of life depends on the secure and safe operations of critical systems that dependon the cyberspace. Precisely, ensuring cybersecurity requires a high degree of competencyand technical expertise from both government and private sectors and other concernedagencies.3 Cognizant of the imminent dangers caused by the emergence of cybersecurity asone of the security concerns that the ASEAN region must address and confront with, thenature of top security issues in Southeast Asia are more or less transnational, encompassingmore than one country. It is also a crisis management4dilemma which may involve plansand institutional arrangements to engage and guide the efforts of government, non-government, voluntary and private agencies, in comprehensive and coordinated ways torespond to the spectrum of crisis needs. However, much of this does not mean that Southeast Asia’s resurgence can beattributed to a relatively stable regional security situation which set the stage for continuedintegration of the region’s economies. Nevertheless, this does not mean that ASEAN regiondoes not face significant security challenges. Being part of the larger regional securitycomplex of the Asia-Pacific, it also faces wide range of traditional, non-traditional, andtransnational challenges. Obviously one of which is the complexity of cybersecurity. The challenges, both old and new, affect the security interests of all nation-states in the region, and because of the increasing economic significance of Asia, that of
  • 136. 136 ICT Development and Cyber Security Readernations around the world. The transnational nature of cybersecurity underscores the needfor transborder cooperation and dialogue since this threat cannot be solved by any onenation.The Power of Social Media in Southeast Asia Southeast Asia is ably considered as one of the promising techno hubs for youngand gadget-oriented consumers in the world. With over half a billion population livablewith hip and young dynamic peoples and growing economy, it is only fitting to admitthat this region will have tremendous contributions and adaptations to the interactiveand high-tech world of social media. Expectedly, there are also dangers caused by thephenomenal success of social networks in the region’s cybersecurity infrastructures. Social Media is defined as a group of new kinds of online media, which shares mostor all of the following characteristics that [1] encourages participation, [2] open to feedback,[3] two-way conversation, [4] forms communities, and [5] thrives on connectedness(Mayfield, 2008). Henceforth, social media has created, mobilized, and demonstrated wavesof consciousness and action that reach much more people than traditional industrialmedia. As much as social media has the ability to draw together mass involvement in apersonalized way, it also does so in an unsupervised manner, thus crafting it as a potentialthreat to human security. Consequently, this formulates social media to be a tool that bothaugments and degrades human security (Romero, 2009) with leveled off boons and banesof cybersecurity landscapes in the current deterritorialized playing field. A 2012 report released by Nielsen revealed that social media receives a strongtrust rating among consumers in the ASEAN region particularly in Vietnam, Thailand,the Philippines, and Indonesia. Accordingly, although television still reigns (9 out of 10people in Southeast Asia watch “Free to Air TV”), but online has grown rapidly in reachand influence in the last decade.5 Others would believe that there are benefits of social media marketing that includesthe following: [1] it generates exposure for the products/business, [2] it improves webtraffic and the opportunity to build new partnerships, and [3] it generates qualified leads. In the sphere of social media to date, Twitter – a popular microblogging servicethat was launched in July 2006 claims popularity based on userbase in the world, toppingall other social networking services. In a report by the social media monitor Semiocastrevealed that in the “Twitterverse” two Southeast Asian countries, namely, Indonesiawhich ranks 5th spot while the Philippines which places 10th spot are hooked to Twitter’sever growing 517 million users based from the worldwide rankings (Montecillo, 2012).Initially, it was Facebook that held the most popular spot among the social networkingsites around the world having 835,525,280 users as of 31 March 2012. The Wall Street which purports to offer analysis and commentary for investorsproclaimed the Philippines as the “Social Networking Capital of the World,” (Hamlin,2011). Furthermore, in a 2008 study conducted by McCann Universal, Filipino netizensranked: first in social networking, first in sharing photos, first in viewing videos, second toSouth Korea in reading blogs, second to Brazil in sharing videos, fourth in writing blogs,
  • 137. 137ICT Development and Cyber Security Readerfourth in downloading podcast, and sixth in using RSS/feeds. Accordingly, email (63%),instant messaging (63%), and search (58%) are the most common online activities forFilipino internet users with social network site usage at (51%).6 Reasonably, the Philippines is leading other member-countries of ASEAN inexamining conscientiously many pivotal issues of cybersecurity threats in the region.Having been recently achieved the newly-industrialized country status, our country isnow becoming a hot player and emerging powerhouse in the global village’s playingfield when it comes to ICTs. It is now ranked as the global topnotch for Business ProcessOutsourcing (BPO) in the voice sector; still considered as the “texting” or SMS capitaland one of the active hot players in social networking around the world. Previously, thePhilippines was cited in 2002 by Global New Economy Index of the Meta Group for its“excellent availability” of skilled IT workers with compliment for the Filipinos’ technicaland business skills, such as in mainframes, minicomputers, and microcomputers, and fortheir technical and business skills in ICT projects.7 Thus with the expanding sphere of influence of social media worldwide, it hasled many governments to acknowledge the power of social media to engage its citizensto participate in state-sponsored activities such as elections and policy-making. Nowindividuals with well-known reputations such as journalists have a well-establishedreadership. Other individuals have emerged as “stars” within the political blogosphere,developing an established network of contacts and readers. Popularity is driven by groupidentity be it race, ethnicity, gender or sexual orientation. These blogs draw readers thatare untapped by traditional media. Thus, blogs facilitate the creation of a network of like-minded individuals (Pole, 2010). However, there are various social media governance issues that must be addressed,as pointed out by experts and practitioners, such as the following: [1] how shouldorganizations regulate and mange the use social media by their staff during work hours?[2] what sort of risks do organizations face, in terms of potential data loss, unregulatedcommunication of confidential information and work time? [3] should social media sitesbe blocked or disallowed in government institutions and private firms as a whole? [4]how should the government address the use and abuse of social media in its campaign fortransparency, fair and open exchange of information, and reducing corruption to ensurewise use of resources? and [5] how to define and adopt a social media policy, includingroles and responsibilities, communications and training, and metrics and monitoring?(Malacaman, 2010).New Forms of Cybercrimes The cyberspace has led to some government and private experts to conclude thatcybercriminals are at the threshold of using the internet as a direct instrument of heinouscrimes and bloodshed. The new threat bears little resemblance to familiar financialdisruptions by hackers for viruses and worms (Cabalza, 2011). The United States’ Federal Bureau of Investigation (FBI) recently estimated that the“lovebug”8made by a Filipino student in 2000 has caused worldwide damage amountingto approximately USD$12 billion. Hence, threats to the financial systems will have direconsequences for nations’ ability to operate effectively and efficiently.9
  • 138. 138 ICT Development and Cyber Security Reader Criminals look for easy prey. But states can combine the criminal hacker’stricks, such as spear-pishing, with the intelligence apparatus to reconnoiter a target, thecomputing power to break codes and passwords, and the patience to prob a system untilit finds a weakness. Computer bugs can bring down military email systems, oil refineriesand metro trains derail, financial data are scrambled, and electrical grid goes down. Asa matter of fact, cyber-espionage is the biggest intelligence disaster since the loss of thenuclear secrets.10 The Economist report divulged about nine-tenths of the 140 billion e-mails sentdaily are spam; of these about 16% contain money-making scams, including “phising”attacks that seek to dupe recipients into giving out passwords or bank details. The amountof information now available online about individuals makes it even easier to attack acomputer by crafting a personalized e-mail that is more likely to be trusted and opened;and this is known as “spear-phising”.11 The Philippines’ National Bureau of Investigation (NBI) had handled 30 variouscybercrime cases as of 2005. These would include the following: computer fraud, internetpornography, hacking, computer emails, violation of the E-commerce law, and verification.12 Partly a primary cause of alarm is the reality that cybercrimes are new forms andtools of destruction and explosives or other deadly weapons. It can violate one’s freedomto life, liberty, property, and security. Furthermore, the resources to launch cyber attacksare very easy to access and one may not even know the attack has taken place until onlysometime after it was launched. In April 2012, a two-man Philippine contingent, including the author himself hadproposed the inclusion of cybersecurity as one of the top security threats in Southeast Asia,after which he drafted the Chairman’s Report on the adoption of cybersecurity in the FifthMeeting of ASEAN Defence and Security Institutions (NADI) at Siem Reap in Kingdom ofCambodia. In the said 5th NADI Chairman’s Report,13participants made a consensuspronouncement on the issue of cyber security to call for a collective action to look at theproblemofjurisdictionandlackofharmonizationoflawsrelatedtocybersecurityinASEANcountries. The presence of such harmonization would enable effective prosecution of cybercriminals. ASEAN needs to build cooperation and networks for intelligence reports, ona voluntary basis, among member-countries, including governments and private sectorcooperation. This is to increase intensive research on the security of the region’s cyberinfrastructures to minimize duplication of efforts. But legally speaking, what happens when enacted laws on cybercrimes becomedisharmonized? A case in point is the Philippines’ Republic Act No. 10175, otherwise known as, TheCybercrimePreventionActof2012,whichhasbeenlabeledasoneofthehighlycontroversialcybercrime laws enacted in Southeast Asia on a wider scale related to cybercrimes that wasrecently implemented but currently withheld. The hyperbole of calling it as the “DigitalMartial Law” recalls many of its flawed provisions that may threaten fundamental rightsand freedoms with its repressive perspective and regressive view of technology.
  • 139. 139ICT Development and Cyber Security Reader The brawling debates over the new statute centered on cyberspace becoming aplatform of the best and worst things that people can come up with when they are online.While it might be considered as a hotbed of game-changing ideas and artistic expression, ithas also turned into a breeding ground for trolls and cyberthugs ranging various felonies.Cyberterrorism as the Other Face of Cybersecurity Cyber terrorism is any premeditated, politically motivated attack againstinformation, computer systems, computer programs, and data that results in violenceagainst non-combatant targets by sub-national groups or clandestine agents.14 However, my initial theoretical framework as a social scientist on terrorism vis avis cyberterrorism as one of its domains, is the underlying factor that Anderson’s (1983)historical examination on the concoction of nationalism seems to have merit. In his analysis,he leaves open the idea that “imagined communities” is an ongoing and dynamic process.His framework lays the foundation for future examinations of “imagined communities”in new forms, and could be transformed into a virtual reality whereas the incursion of ICTvia the borders of cyberspace is now being felt.15 In Southeast Asia alone, audio-visual and print, especially the internet have nowemerged as the principal medium to disseminate subversive ideologies. Intelligencereports suggest that this capability is used for communicating with terrorist cells inselected countries in the region as well as throughout the world for gathering and miningintelligence targets, spreading propaganda, and for recruitment. The weapons of terrorism are no longer simply the guns and bombs that theyalways have been, but now include the mini-cam and videotape, editing suites andattendant production facilities, professionally produced and mass-marketed CD-ROMSand DVDs. And most critically, the laptop and desktop computers, CD burners and emailaccounts, internet and worldwide Web access that have denied the information revolutiontoday (Hoffman, 2006). The appalling side of new media is the quiet emergence of hundreds of uncensoredwebsites and social network sites that cling to rampant disinformation that may enticemillions of netizens. Given the scenario that the information superhighway may trespass acountry’s sovereignty, and given that there is little regulation on the internet; hackers meteout wide-scale reparations, malicious and damaging softwares that can ultimately createhavoc without fear of prosecution.16 Thus, the conjunction of 21st century internet and 21st century fanaticism hasturned the world into a tinderbox. Virtually every terrorist group in the world today hasits own internet web site and, in many instances, maintains multiple sites in differentlanguages with different messages tailored to specific audiences (Brown, 2005). The fluidity of cyberspace absorbed by the virtual regional or global communitycould succumb to further tension and deepen international debate caused by escalatingschism or difference among conflicting groups. This will also create a new online forumfor worldwide information warfare and a novel force in transforming today’s virtualgeopolitical in a fast deterritorializing world. Without much ado, cyberterrorists will grabevery opportunity to foster their own ideals in the netscape’s increasing bastion of freedomof expression that will resonate effectively from their supporters.
  • 140. 140 ICT Development and Cyber Security Reader In addendum, it would not be surprising, if by all means government officialwebsites, usually hosted by sloppy private industries’ Internet Service Providers (ISP)could increase espionage from cyberterrorists and can cause massive electronic attacks dueto lack of security mechanisms on computer systems. Violations occur when unauthorizeduser illegally accesses network computers that are forbidden to access. Recently, alien or foreign hackers and cyber attackers infiltrated some Philippinegovernment sites.17Thus, study would show that there is leeway that they could scytheeven critical and vital military, commercial, or monetary institutions from remote locationsto disrupt the free world’s defense and communications systems. Possibly, attackers couldhack into computer systems for information gathering or data altering, sabotage, andinstalling malicious codes. These malicious codes may be distorted in the forms of Trojans,worms, and viruses. There are also Deadly Distributed Denial of Service (DdoS) attackswhich employ “zombie” machines that are controlled by a master server. More or less, ithas the ability for taking down entire networks. Cyberterrorists could also apply information hiding by means of stegonographywhere one can simply take one piece of information and hides with another picture ordocument. This well-planned strategy could cripple infrastructures and bug down keygovernment sites and services.18 They have the clout to destroy and disrupt critical infrastructures in split seconds.With just the hit of a keystroke, one can send a fatal blow by simply sitting in his armchair,from thousands of miles away. That could wreak greater threats to a wider gamut ofannihilation from a mere nuisance to a larger national security problem.Jurisdictional Problems And Lack Of Laws On Cybersecurity I would still cling with my advocacy for a collective action to look at the problemof jurisdictional and lack of laws related to cybersecurity in Southeast Asia and otherregional blocs in the world that may impede investigations on cyber crimes and cyberterrorism. The task of enforcing laws would legitimize the prosecution and extradition ofcyber criminals in a globalizing world and transnational border. I am optimist that cyberterrorism is now being fought at the international level and recently the UN CounterTerrorism Committee (UNCTC) is responsible for coordinating cyberterrorism-relatedresponse and information exchange. Meanwhile, legal and security practitioners mustkeep abreast of this emerging non-traditional security and must be trained conscientiouslywith the fast-changing fads of technology and the many surprises of the internet. I would still suggest the same mechanisms I addressed in 2007 for the ASEANmember-countries to achieve a more responsive policy in a volatile and gullible securityenvironment of cybersecurity. Southeast Asia, which has tremendously experienceddifferent facets and prisms of terrorism, is now experiencing the effects of cybercrimesand cyberterrorism. Therefore, I propose that ASEAN countries should forge realisticagreements based from the following recommendations: [1] to build cooperation andnetworks for intelligence reports among ASEAN countries; [2] to engage in governmentandprivatecooperation.Toundertakecollaborativecollectionandanalysisofcybersecurity
  • 141. 141ICT Development and Cyber Security Readerrelated information; [3] to increase intensive research on the security of the region’scyber structures and minimize duplication of efforts, [4] to organize fora/forums forstakeholders (e.g. enforcers, prosecutors, and cyber users); and [5] to forge cooperation andinternational treatise initiated by governments and private cyber industries in the regionthat are necessary mainly because cybercrime and cyberterrorism are multi-jurisdictionaland cuts across border. Hence, there is a need to increase and ignite high-awareness levelon cybersecurity.Conclusion The regional security outlook in Southeast Asia is indeed faced with a wide rangeand/or combination of traditional, non-traditional, transnational, and crisis managementchallenges. The weight of cybersecurity which I proposed and adopted as one of the top fivesecurity issues in the region,19during the Fifth Network of ASEAN Defense and SecurityInstitutes (NADI), is an affirmation that cyber infrastructures apparently affect regionaland worldwide security. Future norms on this emerging security threat in the region mustbe further enhanced now to lessen the burden of destruction of life, liberty, property, andsecurity of individuals and nation-states. Cybersecurity is a new battlefront considered unimaginable in the past, one whichcreated a borderless world. Cyber attacks on national scale can make or break a nations’political and economic position. Nations with differences in policy and particular mattersof state interest will look beyond the traditional means of solving disputes and resort tothese cyber attacks. However, he still encouraged everyone to be unified and continue tostrengthen the collaboration not only with the private sector but also to global counterpartsin gearing towards an improved resilience to cyber incidents and to proactively reducecyber threats. Through shared principles, countries in the region as well, will build notonly stance as credible gatekeepers of cybersecurity but valuable guardians of nationalsecurity (Binay, 2012). In the end, the proper handling of related information through the use of variouscyber investigative techniques is very significant to help eliminate or reduce such threats.Sustaining institutionalized cybersecurity programs in Southeast Asia region will behelpful to continuously develop and improve the competency and skills of leaders andlaw enforcers in confronting this international security threat.# # #Endnotes1. Cybersecurity is the protection of data and systems in networks that are connectedto the internet. See information security, as defined in Cited from Chester Cabalza’s blog article on, “Cyberterrorism and Its Implicationson Global-Local Discourse in Southeast Asia,” uploaded on October 2009 at and-its-implications-on.html.
  • 142. 142 ICT Development and Cyber Security ReaderOriginally presented in the 2nd Graduate Forum on Southeast Asia Studies, AsiaResearch Institute (ARI), National University of Singapore (NUS), July 26-27, 2007.3. Ibid. The same texts are also quoted from the paper of the same author, presented inthe 5th Meeting of the Network of ASEAN Defense and Security Institutes (NADI),entitled “Strengthening Institutionalized Security Cooperation Stemming fromTransnational and Crisis Management Issues in the ASEAN Region,” page 9, held onApril 1-4, 2012 in Siem Reap, Kingdom of Cambodia.4. TheworkingdefinitionofCrisisManagementisquotedfromtheglossaryoftheNationalCrisis Management Draft Manual of the Philippines’ National Security Council (NSC),page 12, in collaboration with the Development Academy of the Philippines (DAP)and the National Defense College of the Philippines (NDCP), 2012.5. In Nielsen Holdings’ The Asia Media Landscape is Turning Digital, accessed from In Tonyo Cruz’s The Philippines’ Social Media and Mobile Statistics, accessed from Citedin In 2000, a solitary cyber law was implemented in the Philippines pertaining to theinternet and electronic communications called as Republic Act 8792, known as theElectronic Commerce Act or E-Commerce Act which was signed into law on June ofthat same year after the I Love You worm proliferated in the United Kingdom (UK)from the Philippines. At that time, there was no law yet to penalize an offender againstsuch perpetuation.9. In PowerPoint presentation of Rear Admiral Vicente Agdamag (Ret) on Cybercrime:How it Affects National Security, template number 9, in the Cybersecurity Forum atNDCP, February 26, 2012.10. Ibid. A case in point is the fiasco on the global Wikileaks.11. The Economist, Cyberwar: War in Fifth Domain at Because of the evolving domains of cybersecurity, Senator Santiago in 2009 passed abill in the Senate called, Cybernet Peeking, after the sexual videos of popular celebritiesin the country went viral. If passed into law, it would punish violators (uploaders)into two crimes: (1) capturing on photos and/or videos of the sexual act withoutthe partner’s consent, and (2) broadcasting these publicly without the consent of theaggrieved party’s (even if s/he consented to record the act to private viewing). Threeyears after, the Cybercrime Prevention Act of 2012 is now a newly enacted statuteafter the bicameral conference committee has approved the consolidated versionsof the measure from the Senate and the House of Representatives using the senateversion of the bill as its working draft. This covers the offenses such as hacking,identity theft, cyber-squatting, cyber-bullying, illegal access, child pornography,defamation and other internet-related crimes and seek to establish legal framework
  • 143. 143ICT Development and Cyber Security Readerfor the investigation, apprehension, and prosecution of cyber criminals (CybercrimeAct Consolidated Versions Okayed, Manila Bulletin, dated June 8, 2012, Full text of the Chairman’s Report of the 5th Meeting of Track II Network of ASEANDefence and Security Institutions (NADI) can be downloadable at’s%20report.pdf.14. Definition presented by the Federal Bureau of Investigation (FBI), available at Cited from Chester Cabalza’s paper on Deconstructing Human Security in thePhilippines which won the SMI-IFFSO Prize for Social Science Award (an internationalrecognition) from the International Federation of Social Science Organizations in 2011for his legal propositions to amend the anti-terrorism law in the Philippines.16. In Chester Cabalza’s blog article on Cyberterrorism and Its Implications on Global-Local Discourse in Southeast Asia.17. With the escalation of conflict on the contested Scarborough Shoal between China andthe Philippines, Chinese and Filipino “hactivists” recently engaged in a raging battleonline, rendering Philippine government sites inaccessible for some time.18. In reference to the examples cited from the training manual entitled InvestigatingCyberterrorism by the US Department of State.19. The top five security issues identified in the 5th NADI Meeting which is an annualmeeting of member-countries in the ASEAN are the following: Water and FoodSecurity, Maritime Security, Disaster Relief and Management, Terrorism and otherTransnational Crimes, and Cybersecurity.ReferencesA. Books / Academic Articles / Training ManualAnderson, B., (1983). Imagined Communities: Reflections on the Origin and Spread ofNationalism, London: Verso.Cabalza, C., (2011). Deconstructing Human Security in the Philippines, page 3, InternationalFederation of Social Science Organizations (IFSSO).Cabalza, C., (2011). Mouthpiece of the Bangsamoro in Southern Philippines,page 154, Asian Politics and Policy, Volume 3, Number 1, Wiley-Blackwell.National Security Council, (2012). National Crisis Management Manual (Draft), page 12, incollaboration with the Development Academy of the Philippines (DAP) and NationalDefense College of the Philippines (NDCP).
  • 144. 144 ICT Development and Cyber Security ReaderPole, A., (2010). Blogging the Political, page 8, New York: Routledge.Romero, S., (2009). Social Media and Human Security, page 35, National Defense Collegeof the Philippines, Quezon City.US Department of State and US Embassy Manila, (2006). Investigating Cyberterrorism (ATraining Manual), in cooperation with NDCP, Quezon City.B. Speeches / PowerPointAgdamag, V., (2012). Cybercrime: How it Affects National Security, powerpoint templatenumbers 4 and 9, Cybersecurity Forum, National Defense College of the Philippines,Quezon City.Binay,J.,(2011).Speechattheseminar-workshopentitledSeminarTowardsInformationandCommunications Technology Development (ICTD) and Cybersecurity Enhancement,National Defense College of the Philippines, Quezon City.Hoffman, B., (2012). The Use of the Internet by Islamic Extremists, Testimony before thePermanent Select committee on Intelligence, U.S. House of Representatives.Malacaman,J.,(2010).SocialMediainInformationSecurity:LessonsandIssues,powerpointtemplate numbers 7-10, National Defense College of the Philippines, Quezon City.C. News Articles / Blogs / WebsitesBrown, T., (2010). Death by Error. The Washington Post. Retrieved November 19, 2010from, C., (2009). Cyberterrorism and its Implications on Global-Local (Glocal) Discoursein Southeast Asia,, C. (2010). Cyberparks in the Philippines, Bureau of Investigation (2007), Cyberterrorism,, M.A. (2011). The Philippines: Now the World’s BPO and Social NetworkingCapital, The Manila Bulletin, 18 May 2011, accessed from, A., (2008). What is Social Media? E-book from iCrossing, accessed from
  • 145. 145ICT Development and Cyber Security ReaderMontecillo, P. (2012). Philippines has 9.5M Twitter Users, Ranks 10th, Philippine DailyInquirer accessed from, H., (2012). Cybercrime Act Consolidated Versions Okayed, Manila Bulletin,dated June 8, 2012, Cabalza is the Module Director for the Socio-Cultural Dimension of NationalSecurity at the NDCP, and concurrently works as the Supervisor of the Academic SupportSection. He obtained his BA Anthropology (2001) and MA Asian Studies (2008) from theUniversity of the Philippines at the same time works part-time as a Senior lecturer in thegraduate and undergraduate programs of the Department of Anthropology in UP Diliman.He became a Fellow of the PLA National Defense University in Beijing, China (2011). Healso sits as Board of Trustee and Chairman of Research and Special Projects of the IbanagHeritage Foundation, Inc (IHFI).He maintains a blog aptly called “Law and Society” at His blog follows the principle of lex et societies which contains researchpapers, commentaries, case digests, laws and jurisprudence, virtual ethnography, essayson domestic and foreign issues. As a scholar, he has presented his papers in variousinternational and local academic fora and published scholarly articles for peer-revieweddomestic and foreign journals. He was a recipient of the Angara Scholarship Award in UPDiliman (2006-2008) and the Southeast Asian Regional Exchange Program (SEASREP) bythe Japan Foundation (2000). In 2011, he won the SMI-IFSSO Prize for the Social SciencesAward (an international recognition) for his legal propositions to amend the anti-terrorismlaw in the Philippines. Prof Cabalza also wrote the Political Dimension of National Security(International) Module for the e-distance learning of the MNSA.
  • 146. 146 ICT Development and Cyber Security ReaderReferences
  • 147. 147ICT Development and Cyber Security ReaderS. No. 2796H. No. 5808Republic of the PhilippinesCongress of the PhilippinesMetro ManilaFifteenth CongressSecond Regular SessionBegun and held in Metro Manila, on Monday the Twenty-fifth day of July two thousandeleven.[Republic Act No. 10175]AN ACT DEFINING CYBERCRIME, PROVIDING FOR THE PREVENTION,INVESTIGATION, SUPPRESSION AND THE IMPOSITION OF PENALTIESTHEREFOR AND FOR OTHER PURPOSESBe it enacted by the Senate and House of Representatives of the Philippines in Congressassembled:CHAPTER IPRELIMINARY PROVISIONSSECTION 1. Title. — This Act shall be known as the “Cybercrime PreventionAct of 20123 .SEC. 2. Declaration of Policy. — The State recognizes the vital role of informationand communications industries such as content production, telecommunications,broadcasting electronic commerce, and data processing, in the nation’s overall socialand economic development. The State also recognizes the importance of providing anenvironment conducive to the development, acceleration, and rational application andexploitation of information and communications technology (ICT) to attain free, easy, andintelligible access to exchange and/or delivery of information; and the need to protect andsafeguard the integrity of computer, computer and communications systems, networks,
  • 148. 148 ICT Development and Cyber Security Readerand databases, and the confidentiality, integrity, and availability of information and datastored therein, from all forms of misuse, abuse, and illegal access by making punishableunder the law such conduct or conducts. In this light, the State shall adopt sufficientpowers to effectively prevent and combat such offenses by facilitating their detection,investigation, and prosecution at both the domestic and international levels, and byproviding arrangements for fast and reliable international cooperation.SEC. 3. Definition of Terms. — For purposes of this Act, the following terms arehereby defined as follows:(a) Access  refers to the instruction, communication with, storing data in,retrieving data from, or otherwise making use of any resources of a computer systemor communication network.(b) Alteration refers to the modification or change, in form or substance, of anexisting computer data or program.(c) Communication refers to the transmission of information through ICT media,including voice, video and other forms of data.(d) Computer refers to an electronic, magnetic, optical, electrochemical, orother data processing or communications device, or grouping of such devices, capableof performing logical, arithmetic, routing, or storage functions and which includes anystorage facility or equipment or communications facility or equipment directly relatedto or operating in conjunction with such device. It covers any type of computer deviceincluding devices with data processing capabilities like mobile phones, smart phones,computer networks and other devices connected to the internet.(e) Computer data refers to any representation of facts, information, or conceptsin a form suitable for processing in a computer system including a program suitable tocause a computer system to perform a function and includes electronic documents and/or electronic data messages whether stored in local computer systems or online.(f) Computer program refers to a set of instructions executed by the computerto achieve intended results.(g) Computer system refers to any device or group of interconnected or relateddevices, one or more of which, pursuant to a program, performs automated processingof data. It covers any type of device with data processing capabilities including, butnot limited to, computers and mobile phones. The device consisting of hardware andsoftware may include input, output and storage components which may stand aloneor be connected in a network or other similar devices. It also includes computer data
  • 149. 149ICT Development and Cyber Security Readerstorage devices or media.(h) Without right refers to either: (i) conduct undertaken without or in excessof authority; or (ii) conduct not covered by established legal defenses, excuses, courtorders, justifications, or relevant principles under the law.(i) Cyber refers to a computer or a computer network, the electronic medium inwhich online communication takes place.(j) Critical infrastructure refers to the computer systems, and/or networks,whether physical or virtual, and/or the computer programs, computer data and/or trafficdata so vital to this country that the incapacity or destruction of or interference with suchsystem and assets would have a debilitating impact on security, national or economicsecurity, national public health and safety, or any combination of those matters.(k) Cybersecurity refers to the collection of tools, policies, risk managementapproaches, actions, training, best practices, assurance and technologies that can beused to protect the cyber environment and organization and user’s assets.(l) Database refers to a representation of information, knowledge, facts, concepts,or instructions which are being prepared, processed or stored or have been prepared,processed or stored in a formalized manner and which are intended for use in a computersystem.(m) Interception refers to listening to, recording, monitoring or surveillanceof the content of communications, including procuring of the content of data, eitherdirectly, through access and use of a computer system or indirectly, through the use ofelectronic eavesdropping or tapping devices, at the same time that the communicationis occurring.(n) Service provider refers to:(1) Any public or private entity that provides to users of its service the abilityto communicate by means of a computer system; and(2) Any other entity that processes or stores computer data on behalf of suchcommunication service or users of such service.(o) Subscriber’s information refers to any information contained in the formof computer data or any other form that is held by a service provider, relating tosubscribers of its services other than traffic or content data and by which identity canbe established:
  • 150. 150 ICT Development and Cyber Security Reader(1) The type of communication service used, the technical provisions takenthereto and the period of service;(2) The subscriber’s identity, postal or geographic address, telephone and otheraccess numbers, any assigned network address, billing and payment information,available on the basis of the service agreement or arrangement; and(3)Any other available information on the site of the installation of communicationequipment, available on the basis of the service agreement or arrangement.(p) Traffic data or non-content data refers to any computer data other than thecontent of the communication including, but not limited to, the communication’s origin,destination, route, time, date, size, duration, or type of underlying service.CHAPTER IIPUNISHABLE ACTSSEC. 4. Cybercrime Offenses. — The following acts constitute the offense ofcybercrime punishable under this Act:(a) Offenses against the confidentiality, integrity and availability of computerdata and systems:(1) Illegal Access. – The access to the whole or any part of a computer systemwithout right.(2) Illegal Interception. – The interception made by technical means withoutright of any non-public transmission of computer data to, from, or within a computersystem including electromagnetic emissions from a computer system carrying suchcomputer data.(3) Data Interference. — The intentional or reckless alteration, damaging,deletion or deterioration of computer data, electronic document, or electronic datamessage, without right, including the introduction or transmission of viruses.(4) System Interference. — The intentional alteration or reckless hinderingor interference with the functioning of a computer or computer network by inputting,transmitting, damaging, deleting, deteriorating, altering or suppressing computer dataor program, electronic document, or electronic data message, without right or authority,including the introduction or transmission of viruses.
  • 151. 151ICT Development and Cyber Security Reader(5) Misuse of Devices.(i) The use, production, sale, procurement, importation, distribution, or otherwisemaking available, without right, of:(aa) A device, including a computer program, designed or adapted primarily forthe purpose of committing any of the offenses under this Act; or(bb) A computer password, access code, or similar data by which the whole orany part of a computer system is capable of being accessed with intent that it be usedfor the purpose of committing any of the offenses under this Act.(ii) The possession of an item referred to in paragraphs 5(i)(aa) or (bb) abovewith intent to use said devices for the purpose of committing any of the offenses underthis section.(6) Cyber-squatting. – The acquisition of a domain name over the internet inbad faith to profit, mislead, destroy reputation, and deprive others from registering thesame, if such a domain name is:(i) Similar, identical, or confusingly similar to an existing trademarkregistered with the appropriate government agency at the time of the domain nameregistration:(ii) Identical or in any way similar with the name of a person other than theregistrant, in case of a personal name; and(iii) Acquired without right or with intellectual property interests in it.(b) Computer-related Offenses:(1) Computer-related Forgery. —(i) The input, alteration, or deletion of any computer data without right resultingin inauthentic data with the intent that it be considered or acted upon for legal purposesas if it were authentic, regardless whether or not the data is directly readable andintelligible; or(ii) The act of knowingly using computer data which is the product of computer-related forgery as defined herein, for the purpose of perpetuating a fraudulent ordishonest design.(2) Computer-related Fraud. — The unauthorized input, alteration, or deletionof computer data or program or interference in the functioning of a computer system,
  • 152. 152 ICT Development and Cyber Security Readercausing damage thereby with fraudulent intent: Provided, That if no damage has yetbeen caused, the penalty imposable shall be one (1) degree lower. (3) Computer-related Identity Theft. – The intentional acquisition, use, misuse,transfer, possession, alteration or deletion of identifying information belonging toanother, whether natural or juridical, without right: Provided, That if no damage hasyet been caused, the penalty imposable shall be one (1) degree lower. (c) Content-related Offenses: (1) Cybersex. — The willful engagement, maintenance, control, or operation,directly or indirectly, of any lascivious exhibition of sexual organs or sexual activity,with the aid of a computer system, for favor or consideration. (2) Child Pornography. — The unlawful or prohibited acts defined and punishableby RepublicAct No. 9775 or theAnti-Child PornographyAct of 2009, committed througha computer system: Provided, That the penalty to be imposed shall be (1) one degreehigher than that provided for in Republic Act No. 9775. (3) Unsolicited Commercial Communications. — The transmission of commercialelectronic communication with the use of computer system which seek to advertise, sell,or offer for sale products and services are prohibited unless:(i) There is prior affirmativeconsent from the recipient; or(ii) The primary intent of the communication is for service and/oradministrative announcements from the sender to its existing users, subscribers orcustomers; or(iii) The following conditions are present:(aa) The commercial electronic communication contains asimple, valid, and reliable way for the recipient to reject. receiptof further commercial electronic messages (opt-out) from the same source;( b b ) T h e c o m m e r c i a l e l e c t r o n i c c o m m u n i c a t i o n d o e s n o tp u r p o s e l y d i s g u i s e t h e s o u r c e o f t h e e l e c t r o n i c m e s s a g e ; a n d(cc)Thecommercialelectroniccommunicationdoesnotpurposelyincludemisleadinginformationinanypartofthemessageinordertoinducetherecipientstoreadthemessage.(4) Libel. — The unlawful or prohibited acts of libel as defined in Article 355of the Revised Penal Code, as amended, committed through a computer system or anyother similar means which may be devised in the future.SEC. 5. Other Offenses. — The following acts shall also constitute an offense:(a) Aiding or Abetting in the Commission of Cybercrime. – Any person whowillfully abets or aids in the commission of any of the offenses enumerated in this Actshall be held liable.
  • 153. 153ICT Development and Cyber Security Reader(b) Attempt in the Commission of Cybercrime. — Any person who willfullyattempts to commit any of the offenses enumerated in this Act shall be held liable.SEC. 6. All crimes defined and penalized by the Revised Penal Code, asamended, and special laws, if committed by, through and with the use of informationand communications technologies shall be covered by the relevant provisions of thisAct: Provided, That the penalty to be imposed shall be one (1) degree higher than thatprovided for by the Revised Penal Code, as amended, and special laws, as the case maybe.SEC. 7. Liability under Other Laws. — A prosecution under this Act shall bewithout prejudice to any liability for violation of any provision of the Revised PenalCode, as amended, or special laws.CHAPTER IIIPENALTIESSEC. 8. Penalties. — Any person found guilty of any of the punishable actsenumerated in Sections 4(a) and 4(b) of this Act shall be punished with imprisonmentof prision mayor or a fine of at least Two hundred thousand pesos (PhP200,000.00) upto a maximum amount commensurate to the damage incurred or both.Any person found guilty of the punishable act under Section 4(a)(5) shall bepunished with imprisonment of prision mayor or a fine of not more than Five hundredthousand pesos (PhP500,000.00) or both.If punishable acts in Section 4(a) are committed against critical infrastructure,the penalty of reclusion temporal or a fine of at least Five hundred thousand pesos(PhP500,000.00) up to maximum amount commensurate to the damage incurred orboth, shall be imposed.Any person found guilty of any of the punishable acts enumerated in Section4(c)(1) of this Act shall be punished with imprisonment of prision mayor or a fine ofat least Two hundred thousand pesos (PhP200,000.00) but not exceeding One millionpesos (PhP1,000,000.00) or both.Any person found guilty of any of the punishable acts enumerated in Section4(c)(2) of this Act shall be punished with the penalties as enumerated in Republic ActNo. 9775 or the “Anti-Child Pornography Act of 20093 : Provided, That the penalty tobe imposed shall be one (1) degree higher than that provided for in Republic Act No.
  • 154. 154 ICT Development and Cyber Security Reader9775, if committed through a computer system.Any person found guilty of any of the punishable acts enumerated in Section4(c)(3) shall be punished with imprisonment of arresto mayor or a fine of at least Fiftythousand pesos (PhP50,000.00) but not exceeding Two hundred fifty thousand pesos(PhP250,000.00) or both.Any person found guilty of any of the punishable acts enumerated in Section 5shall be punished with imprisonment one (1) degree lower than that of the prescribedpenalty for the offense or a fine of at least One hundred thousand pesos (PhP100,000.00)but not exceeding Five hundred thousand pesos (PhP500,000.00) or both.SEC. 9. Corporate Liability. — When any of the punishable acts herein definedare knowingly committed on behalf of or for the benefit of a juridical person, by a naturalperson acting either individually or as part of an organ of the juridical person, who hasa leading position within, based on: (a) a power of representation of the juridical personprovided the act committed falls within the scope of such authority; (b) an authorityto take decisions on behalf of the juridical person: Provided, That the act committedfalls within the scope of such authority; or (c) an authority to exercise control withinthe juridical person, the juridical person shall be held liable for a fine equivalent to atleast double the fines imposable in Section 7 up to a maximum of Ten million pesos(PhP10,000,000.00).If the commission of any of the punishable acts herein defined was made possibledue to the lack of supervision or control by a natural person referred to and describedin the preceding paragraph, for the benefit of that juridical person by a natural personacting under its authority, the juridical person shall be held liable for a fine equivalentto at least double the fines imposable in Section 7 up to a maximum of Five millionpesos (PhP5,000,000.00).The liability imposed on the juridical person shall be without prejudice to thecriminal liability of the natural person who has committed the offense.CHAPTER IVENFORCEMENT AND IMPLEMENTATIONSEC. 10. Law EnforcementAuthorities. — The National Bureau of Investigation(NBI) and the Philippine National Police (PNP) shall be responsible for the efficientand effective law enforcement of the provisions of this Act. The NBI and the PNP shallorganize a cybercrime unit or center manned by special investigators to exclusively
  • 155. 155ICT Development and Cyber Security Readerhandle cases involving violations of this Act.SEC. 11. Duties of Law EnforcementAuthorities. — To ensure that the technicalnature of cybercrime and its prevention is given focus and considering the proceduresinvolved for international cooperation, law enforcement authorities specifically thecomputer or technology crime divisions or units responsible for the investigation ofcybercrimes are required to submit timely and regular reports including pre-operation,post-operation and investigation results and such other documents as may be requiredto the Department of Justice (DOJ) for review and monitoring.SEC. 12. Real-Time Collection of Traffic Data. — Law enforcement authorities,with due cause, shall be authorized to collect or record by technical or electronic meanstraffic data in real-time associated with specified communications transmitted by meansof a computer system.Traffic data refer only to the communication’s origin, destination, route, time,date, size, duration, or type of underlying service, but not content, nor identities.All other data to be collected or seized or disclosed will require a courtwarrant.Service providers are required to cooperate and assist law enforcementauthorities in the collection or recording of the above-stated information.The court warrant required under this section shall only be issued or grantedupon written application and the examination under oath or affirmation of the applicantand the witnesses he may produce and the showing: (1) that there are reasonable groundsto believe that any of the crimes enumerated hereinabove has been committed, or isbeing committed, or is about to be committed: (2) that there are reasonable grounds tobelieve that evidence that will be obtained is essential to the conviction of any personfor, or to the solution of, or to the prevention of, any such crimes; and (3) that there areno other means readily available for obtaining such evidence.SEC. 13. Preservation of Computer Data. — The integrity of traffic data andsubscriber information relating to communication services provided by a serviceprovider shall be preserved for a minimum period of six (6) months from the date of thetransaction. Content data shall be similarly preserved for six (6) months from the dateof receipt of the order from law enforcement authorities requiring its preservation.Law enforcement authorities may order a one-time extension for another six (6)months: Provided, That once computer data preserved, transmitted or stored by a serviceprovider is used as evidence in a case, the mere furnishing to such service provider of
  • 156. 156 ICT Development and Cyber Security Readerthe transmittal document to the Office of the Prosecutor shall be deemed a notificationto preserve the computer data until the termination of the case.The service provider ordered to preserve computer data shall keep confidentialthe order and its compliance.SEC. 14. Disclosure of Computer Data. — Law enforcement authorities, uponsecuring a court warrant, shall issue an order requiring any person or service providerto disclose or submit subscriber’s information, traffic data or relevant data in his/itspossession or control within seventy-two (72) hours from receipt of the order in relationto a valid complaint officially docketed and assigned for investigation and the disclosureis necessary and relevant for the purpose of investigation.SEC. 15. Search, Seizure and Examination of Computer Data. — Where a searchand seizure warrant is properly issued, the law enforcement authorities shall likewisehave the following powers and duties. Within the time period specified in the warrant,to conduct interception, as defined in this Act, and:(a) To secure a computer system or a computer data storage medium;(b) To make and retain a copy of those computer data secured;(c) To maintain the integrity of the relevant stored computer data;(d) To conduct forensic analysis or examination of the computer data storagemedium; and(e) To render inaccessible or remove those computer data in the accessedcomputer or computer and communications network.Pursuant thereof, the law enforcement authorities may order any person whohas knowledge about the functioning of the computer system and the measures to protectand preserve the computer data therein to provide, as is reasonable, the necessaryinformation, to enable the undertaking of the search, seizure and examination.Law enforcement authorities may request for an extension of time to completethe examination of the computer data storage medium and to make a return thereon butin no case for a period longer than thirty (30) days from date of approval by the court.SEC. 16. Custody of Computer Data. — All computer data, including contentand traffic data, examined under a proper warrant shall, within forty-eight (48) hoursafter the expiration of the period fixed therein, be deposited with the court in a sealedpackage, and shall be accompanied by an affidavit of the law enforcement authority
  • 157. 157ICT Development and Cyber Security Readerexecuting it stating the dates and times covered by the examination, and the lawenforcement authority who may access the deposit, among other relevant data. Thelaw enforcement authority shall also certify that no duplicates or copies of the wholeor any part thereof have been made, or if made, that all such duplicates or copies areincluded in the package deposited with the court. The package so deposited shall notbe opened, or the recordings replayed, or used in evidence, or then contents revealed,except upon order of the court, which shall not be granted except upon motion, withdue notice and opportunity to be heard to the person or persons whose conversation orcommunications have been recorded.SEC. 17. Destruction of Computer Data. — Upon expiration of the periods asprovided in Sections 13 and 15, service providers and law enforcement authorities, asthe case may be, shall immediately and completely destroy the computer data subjectof a preservation and examination.SEC. 18. Exclusionary Rule. — Any evidence procured without a valid warrantor beyond the authority of the same shall be inadmissible for any proceeding beforeany court or tribunal.SEC. 19. Restricting or Blocking Access to Computer Data. — When a computerdata is prima facie found to be in violation of the provisions of this Act, the DOJ shallissue an order to restrict or block access to such computer data.SEC. 20. Noncompliance. — Failure to comply with the provisions of Chapter IVhereof specifically the orders from law enforcement authorities shall be punished as aviolation of Presidential Decree No. 1829 with imprisonment of prision correctional in itsmaximum period or a fine of One hundred thousand pesos (Php100,000.00) or both, foreach and every noncompliance with an order issued by law enforcement authorities.CHAPTER VJURISDICTIONSEC. 21. Jurisdiction. — The Regional Trial Court shall have jurisdiction overany violation of the provisions of this Act. including any violation committed by aFilipino national regardless of the place of commission. Jurisdiction shall lie if any ofthe elements was committed within the Philippines or committed with the use of anycomputer system wholly or partly situated in the country, or when by such commissionany damage is caused to a natural or juridical person who, at the time the offense wascommitted, was in the Philippines.
  • 158. 158 ICT Development and Cyber Security ReaderThere shall be designated special cybercrime courts manned by specially trainedjudges to handle cybercrime cases.CHAPTER VIINTERNATIONAL COOPERATIONSEC. 22.  General Principles Relating to International Cooperation  — Allrelevant international instruments on international cooperation in criminal matters,arrangements agreed on the basis of uniform or reciprocal legislation, and domestic laws,to the widest extent possible for the purposes of investigations or proceedings concerningcriminal offenses related to computer systems and data, or for the collection of evidencein electronic form of a criminal, offense shall be given full force and effect.CHAPTER VIICOMPETENT AUTHORITIESSEC 23. Department of Justice (DOJ). — There is hereby created an Office ofCybercrime within the DOJ designated as the central authority in all matters relatedto international mutual assistance and extradition.SEC. 24. Cybercrime Investigation and Coordinating Center. — There is herebycreated, within thirty (30) days from the effectivity of this Act, an inter-agency bodyto be known as the Cybercrime Investigation and Coordinating Center (CICC), underthe administrative supervision of the Office of the President, for policy coordinationamong concerned agencies and for the formulation and enforcement of the nationalcybersecurity plan.SEC. 25. Composition. — The CICC shall be headed by the Executive Directorof the Information and Communications Technology Office under the Department ofScience and Technology (ICTO-DOST) as Chairperson with the Director of the NBI asVice Chairperson; the Chief of the PNP; Head of the DOJ Office of Cybercrime; and one(1) representative from the private sector and academe, as members. The CICC shallbe manned by a secretariat of selected existing personnel and representatives from the
  • 159. 159ICT Development and Cyber Security Readerdifferent participating agencies.SEC. 26. Powers and Functions. — The CICC shall have the following powersand functions:(a) To formulate a national cybersecurity plan and extend immediate assistancefor the suppression of real-time commission of cybercrime offenses through a computeremergency response team (CERT);(b) To coordinate the preparation of appropriate and effective measures to preventand suppress cybercrime activities as provided for in this Act;(c) To monitor cybercrime cases being bandied by participating law enforcementand prosecution agencies;(d) To facilitate international cooperation on intelligence, investigations, trainingand capacity building related to cybercrime prevention, suppression and prosecution;(e) To coordinate the support and participation of the business sector, localgovernment units and nongovernment organizations in cybercrime prevention programsand other related projects;(f) To recommend the enactment of appropriate laws, issuances, measures andpolicies;(g)Tocalluponanygovernmentagencytorenderassistanceintheaccomplishmentof the CICC’s mandated tasks and functions; and(h) To perform all other matters related to cybercrime prevention and suppression,including capacity building and such other functions and duties as may be necessaryfor the proper implementation of this Act.CHAPTER VIIIFINAL PROVISIONSSEC. 27. Appropriations. — The amount of Fifty million pesos (PhP50,000,000.00)shall be appropriated annually for the implementation of this Act.SEC. 28. Implementing Rules and Regulations. — The ICTO-DOST, the DOJ andthe Department of the Interior and Local Government (DILG) shall jointly formulatethe necessary rules and regulations within ninety (90) days from approval of this Act,for its effective implementation.
  • 160. 160 ICT Development and Cyber Security ReaderSEC. 29. Separability Clause — If any provision of this Act is held invalid, theother provisions not affected shall remain in full force and effect.SEC. 30. Repealing Clause. — All laws, decrees or rules inconsistent with thisAct are hereby repealed or modified accordingly. Section 33(a) of Republic Act No. 8792or the “Electronic Commerce Act” is hereby modified accordingly.SEC. 31. Effectivity. — This Act shall take effect fifteen (15) days after thecompletion of its publication in the Official Gazette or in at least two (2) newspapersof general circulation.Approved,(Sgd.) FELICIANO BELMONTE JR.Speaker of the House of Representatives(Sgd.) JUAN PONCE ENRILEPresident of the SenateThis Act which is a consolidation of Senate Bill No. 2796 and House Bill No. 5808 wasfinally passed by the Senate and the House of Representatives on June 5, 2012 andJune 4, 2012, respectively.(Sgd.) MARILYN B. BARUA-YAPSecretary General, House of Representatives(Sgd.) EMMA LIRIO-REYESSecretary of the SenateApproved: SEP 12 2012(Sgd.) BENIGNO S. AQUINO IIIPresident of the Philippines
  • 161. 161ICT Development and Cyber Security ReaderTypes of Cybercrime• Hacking• Denial of Service Attack• Virus Dissemination• Software Piracy• Pornography• IRC Crime• Credit Card Fraud• Phishing• Spoofing• Cyber Stalking• Cyber Defamation• Threatening• Salami Attack• Net ExtortionHACKINGThe act of gaining unauthorized access to a computer system or network and in somecases making unauthorized use of this access. Hacking is also the act by which otherforms of cyber-crime (e.g., fraud, terrorism, etc.) are committed. Hacking in simpleterms means illegal intrusion into a computer system without the permission of thecomputer owner/user.DENIAL OF SERVICE ATTACKThis is an act by the criminal, who floods the band width of the victim’s network orfills his e-mail box with spam mail depriving him of the services he is entitled to accessor provide.VIRUS DISSEMINATIONMalicious software that attaches iitself to other software. (virus, worms, Trojan Horse,Time bomb,Logic Bomb, Rabbit and Bacterium are the malicious soft wares)SOFTWARE PIRACYTheft of software through the illegal copying of genuine programs or the counterfeit-ing and distribution of products intended to pass for the original. Retail revenue lossesworld wide are ever increasing due to this crime. Can be done in various ways suchas end user copying, hard disk loading, Counterfeiting, Illegal downloads from theiinternet etc.PORNOGRAPHYPornography is the first consistently successful ecommerce product. It was a deceptivemarketing tactics and mouse trapping technologies. Pronography encourage custom-ers to access their websites. Anybody including children can log on to the internet andaccess website with pronography contents with a click of a mouse.IRC CRIMEInternet Relay Chat (IRC) servers have chat rooms in which people from anywherethe world can come together and chat with each other Criminals use it for meetingcoconspirators. Hackers use it for discussing their exploits / sharing the techniques.Paedophiles use chat rooms to allure small children.
  • 162. 162 ICT Development and Cyber Security ReaderCREDIT CARD FRAUDYou siimply have to type credit card number into www page off the vendor for onlinetransaction If electronic transactions are not secured the credit card numbers can be sto-len by the hackers who can misuse this card by impersonating the credit card owner.NET EXTORTIONCopying the company’s confidential data in order to extort said company for hugeamount.PHISHINGIt is technique of pulling out confidential information from the bank/financial institu-tional account holders by deceptive means.SPOOFINGGetting one computer on a network to pretend to have the identity of another com-puter, usually one with special access privileges ,, so as to obtain access to the othercomputers on the network.CYBER STALKINGThe Criminal follows the victim by sending emails, entering the chat rooms frequent-ly.CYBER DEFAMATIONThe Criminal sends emails containing defamatory matters to all concerned of the victimor post the defamatory matters on a website. (disgruntled employee may do this againstboss, ex-boys friend against girl, divorced husband against wife etc)THREATENINGThe criminal sends threatening email or comes in contact in chat rooms with victim.(Any one disgruntled may do this against boss, friend or official)SALAMI ATTACKIn such crime criminal makes insignificant changes in such a manner that such changeswould go unnoticed. Criminal makes such program that deducts small amount like 2.50per month from the account of all the customer of the Bank and deposit the same in hisaccount. In this case no account holder will approach the bank for such small amountbut criminal gains huge amount.________________________Source:
  • 163. 163ICT Development and Cyber Security ReaderCybercrimeCybercrime is one of the fastest growing areas of crime. More and morecriminals are exploiting the speed, convenience and anonymity that moderntechnologies offer in order to commit a diverse range of criminal activities. Theseinclude attacks against computer data and systems, identity theft, the distributionof child sexual abuse images, internet auction fraud, the penetration of online fi-nancial services, as well as the deployment of viruses, Botnets, and various emailscams such as phishing.The global nature of the Internet has allowed criminals to commit almostany illegal activity anywhere in the world, making it essential for all countries toadapt their domestic offline controls to cover crimes carried out in cyberspace. Theuse of the Internet by terrorists, particularly for recruitment and the incitement ofradicalization, poses a serious threat to national and international security.In addition, the threat of terrorism forces authorities to address securityvulnerabilities related to information technology infrastructure such as powerplants, electrical grids, information systems and the computer systems of govern-ment and major companies.The changing nature of cybercrimeIn the past, cybercrime has been committed by individuals or small groupsof individuals. However, we are now seeing an emerging trend with traditionalorganized crime syndicates and criminally minded technology professionals work-ing together and pooling their resources and expertise.This approach has been very effective for the criminals involved. In 2007and 2008 the cost of cybercrime worldwide was estimated at approximately USD8 billion. As for corporate cyber espionage, cyber criminals have stolen intellectualproperty from businesses worldwide worth up to USD 1 trillion.INTERPOL’s roleINTERPOL’s cybercrime programme is built around training and operationsand works to keep up with emerging threats. It aims to:- Promote the exchange of information among member countries throughregional working parties and conferences;- Deliver training courses to build and maintain professional standards;- Coordinate and assist international operations;
  • 164. 164 ICT Development and Cyber Security Reader- Establish a global list of contact officers available around the clock for cy-bercrime investigations (the list contained 131 contacts at the end of 2011);- Assist member countries in the event of cyber-attacks or cybercrime inves-tigations through investigative and database services;- Develop strategic partnerships with other international organizations andprivate sector bodies;- Identify emerging threats and share this intelligence with member coun-tries;- Provide a secure web portal for accessing operational information and docu-ments.Source:
  • 165. 165ICT Development and Cyber Security ReaderMNSA Thesis Abstracts
  • 166. 166 ICT Development and Cyber Security ReaderMNSA Thesis (Abridged)Cybersecurity Capability of theArmed Forces of the Philippinesin the Midst of Computer ThreatsCol Arturo A Larin PN(M), MNSARegular Class 46AbstractThe research problem of this study is to assess the AFP personnel capability developmentprogram for cybersecurity. The researcher first review applicable laws, military doctrines, standardoperating procedures and letter directives to understand AFP guidelines/policies on cybersecurity.Then, data on IT related training courses and seminars conducted by CEISS units and attended byAFP personnel were gathered and collated. The courses/training were then tabulated as to basic,standard and advance skill ratings as per ISO 27001 standards. These personnel capability in termsof skills/training was then compared to ISO 27001 standards. A proposed AFP unit which is ISO27001 compliant is then staffed with the AFP personnel who had undergone IT training to know ifthe AFP has enough personnel to man it. Subject Matter Experts’ interviews were also taken to gettheir opinion on what are still to be done by the AFP to achieve cyber security.The result of the study are: a) The Philippines lack laws to fight cyber crimes and it needsto formulate its own doctrine on cybersecurity operations; b) The AFP CEISS training program inrelation to cybersecurity preparedness are mostly basic training/seminars, c) The AFP personnelcybersecurity preparedness capability failed the ISO 27001 standards test due to lack of qualifiedpersonnel with advance training, d) If an AFP unit for cybersecurity will be created and mannedin accordance with ISO 27001 in terms of skill a few positions requiring advance training will beleft vacant and e) The Subject Matter Experts’ opinion validated the documents research and theresults of the survey.Introduction The fast development in technology that lowered the cost of computers and theavailability of the Internet spurred the widespread use of computers both in governmentand private sectors. Computers and wireless electronics devices that can connect to theWorld Wide Web are today routinely used in homes, schools, financial services, energy,communications, manufacturing, health care, transportation, emergency services andmilitary establishments. The Internet made communication and exchange of information very fast and easy.With different countries connected by a single worldwide network, companies can holdteleconferencing with their personnel in their branches in other countries as if they are allinside one conference room. People can withdraw money without going to their banks byusing the Automated Teller Machines (ATMs) and their ATM cards. Sending money even toother countries are easier and faster, in fact, banks transact millions through Internet. Buyinggoods are also a lot easier by using credit cards or through e-commerce at Internet.
  • 167. 167ICT Development and Cyber Security Reader The widespread use of computers also caused the proliferation of educationalinstitutions that train the personnel required to man or operate the systems mentionedabove. With more men trained in information technology come more experts whose expertisecan be channeled into wrong or criminal acts given the incentive of financial gain or otherpersonal motive – both good and bad. The use of computers with links to Internet makes it vulnerable to penetration bypersons, groups or organizations, criminals and terrorists and even nation-states. Hackersand crackers who penetrate networks and deface websites abound with some stealing dataand corrupting the contents. Terrorists can use cyberspace to conduct cyber terrorism andasymmetrical war against governments. Spying is made much easier using the cyberspacewith the victim unaware of it occurring. With gigabytes of information transferred persecond within a flick of a finger. It is estimated that losses per year in cybercrimes amountto billions of dollars.Incidents of Cyber AttacksInternational One of the most recent cases involving computer security is the WikiLeaks case.WikiLeaks is an international new media non-profit organization that publishes submissionsof otherwise unavailable documents from anonymous news sources and leaks. Within ayear of its launch, the site claimed a database that had grown to more than 1.2 milliondocuments. WikiLeaks has won a number of awards, including the 2008 Economist magazineNew Media Award. In June 2009, WikiLeaks and Julian Assange wonAmnesty International’sUK Media Award (in the category “New Media”) for the 2008 publication of “Kenya: TheCry of Blood – Extra Judicial Killings and Disappearances”, a report by the Kenya NationalCommission on Human Rights about police killings in Kenya. In April 2010, WikiLeaksposted video from a 2007 incident in which Iraqi civilians and journalists were killed byU.S. forces, on a website called Collateral Murder. In July of the same year, WikiLeaksreleased Afghan War Diary, a compilation of more than 76,900 documents about the Warin Afghanistan not previously available for public review. In October, the group released apackage of almost 400,000 documents called the Iraq War Logs in coordination with majorcommercial media organisations. In November 2010, WikiLeaks began releasing U.S. Statedepartment diplomatic cables. The site is available on multiple online servers and differentdomain names following a number of denial-of-service attacks and its severance fromdifferent Domain Name System (DNS) providers (Wikipedia 2010). Stuxnet is a Windows-specific computer worm first discovered in July 2010 byVirusBlokAda, a security firm based in Belarus. It is the first discovered worm that spieson and reprograms industrial systems, the first to include a programmable logic controller(PLC) rootkit, and the first to target critical industrial infrastructure. It was specificallywritten to attack Supervisory Control And Data Acquisition (SCADA) systems used tocontrol and monitor industrial processes. Stuxnet includes the capability to reprogram thePLCs and hide its changes. The worm’s probable target is said to have been high value infrastructures in Iranusing Siemens control systems. According to news reports the infestation by this worm
  • 168. 168 ICT Development and Cyber Security Readermight have damaged Iran’s nuclear facilities in Natanz and eventually delayed the start upof Iran’s Bushehr Nuclear Power Plant. Although Siemens has stated that the worm has notcaused any damage, on November 29, Iran confirmed that its nuclear program had indeedbeen damaged by Stuxnet. Russian digital security company Kaspersky Labs released a statement thatdescribed Stuxnet as “a working and fearsome prototype of a cyber-weapon that will leadto the creation of a new arms race in the world.” Kevin Hogan, Senior Director of SecurityResponse at Symantec, noted that 60% of the infected computers worldwide were in Iran,suggesting its industrial plants were the target. Kaspersky Labs concluded that the attackscould only have been conducted “with nation-state support”, making Iran the first targetof real cyberwarfare (Saade 2010). On April 1, 2001, an American EP 3-E Aries II reconnaissance plane collided witha Chinese F-8 fighter about 70 miles off the coast of China. The American plane emergencylanded at Chinese airfield in Hainan Island while the Chinese jet and its pilot were lost at sea.Tech-savvy Americans angry over the detention of the EP-3 crew, expressed their outrageby defacing or vandalizing at least sixty-five Chinese websites. In response, a group callingitself Hackers Union of China, declared war on their American counterparts and took creditfor shutting down or altering multiple government websites. The hackers ended their warafter claiming to have hacked a thousand American websites (Creekman 2003).Most prolific worms are suspected of being created in response to political events.If maximum destruction is a hostile adversary’s goal, worms are a cost effective way todisrupt information infrastructures.Cyber attacks cause financial losses, theft of proprietary information, vandalism,and loss of services, consumer confidence, and reputation. An appropriate response isto increase research and development investment on information assurance as well asengineering practices and protocols that limit damage from distributed attacks. Internationalcooperation and collaboration is critical.On February 2000, some of the Internet’s most reliable sites were rendered nearlyunreachable by DDoS attacks. Yahoo took the first hit on February 7, 2000. In the next fewdays,, eBay, CNN,,, E*Trade, and Excite were takendown by DDoS attacks. Though damage estimates vary widely, the FBI estimates that thecompanies suffered $1.7 billion in lost business and other damages. These intrusions areof great concern to businesses and government. The theft of money, credit card numbers,proprietary information, or sensitive government information can have devastatingconsequences.In 2001, a series of actions originating in Russia, collectively known as MoonlightMaze, intruded into US government systems over a period of several years. The first attackswere detected in March 1998 and hundreds of unclassified networks in the Pentagon,Department of Energy, National Aeronautic and Space Administration (NASA) and otherdefense contractors were compromised. Cyber attackers can employ sophisticated attacktools and techniques to disrupt or compromise critical infrastructure systems in responseto a US and allied military strike during the war on terrorism (Cortes 2004).
  • 169. 169ICT Development and Cyber Security Reader In 1998, in order for US and NATO to bomb Serbian targets successfully in Kosovo,the USA needed to hack into the Serbian air defense system and trick the Serbian Air TrafficControllers. The US accomplished its goal so well that there was concern about continuingor escalating the attacks because the US didn’t want to hack into any further Serbian targetsbecause of fear of damaging civilian targets. In 2007, the United States government suffered an “an espionage Pearl Harbor” inwhich an “unknown foreign power broke into all of the high tech agencies, all of the militaryagencies, and downloaded terabytes of information. On May 17, 2007 Estonia came under cyber attack. The Estonian parliament, banks,ministries, and media were targeted. The attackers went after their financial systems. On March 28, 2009, a cyber spy network, dubbed GhostNet, using servers mainlybased in China has tapped into high-value political, economic classified documents fromgovernment and private organizations in 103 countries, computer systems belonging toembassies, foreign ministries and other government offices, including the computers ofTibetan exiles were compromised, but China denies the allegations.In July 2009, there were a series of coordinated cyber attacks against major government,news media, and financial websites in South Korea and the United States. In December 2009, a cyber attack, dubbed Operation Aurora, was launched fromChina against Google and over 20 other companies.DomesticIn his study, Andolong (2009) stated that the Armed Forces of the Philippineshad experienced cyber attacks several times in the past. The Philippine Army website washacked and defaced in 2001 to embarrass the Army. Sometime in 2002, the computer of theIntelligence Division of the Philippine Marine Corps was penetrated and data was stolen.Again in 2009, certain computers at the Headquarters Philippine Navy were also attackedand data stolen and corrupted. Due to high level of secrecy in these cases, the type andnature of data stolen were not made public. All in all, the PN website was hacked seventimes. Then in May 18, 2009, the Philippine Air Force website was hacked and defaced.Last December 07, 2010, the official website of Philippine Army’s 4th InfantryDivision in Mindanao was hacked. The 4th Infantry Division website is one of nine that canbe found at the official website of the Philippine Army at computer virus dubbed the “Love Bug” forced email servers to shut down inEurope and the US. The new virus originates in an email entitled “I love you.” Once theattachment is launched, the virus sends copies of the same email to everybody listed in theuser’s address book. Anti-virus firm Symantec released an update to its software to combatthe virus, but warned computer users not to open any “I love you” messages. The emailsaid the company had reports from over 20 countries. The “Love Bug” epidemic exceededother viruses in both speed and destructiveness. The virus originated in the Philippines andhas been nicknamed the “Killer from Manila”. The culprit, Onel de Guzman, was foundbut could not be prosecuted because the Philippines did not have laws against cyber crime.This incident prompted the Philippines to change its laws (Cortes 2004).In a September 2010 NICA reported the following:
  • 170. 170 ICT Development and Cyber Security Reader1. From 2004 to 2006, the Philippine government website wasdefaced at least 4 times and National Transmission Corporation (TransCo) was penetratedusing a rootkit. On March 2009 the Department of Foreign Affairs was attacked and hackedby China-based cyber spy network called Ghostnet.2. And in the following years, more government websites were defaced. Therecent attacks victimized the following government agencies: Department of Health (DOH),Technical Education and Skills Development Authority (TESDA), Philippine RegulatoryCommission (PRC), etc.The NICA report further said that basing on the list of hacked domains, except forsome local talents, the attackers came from different countries (SYRIAN-HACKER, PersianBoys Hacking Team, 1923 Turk, etc). This only means one thing; that the international hackershave already been very interested in probing our cyberspace and testing our cybersecuritycapability. We may feel confident that these attacks were purely web defacement and didnot harm any of our critical infrastructures, however bear in mind that these attacks arereported attacks, but what about those that are more sophisticated attacks? If the attackerdidn’t want to be known, if the attacker would want to stay invisible so he can access thesystem anytime he wants in the future? What if our critical infrastructures are alreadycompromised, and a backdoor has already been planted or an electronic time bomb hasalready been installed and can easily be activated anytime by the attacker when an all-outcyberwar erupts?Military establishments also use computers for their command and control, weaponsystems and a variety of other uses. Military aircraft, ships, satellites, tanks and missilesuse computers. These make military websites and or networks natural targets for hackers,terrorists and intelligence services of other nations to penetrate and steal data.The Armed Forces of the Philippines (AFP) even if considered not highlytechnologically advance is not spared from this threat. With the Philippines facing twoinsurgencies - the Communists and the Southern Philippines Secessionists Groups (SPSGs),and its alliance with the much-targeted United States of America (USA), the threat of cyberattack or cyberterrorism against the AFP is not remote.With so much at stake, network security pose complex problems that reach intonew areas for national security and public policy. It is in this context that the AFP must beprepared to prevent these cyber attacks and ensure the development of adequate capabilityfor its information security.Statement of the ProblemThe purpose of this study is to determine the current capability of the AFP againstcyber attacks and to recommend such measures as may be necessary to cope with the threatof cyberwarfare. So far, the AFP personnel capability development for cybersecurity hasnot yet been determined.ObjectivesGeneral Objective: To assess the capability of the AFP to defend against cyber attacks
  • 171. 171ICT Development and Cyber Security Readerby looking at its personnel development/training program for cyber warfare.Specific objectives:1. To determine the existing laws, military doctrines, and other AFP policies relatedto cyber security.2. To determine the existing Communications, Electronics and Information SystemsService Armed Forces of the Philippines (CEISSAFP) training program in relationto cyber security preparedness.3. To determine the AFP personnel cybersecurity preparedness capability versus ISO27001 standards.4. To propose an AFP unit for cybersecurity in accordance with ISO 27001 in terms ofskill manning which is the current best practice in the private sector.5. To determine from the Subject Matter Experts’ perspective what are the things thatstill need to be done by the AFP to achieve cyber security preparedness.Significance of the StudyThe significance of the study will be:1. By assessing the skills, training and capabilities of personnel vis a vis theirduration in the CEIS units, profiling can be done. Gaps in the required skillscan be addressed by training which can be included in planning.2. Likewise, right skill/knowledge- mix in every unit will be identified.3. Recruitment or return to unit (RTU) of personnel to their mother unit/majorservices by GHQ AFP will be based on the skills; likewise, retention of personnelin the major services will also be based on the required skills.4. The study will enhance personnel management. The importance ofcorrectplanning for training and for rotation/retention of personnel in GHQ/major services will be highlighted.5. The study intends to enhance AFP existing plans and projects for cyberterrorismpreparedness by submitting the result of the study to the Department of NationalDefense for possible policy making. Scope and LimitationsThe study focused on personnel in GHQ AFP and CEIS units specifically assignedas computer encoders or as computer maintenance because the information in these unitsare highly classified compared to subordinate units and requiring higher security clearance.Their skills and knowledge were assessed using the ISO 27001 as the standard and theirskills on their entry level determined.
  • 172. 172 ICT Development and Cyber Security ReaderThe study focused on the skills/training of the organic personnel of CEISSAFP(GHQ), Army Signal Regiment (PA), NCEISC (PN) and 950th CEISS (PAF), the AFP unitsinvolved in cyber security and AFP personnel who took Information Technology (IT) relatedcourses/training conducted by these units in the last three (3) years (2008-2011). Due to security and sensitivity of the some of the data and necessity of experts view,data collection will be done through survey and interviews and secondary data from officesand units of the AFP involved in Information Technology security and also from private ITpractitioners.Data analysis will be done using percentages and proportions of personnel withskills and knowledge based on the types of training/courses undertaken. Likewise, samewas applied to proportion of personnel by unit assignment in relation to their training andskills on cyber security preparedness.Summary, Conclusions and RecommendationsSummary The study focused on the AFP CEISS personnel capability for cybersecuritypreparedness. The study started by reviewing RA 8792 also known as the E – Commerce Act,which is the only law enacted by the Congress of the Philippines related to cybersecurity. Itis always important to have legal mandate for every AFP actions. The study also looked intothe AFP regulations, SOPs and letter directives to see if the AFP is giving proper guidanceto its personnel pertaining to cybersecurity of its internet network and facilities.The study then gathered data on the skills/training of AFP personnel assigned inCEISS units, from CEISSAFP down to the major services. Data on AFP personnel who hadundergone IT related training/seminars from CEISS units and outside institutions for thelast three years (2008–2011) were also gathered. These were tabulated to form a databaseof AFP IT trained/skilled personnel.These skills or AFP personnel capability for cybersecurity were then compared to ISO27001 standards which is the best minimum practice of private IT corporations to establishif the AFP personnel skills/training were at par with the ISO 27001 standards.Then an ISO 27000 compliant AFP unit dedicated to cyberwarfare/security wasproposed. The skills/training required by each position was then matched with the inventoryof AFP personnel with IT training to get a better perspective of the status of training beingacquired by AFP personnel compared to the requirements as per ISO 27000 standards.Finally, Subject Matter Expert’s opinion both from the AFP and private sector weretaken to have better understanding of the stakeholders’ idea of what are still to be done bythe AFP to attain respectable cybersecurity preparedness.ConclusionsThe following are the conclusions of the study:
  • 173. 173ICT Development and Cyber Security Reader1. The Philippines lack laws relating to cybercrimes. There was only one (1) lawthat is related to cybersecurity that was found in the conduct of the study. RA 8792 or moreknown as the E-Commerce Law is the only enacted law relating to cybercrimes. It legallyrecognizes the use of electronic documents in both public and private transactions. Althoughit penalizes electronic fraud, hacking, cracking/defacing, piracy and internet pornography,it is really more concerned with the banking transactions using the internet. RA 8792 has noprovisions for cyberespionage, cyberterrorism and other serious cybercrimes.The AFP needs to formulate its own doctrine for cybersecurity preparedness.Although the AFP has released regulations, SOPs and letter directives giving guidanceto its personnel on cybersecurity, a doctrine will consolidate all these guidelines into onemanual for easy reference of the AFP CEISS personnel.2. The AFP CEISS training program in relation to cybersecurity preparednessare mostly basic training/seminars. These training are tailored for ordinary office work likeencoding, preparation of briefing and making databases. Standard training are rarely heldand advance training are not available at CEISS units. AFP CEISS personnel have to enrollin colleges, universities and other learning institutions for advance training/courses.3. The AFP personnel cybersecurity preparedness capability failed the ISO 27001standards test due to lack of qualified personnel with advance training. The training beingoffered by CEISS units to AFP personnel is not attuned with the fast paced development inIT. Since ISO 27001 is the best minimum requirements for IT corporations, the AFP mustpass the said standard. It is not only qualifying for ISO compliance but more importantlyto fill-up the AFP own requirement for IT skilled personnel.4. If an AFP unit for cybersecurity will be created and manned in accordancewith ISO 27001 in terms of skill a few positions requiring advance training will be leftvacant. Although all the officers’ position will be filled – up and the EP/civilian positionswill be 93% filled up, the few vacant positions requiring advance training are critical tosmooth and proper operation of the unit.5. The Subject Matter Experts’ opinion on what are the things that the AFP stillneeds to be done to achieve cybersecurity validated the documents research and theresults of the survey. The points raised by the experts are the following: a) Enactment oflaws covering cybercrimes and crafting an AFP doctrine on cybersecurity operations, b)The need for a continuous program of advance training of its IT personnel to keep abreastof the fast development in this field and c) Creation of an AFP cyber warfare unit.Recommendations1. The AFP must work together with other government agencies, private ITcompanies and other stakeholders to support the enactment of stricter laws to preventand curve cybercrimes such as cyber terrorism and cyber espionage. There will be nocrime committed if there is no law against cyber espionage and cyber terrorism. Nobodycan arrest and prosecute hackers and other cyber criminals.The AFP must also craft its own cybersecurity doctrine to guide its CEISSpersonnel in its cybersecurity operations. Although there are other AFP policies which
  • 174. 174 ICT Development and Cyber Security Readergives guidelines in cybersecurity preparedness, the creation of a doctrine will integrate allthese guidelines into a single paper for easy reference during cybersecurity operations.2. More standard and advance training must be programmed and offered toCEISS personnel. Training and the experience required to become an IT specialist will meaninvestment in terms of money, time and personnel. The AFP must start now to develop itsown personnel in terms of advance courses and skills required for the positions needed inthe creation of a cybersecurity unit of the AFP.3. All CEISS units of the AFP must study and implement solutions, renovationsand improvements to their training programs in order to comply with personnel capabilitydevelopment which is compliant to ISO 27001. Adherence to ISO 27001 standards will giveuniformity to all the CEISS operations thereby ensuring a smooth working inter - relationshipbetween GHQ and the major services.4. Creation of Cybersecurity Command under GHQ, AFP with the personnelpositions as shown in Tables 24 - 27 (Manning Diagram). The lack of current personnelwith advance training can be remedied by:a. Call to Active Duty (CAD) of IT expert practitioners from the private sectors.b. Use of affiliated reserve units from telecom companies and other IT relatedprivate business firms for the development of cybersecurity preparedness ofthe AFP. Strict security clearance process must, however be observed.c. Recruit personnel who are graduates of BSEE, BSCEE, BS Computer Science,BSIT and other IT related courses and sending these young personnel for furtherstudies in IT fields for future manning of cybersecurity units and offices of theAFP and the Department of Defense.d. Consider the establishment of a Cyber Center for the Department of NationalDefense, possibly as an added capability of the NDCP.5. Support creation of a national body that will serve as focal point of all activities/initiatives by stakeholders to achieve cybersecurity. A national cybersecurity committeemust take charge of all activities/initiatives on cybersecurity to avoid duplication and tohave better cooperation among all the stakeholders. It will also ensure prompt actionsduring cyber attacks and fast dissemination of warning and/or solutions to all stakeholdersregarding such attacks.# # #BIBLIOGRAPHYAldrich, Richard W. Cyberterrorism and Computer Crimes: Issues Surrounding theEstablishment of an International Legal Regime. April 2000. Retrieved on October29, 2010., Arsenio R. An Exploratory Study of the AFP Cyber Warfare Experience: InitialLessons Learned. August 2009. National Defense College of the PhilippinesAshley, Bradley K. Anatomy of Cyberterrorism: Is America Vulnerable? A Research Paper.February 27, 2003. Retrieved on October 29, 2010 from au/
  • 175. 175ICT Development and Cyber Security Readerawc/awcgate/awc/ashley.pdfBerner, Sam. Cyber-Terrorism: Reality or Paranoia? March 2003. Retrieved on October 29,2010., Cybercrime and Cyberterrorism:Vulnerabilities and Policy Issues for Congress.CRS Report. January 29, 2008. Retrieved on October 29, 2010 from, Olivia. Cyber Terrorism and Private Sector Efforts for Information InfrastructureProtection. May 2, 2002. Retrieved on November 6, 2010 from spu/ni/security/workshop/presentations/cniBosch%20paper.pdfChu, Hai-Cheng, Deng, Der-Jiunn, Chao, Han-Chieh, Huang and Yueh-Min, NextGeneration of Terrorism: Ubiquitous Cyber Terrorism with the Accumulation ofall Intangible Fears. June 25, 2009. Retrieved on October 29, 2010. jucs_15_12/next_generation_of_terrorism/jucs_15_12_ 2373_2386_chu.pdfClem, A., Galwankar, Sagar and Buck, George. Health implications of Cyber-Terrorism:Special Report. March 15, 2004. Retrieved on October 29, 2010., Andrew Michael. Managerial Guide for Handling Cyber-Terrorism and InformationWarfare. Common Law Copyright. 2005. Retrieved on October 29, 2010. Attack and Cyberterrorism: Vulnerabilities and Policy Issues for Congress. CRSReport. April 1, 2005. Retrieved on October 29, 2010., Maura. Cyberterrorism: Media Myth or Clear and Present Danger? 2004. Retrievedon October 29, 2010., Maura. Reality Bytes: Cyberterrorism and Terrorist “Use” of the Internet. 2002.Retrieved on October 29, 2010., Daniel M. A helpless America? An Examination of the Legal Options Available tothe United States in Response to Varying Types of Cyber-Attacks from China. 2003.Retrieved on October 29, 2010 from Operations and Cyber Terrorism. DCSINT Handbook No.1. A Guide to Terrorism inthe 21st Century. US Army TRADOC 2005 Version 3.0. August 15, 2005. Retrievedon November 6, 2010 from sitebuildercontent/sitebuilderfiles/, Dorothy E. Chapter 8: Activism, Hacktivism, and Cyberterrorism: The Internet as aTool for Influencing Foreign Policy. Dec 10, 1999. Retrieved on October 29, 2010 from, Dorothy E. A View of Cyberterrorism Five Years Later. 2007. Retrieved on October29, 2010 from, Dorothy E. Cyberterrorism Testimony Before the Special Oversight Panel onTerrorism Committee on Armed Services US House of Representatives. May23,2000. Retrieved on October 29, 2010. CYBERTERRORISM.pdfDyson, Jay D. The Myth of Cyber-Terrorism. Retrieved on October 29, 2010., Frank and Francois, Jean. Cyberterrorism Prevention List. Retrieved on October29, 2010. dozenlst.pdf
  • 176. 176 ICT Development and Cyber Security ReaderGHQ, DND. AFP Regulations G 200-014. Security of Classified Matter. September 14,2010.IBM Center for the Business of Government. Cybersecurity Management in the States: TheEmerging Role of Chief Information Security Officers. (2010)Gordon, Sarah and Ford, Richard. Cyberterrorism? Retrieved on October 29, 2010 from, Sarah. Cyberterrorism and the Home User. A White Paper. Retrieved on October29, 2010 from, Jason S. Cyber-Terrorism. April 24, 2006. Retrieved on October 29, 2010. Dr., Bruce. Use of the Internet by the Islamic Extremists. 2006. Retrieved on October29, 2010 from, Lucasz. How to Prevent and Fight International and Domestic Cyberterrorismand Cyberhooliganism. January 2003.Retrieved on October 29, 2010. ISO/IEC 27000-series. Retrieved on July 25, 2011Jacinto, Al. Official Website ng Army Na-hacked. December 07, 2010. Retrieved on December08, 2010., Ali. Cyberspace, Cyberterrorism and Information Warfare: A Perfect Recipefor Confusion. Retrieved on October 29, 2010. Cyberspace-Cyberterrorism-and-Information-Warfare-A-Perfect-Recipe-for-Confusion.pdfJain, Gaurav. Cyber Terrorism: A Clear and Present to Civilized Society? August 12, 2005.Retrieved on November 6, 2010 from, Lech J. and Colarik, Andrew M. Cyber Warfare and Cyber Terrorism. Retrievedon October 29, 2010. Terrorism.pdfKim, Jong-Tae and Hyun, Tchanghee. Status and Requirements of Counter-Cyberterrorism.2005.Retrieved on October 29, 2010., James A. Assessing the Risk of Cyber Terrorism, Cyber War and other Cyber Threats.December 2002. Retrieved on October 29, 2010 from, Martin C. Cyberdeterrence and Cyber War . 2009. Retrieved on October 29, 2010from, Pat. CyberTerrorism: A Bloodless War? Oct 3, 2001. Retrieved on October 29,2010., Varvara. Cyber-Terrorism - A Call for Governmental Action? April 2001. Retrievedon October 29, 2010., David. Concepts for Enhancing Critical Infrastructure Protection. 2005.Retrieved on October 29, 2010 from, Rohas. Cyber Terrorism in the Context of Globalization. September 2002. Retrievedon October 29, 2010.,%20Rohas.pdf
  • 177. 177ICT Development and Cyber Security ReaderNational Strategy for the Protection of Critical Cyber Infrastructure: Strengthening CyberSecurity Through Public-Private Partnership. Republic of the Philippines CabinetOversight Committee on Internal Security (COC-IS) and Task Force for the Securityof the Critical Infrastructures (TFSCI) Report. June 2004.NICA Report. Cyberwarfare. September 2010.OJ6. AFP CEIS Letter Nr. 2009-05. October 16, 2009.OJ6/OTAG. Standard Operating Procedure Nr. 4. July 30, 2010.Okichich, Aron. Cyber-Terrorism Fact or Fiction? Retrieved on October 29, 2010., Aron. 2005. Running Head:Cyber-Terrorism Retrieved on October 29, 2010 from, Janet J and MacDonald, Laurie E. Cyber Terrorism: A Study of the Extent ofCoverage in Computer Security Textbooks. Journal of Information TechnologyEducation. Volume 3. 2004. Retrieved on October 29, 2010 , Abraham A Maj PA. Protecting the Philippine Cyberspace: Design Elementsfor a National Security Plan 2001Republic of the Philippines Eleventh Congress. RA 8792. Electronic Commerce Act. June14, 2000.Saade, Tareq. The Stuxnet Sting. Microsoft malware protection center dec. 3, 2011. RetrievedonDecember 5, 2010., Linda and Robinson, Stephen R. Principles and Practice of Information Security.Retrieved on October 29, 2010 from, Clive. Cyber-Terrorism: Legal Principle and Law in the United Kingdom. July 7,2006. Retrieved on October 29, 2010., Gabriel. Cyberterrorism: How Serious is the Threat. Special Report. US Instituteof Peace. December 2004. Retrieved on October 29, 2010. WikiLeaks. Retrieved onDec. 7, 2010., Clay. Botnets, Cybercrime and Cyberterrorism: Vulnerability and Policy Issues forCongress. January 29, 2009. Retrieved on October 29, 2010 from Clay. Computer Attack and Cyberterrorism : Vulnerability and Policy Issues forCongress. CRS Report.April 1, 2005. Retrieved on October 29, 2010., Peter A. Cyberwarfare and Cyberterrorism: Implications for Defense and R&D. May3, 2001. Retrieved on October 29, 2010., Zahri. Putting Cyber Terrorism Into Context. February 24, 2009. Retrieved onOctober 29, 2010., Peter K. What Businesses Should Know About Cyberterrorism. October 2001.Retrievedon October 29, 2010.
  • 178. 178 ICT Development and Cyber Security ReaderMNSA Thesis (Abridged)The Effects of the Internet Age onNational Identity and National SecurityNathaniel Ordasa Marquez, MNSARegular Class 46AbstractThis study, which is exploratory and descriptive in nature, aimed to bring to focus the effectof the Internet age on national identity and its implication on national security. It is exploratory innature and it answers the research hypothesis: “Does the Internet Age affect the development of theNational Identity of a country?” The following research seeks to answer the following questions :Who are the Filipino users today? Who are the users of the Internet and what are they doing in theInternet? What are the levels of maturity and advancement of their usage? How are they using theInternet? What are the Internet drivers that affect National Identity? What are the social structureand cultural values of Filipinos that is affected by the Internet? How can the government participatein the race for the information and drive the national interest to the citizenry thru this medium? Andwhat are the implications of an Internet-influenced Identity to the National Security?The answer to Filipino users demographic was focused on the exploratory data of thetrendsetter group the Knowledge and Social users of the Internet. Among the recommendations derivedfrom this study was to establish an inter-agency committee with multi-sectoral participation tasked tocreate the Philippine Strategic Information Management Campaign Plan to be led by the Departmentof Science and Technology under the newly reorganized Office of the Information CommunicationTechnology in coordination with the National Commission for Culture and the Arts.BackgroundInformation pervades our daily life. We don’t even mind if the information we takein is for good or not. The exposure of the citizenry to Quad Media – from the traditionalTelevision, Radio and Print to the now dominant and fastest growing medium that is theInternet — presents a lot of questions and challenges that we must face in this Age ofInformation, where “the one who holds, controls and keeps the information is king.”He, who controls information and captures the mindshare of the greater populace,now with a very thin line separating global, regional and national information, can directlyaffect and influence an individual’s identity and how he contributes to a nation’s sovereignty.Studies have been made and even earlier philosophical statements said about the InformationAge wherein the one who controls information is the one who wields the power.Globalization has forced countries to adopt information technology (IT) to enableand strengthen governance, public service, defense and security, as well as the financialmover - commerce and economic trade in order to address the demands and interests oftheir stakeholders. As we embrace the latest technology, we enjoy the benefits innovation
  • 179. 179ICT Development and Cyber Security Readerbrings. However, in the process of using it, we sometimes ignore one fact — that we areexposing ourselves to new and unforeseen threats, possible abuse and exploitation. If wesimply ignore these threats, the impact of technology on the citizenry can have an effect onthe nation’s sense of nationalism, therefore compromising the socio-cultural sovereigntyof an independent state. As countries jump into the “Global Village” created by the Internet,physical boundaries are no longer a hindrance in communication and collaboration of virtualsocieties. Therefore, Internet technologies are enablers for humanity to embrace and jointhe global community. In his book Understanding Media (1964), Marshall McLuhan stated:“Today, after more than a century of electric technology, we have extended our central nervoussystem itself in a global embrace, abolishing both space and time as far as our planet is concerned.”He emphasized that with the enhanced speed of communication online and the ability ofpeople to read about, spread, and react to global news very rapidly, the Internet forces usto become more involved with one another from countries around the world and be moreaware of our global responsibilities.Access to global information is already available in the tip of the fingers of almosteverybody; the growth of pervasive devices that can connect to the Internet is exponential,communication technology whether wired or wireless is reaching out to the farthest endsof the archipelago and has become affordable to the masses. Pretty soon the whole countrywill be interconnected and there is no stopping this phenomena from happening. We areall moving to an Information Network Society, forming new sociological structures withinthe context of culture.Information Age versus the Internet AgeThe industrial revolution started during the period of the 18th and 19th centurywhere industries such as manufacturing and distribution, transportation and mining as wellas modern agriculture started booming. This started from the first world countries, whichhas competing with each other industrially or because of the demand of the outbreak ofwar. After the era of industrialization, comes the age of information. The information ageis also known as the digital age, the computer age, or the information era. The theme ofthis era is the time when machineries are no longer just used as simple automation toolsor equipment.These simple industrial tools have evolved into machines called computers withthe primary purpose of storing, processing and manipulating information and harnessingknowledge for people to communicate information or data faster and more efficiently. Itis a radical shift from the industrial revolution to the concept of digital information in themodern economy.The Information era can be divided into a two phases of evolution: the InformationAge and the Internet Age. The early part of the information era was dominated by proprietarytechnologies from different providers and different network protocols were still being used.The information age was all about the traditional servers, host-centric and stand-alonecomputing systems mostly used by top corporations and large government establishmentsduring that era. The new phenomenon started with the entry of a global interconnectivityprotocol – the Internet.The Internet was originally conceived as a fail-proof interconnectivity protocol fordefense and education purpose. It was designed similar to the concept of the spider web,
  • 180. 180 ICT Development and Cyber Security Readerwhere the system links information in a web-like fashion and where if one strand were cut,the other web on the network would continue to support the system. That is why they refer tothe Internet as the World Wide Web, where the availability of information is persistent.The Defense Advanced Research Projects Agency (DARPA), an agency of theUnited States Department of Defense, the inventor of the Internet, has been using the initialapplication of mail and file exchange on the system since 1969. But it was when Britishscientist Tim Berners-Lee invented the World Wide Web (WWW) in 1991 that the Internetbecame the global protocol and the Internet Age phenomenon began. (“A brief history ofCyberspace”– Global Protocol - TCP/IP (Transmission Control Protocol/Internet Protocol)is a model of computer network communication standards that describes a set of generaldesign guidelines and implementations of specific networking protocols or what they call“Common Language” to enable computers to communicate over a single network, howeverbig or small. ( the coming of a global protocol and a global language, the phenomenonaccelerated and evolved at tremendous speed. From 16 million users in December of 1995 to458 million in March of 2001 to a tremendous 1.5 billion Internet users worldwide in Januaryof 2009, its expansion is even faster than the human population growth. In his presentationlast Oct. 4 – 7, 2010, Richard C. (Dick) Schaeffer, Jr. of Riverbank Associates, LLC, supportedby W.D. Sincoskie, Telcordia Technologies, predicted the number of Internet hosts woulddefinitely exceed the human population. Estimated number of Internet hosts will be morethan 10 billion by 2015.Dr. Virginia Watson, PhD, from the Asia-Pacific Center for Security Studies, alsosupported this statement during her roundtable discussion at the National Defense Collegeof the Philippines, where she stated that, “By the year 2012 to 2015 timeframe – ‘Cities ofInformation’ will out-populate ‘Cities of People.’ Wherein the new problem setting is now at the timeof network convergence, which defines cyberspace as an era, which promises economic prosperity buthowever presents a great threat in the concern on privacy and civil liberties, public safety and lawenforcement and the greater concern on national security of the country vis-a-vis the world.”In the Philippines, according to the National Telecommunications Commission,Internet Service Providers (ISPs) reported only a conservative 4.3 million users in 2010, butthis figure can easily be disputed because of the absence of a true subscriber record systemespecially in the prepaid marketing.However, if you take the number of mobile phones that already have Internet accessvia mobile Internet or wireless hotspots, the total can be doubled or tripled. The Internettoday has evolved from a simple means of information connectivity to become the largestform of media. It has even surpassed the capability of traditional information channels andis now the new battleground for information dominance.Statement of the ProblemThe problem of the research seeks to understand the trends and possible scenarios inthe Internet Age, define the variables of the use of the Internet and its effects an individual’sstate of mind and its effect to the overall state of National Identity and the potential impactto a country’s sovereignty.
  • 181. 181ICT Development and Cyber Security Readera. Who are the Filipino users today?· Who are the users of the Internet and what are they doing in the Internet?· What are the levels of maturity and advancements of their usage?· How are they using the Internet?b. What are the Internet drivers that affect National Identity?c. What are the social structure and cultural values of Filipinos that is affected by theInternet?d. How can the government participate in the race for the information and drive thenational interest to the citizenry thru this medium?e. What are the implications of an Internet-influenced Identity to National Security?Objectives1. To determine the socio-demographic characteristics of Filipinos exposed to the useof the Internet2. To determine the level of use of Filipinos & the type of application and informationthey access in the Internet3. To compare the Filipino Identity in the different eras and how they have changedin the era of the Internet Age4. To explore the different Filipino socio-cultural traits that will be affected by theInternet5. To define National Identity in the Internet Age and determine the level of awarenessof its effects to National Security.Scope and Delimitation of the StudyThis study focuses only on the Internet as the convergent and most diversifiedsource of information. With the developments on information technology, all mediumof information, whether television, radio, movies and videos, telephony and even socialnetworks, are now all available on the Internet.As much as I would like to expound on the realm of Information Operation as thenew theater in the Information Age and expound on various threats in the Cyberspace,this study primarily focused on social trends and phenomenon in the areas of knowledgemanagement and primarily on social capital in the interest of national security. StrategicInformation Operation in the Internet Age is proposed for future studies.Due to the limited time provided, this study focuses only on the knowledge workersand social users of the National Capital Region, the trendsetter and fastest growing usersof the Philippines because of their pervasive access to Internet connectivity and onlineinformation and who’s line of work is related to the uses information technology.
  • 182. 182 ICT Development and Cyber Security ReaderSignificance of the StudyThis study is relevant and significant because it serves to create awareness that in theAge of the Internet, where a country’s national identity is at risk because of the humongousamount of information that can invade the minds of its citizenry, the state should not takethis phenomenon sitting down. This study presents the current trends on social networkingand its effect on the society’s culture and traditions.This research forms part of my research with regards to the impact of the InternetAge to the global society and how it can directly to affect the country’s identity and nationalsecurity. This research is presented as reference to policy formulation on national informationmanagement as well as for the national information security policies, capitalizing on thepower and potentials of the Internet to forward the interests of the country.AssumptionsThis research assumed that Internet trends in the next five years will not deviatemuch, no disruptive technology will happen and the current trends on social networkingwill still be the major driver for information campaigns in the Internet regardless of whatevercommunication channels or technology is made available in the market.Summary, Conclusions and RecommendationsSummaryIn this study, the delineation of the Information Age and the Internet Age wasdefined. Information Age is the era after the industrial revolution, which started around1970 highlighted because of the abundant publication, consumption and manipulationof information brought about by tri-media especially when it was sped up by industrialmachinery, first generation proprietary computing platforms and islands of the computernetworks. The Internet Age is the umbrella term of the 21st century, marked down whenTCP/IP became the global protocol for interconnectivity which pave the way for informationtravel around the world and is made available to more countries than ever before. It is alsocharacterized by high-speed communications, convergence of computers and consumerelectronics such as wireless devices.Surveys were conducted among knowledge workers and social users of the Internetin the National Capital Region – the pioneering region in Internet adoption. Two socialclasses were determined to simulate the scenario of advance and casual users so we canmap out their different perceptions and opinions if indeed the drivers on the Internet affecttheir individual identities.Internet users in the NCR are mostly in the age bracket of 15 – 45 years old, havepervasive access to the Internet via wireless/wired broadband, Wi-Fi, from home andoffice, and even from public areas via Internet cafés or mobile phone Internet access. Theygo online daily and will not let the week pass without checking-in online. Some users evenhave the connected syndrome, which means they want to be online all the time so theycan receive real time updates from social network posts and blogs. Filipino Internet userstoday go online to communicate and collaborate with family, friends and colleagues. They
  • 183. 183ICT Development and Cyber Security Readeralso perform research on personal interest, employment opportunities and school/work-related information. They also find news and current events from websites, social networkand blogs, which they deem credible. They also go online for entertainment, games andshopping as part of their regular social life.When collaborating online, Filipino Internet users prefer using free email andcollaboration services such as Google, Skype and Yahoo’s free email, chat, search engine,video and voice services. The Internet becomes the primary connecting and communicationmedium of Global Filipino – our new heroes, the OFWs. Filipino Internet users who arelooking for entertainment online prefer playing single player games and Massive MultiplayerOnline Role Playing Games (MMORPG) still digs online music, videos and sports relatedinformation.The average Filipino Internet user has three to four online identities, such as emailaddresses, online accounts and membership in social networks. Surprisingly, some usersclaim to have only two to three true identities leaving some accounts fictitious or privatealiases. From a target audience perspective, the online community population can actuallybe bloated, because some of the users may have one to two accounts per social network.Similar to the demographics of the mobile phone subscriber in the Philippines, most havetwo to three phone numbers already simply to avoid the high cost of interconnectivity.Some of the top social networking sites used by Filipino Internet users are Facebook,Friendster, Twitter, Linked-In and Multiply. Products and services that Filipinos prefers tobe bought online are airfare, hotel accommodation, technology products and personalaccessories.The Internet poses threats to national security when it used as an instrument forinformation propaganda. In this day and age, the war is already in the battle of the mindsand not in conventional warfare. All stakeholders in the Internet are after in pushing forwardtheir interest that can have an impact in all the aspects of national security. A typical scenariois the political situation of the Arab countries fighting for liberty and democracy; socialmedia were able to influence indirectly their citizen thus sparking those series of revolt fortheir aspiration to adopt democracy. Therefore for the state, the Internet is a critical driverand issue for governance since it cannot be regulate, monitor nor even control the accessof information. The best way to address this is for politicians to use the Internet to theiradvantage, whether in governance or propaganda, so they can manage their constituentsto a common goal.Majority of the Filipino Internet users believe that there is a developing social culturein online communities in the Internet. In fact, when asked if the Internet has affected theirsocial and personal identities, majority said yes indeed. To put this hypothesis answer to test,several perception indexes were asked in the survey. Filipinos nowadays are conformingto the global time or what they call Internet time rather than the usual Filipino time. Theyhave never the lost the character of being helpful even online, the concept of “Bayanihan” isalive and kicking in online websites. However, social media is taking over our characters of“Delicadeza” or tastes of manners as well have made our self-esteem stronger. The Filipinocharacter of “Carinoso” lives and stays even with the adoption of the global language andease of access to information publication is within anybody’s reach. Filipinos mostly useemoticons and “Jejemons” to put some tone of feelings on their online communication.
  • 184. 184 ICT Development and Cyber Security ReaderAll this character he exercises on various social networks, connecting with their family,friends and colleagues, forms part of the Filipinos’ social life despite the absence of physicalinteractions.Although the Internet is a great driver for socio-cultural, economic and politicaldevelopments, it also implies threats and problems in these national security dimensions.Amongst which is the management of human resource and capital. When the countrydecided to jump on the bandwagon of globalization, together with it began the unendingcycle of search for competitive knowledge and skills training in order to compete in a globalmarket. Filipinos need to find their niche in the global workforce requirement pool that’swhy eServices will be the best way for the country to capitalize in the wide knowledgecapital it has.Economic threats are still in the area of IT security operation. There is a need fortechnology to support the development in industries, create the spark that will kick startstakeholders to become competitive players in the global market. These trends are clearlyhappening and are presented thru the global shift of knowledge based services such asbusiness process outsourcing. A more dynamic, transparent and accountable politicalleadership will definitely be the key in all of this strategy. eGovernance is the best wayto go forward in order to seamless manage the complex bureaucracy, this strategy is theintegration factor for both Private and Public stakeholders, so we can align to a commongoal, serving the national interest at all times.In summary, the drivers and variables presented in this study’s conceptualframework have will affect the development of the Filipino Identity and have greatimplications to National Security. Socio-cultural cohesion is the key in bonding togethera country that is now borderless in the sphere of the Internet. The Filipino family valuesshould be enhanced and protected with the use of the social media. Moral and spiritualmolding and “mind-formatting” strategies should be more effective in creative marketingsince you are competing with tremendous information on the web. Education should beenhanced with creative learning styles by using new forms of media sources available online.Increasing penetration of access to the Internet is not enough.The educational system should change from standard fix curriculum based programsto education formatting – filtering information from scholarly and SMEs sources andallowing the students to explore and expound more in creating knowledge out of this onlineinformation guide education format. The government should capitalize on the economicpotential of the Internet by promoting online entrepreneurship attuned to both local andglobal culture. The government should increase the adoption of technology to provideonline transparency on governance to foster accountability in the political leadership. Allof this factor will affect all the aspect of National Security, thus the increased adoption isrecommended yet all safeguards to protect our National Identity should be in place.Conclusionsa. The National Capital Region is actively using the Internet in collaborating,commerce, social and economic activities, as well as in politics and education. Thedemand for real-time information is increasing and will drive the developmentof the services, commerce and infrastructure development of the country. There
  • 185. 185ICT Development and Cyber Security Readerare threats and benefits in the areas of socio-cultural, techno-scientific, economic,politics and security dimensions of the nation.b. Though the positive potentials and wide acceptance of the Internet seem to outweighthe threats presented, Internet users still need to be aware of the operational risksand security threats of getting on the Internet. Users need to remain vigilant andshould actively challenge information they receive because on a greater scale it ishard to have a country with citizens with questionable allegiance since their mindsare Internet-influenced.c. The Filipino core characters throughout the time have been resilient to radicalchange. Filipinos have survived and have adapted to change in different eras ofour history. Along the way he picks up and develops new characteristics, culture,language and beliefs. The greatest challenge now is the preservation and the passingon of the positive characteristics, particularly in the era of the Internet, whereinterpersonal relations are replaced with virtual interactions.d. There is still a continuous threat to personal identification theft, violation of rightsto privacy as well as other online criminal activities. This also includes operationalthreats such as viruses, phishing, hacking and cyber attacks. The greater risk is therisk to unknown propaganda and manipulated information or what is sometimescalled as psychological warfare.e. Based on review of related literatures and laws, the bureaucracy is not aligned orready to implement a full nationwide information and communication managementand technology enablement plan. Different charters are scattered around thebureaucracy and the missions of these government agencies have been out grownalready through time. They need to be attuned with the new Age of the Internetand should be Globalization Ready.f. There is a need to change the view of the Filipino on how to value information andcommunication management. Strategic information is vital in making strategicdecision therefore should be the alter ego of the political leadership. Policies needto be aligned, the bureaucracy streamlined and reorganized, and ones properlyplanned and aligned to a strategic direction, that strategy should become the beaconour political leadership and the rest of the country should follow.Recommendations1. Creation of an inter-agency committee with multi-sectorial participation tasked tocreate the Philippine Strategic Information Management Campaign Plan to be led bythe Department of Science and Technology under the newly reorganized Office of theInformation Communication Technology in coordination with the National Commissionfor Culture and the Arts. The Philippine Strategic Information Management Campaignplan will include but not limited to the following objectives:a) a more thorough and in-depth study of the anthropological history of theFilipino Identity and its current cultural definition in the modern times;
  • 186. 186 ICT Development and Cyber Security Readerb) visioning exercise that will determine where we want to drive the mind set ofour people in the Internet Age by capitalizing on the power of social media andtri-media which has a perfect cultural fit;c) an operational plan that will orchestrate and align the programs of thebureaucracy in developing the drivers that affects national identity such astechnology enable education, cultural integration and cohesion, moral andspiritual values, transparent political governance and stronger family relations.Thru this campaign plan, a strategic direction will be derived and will helprationalize overlap functions of the bureaucracy towards the achievement of acommon goal.2. Stakeholders from the legislative, executive together with the private and other multi-sectoral groups should work on a policy that will promote the use of informationmanagement as strategy enabler for the clear definition of the Filipino National Identity,attuned to the times with a clear vision on where we want to go as a people that willform as the backbone of our national development efforts. Safeguards should also bein place for the protection of identity and privacy, proactive information management,responsible social communication in social media, adoption of industry standard securitypractices and policies for the promotion of security consciousness, awareness and self-protection.3. The NDCP may consider in its Masters in National Security Administrationcurriculum a separate module or sub-module under Techno-Scientific Dimension –“Strategic Information Management.” Another module name can be Information andCommunication Management. This module will include an executive overview on theuse of Information Management, Information and Communication Technology, StrategicCommunication and Executive Decision Making.# # #BibliographyBooksAbinales, Patricio N. (2005). State and Society in the Philippines. Manila: AnvilPublishing.Clawell, James. (1983). The Art of War: SunTzu. Concord, CA: Delta Books.Constantino, Renato. (2000). Identity and Consciousness: The Philippine Experience. NewYork: Monthly Review Press. (Original work published in 1975)Cross, R & Israelit, S. (2000). Strategic Learning in a Knowledge Economy: Individual,Collective and Organizational Learning Process. Boston, USA: Butterworth –Heinemann.Disini Jr., J.M. (2000). The Electronic Commerce Act – The Rules on Electronic Evidence.Manila: Philippine Exporters Confederation, Inc.
  • 187. 187ICT Development and Cyber Security ReaderFriedman, T. (2005). The World is Flat. Farrar, Staus & GirouxGladwell, M. (2000). The Tipping Point: How Little Things Can Make a Big Difference. NewYork: Little Brown Publishing.Jocano, F.L. (1998). Filipino Social Organization – Traditional Kinship and FamilyOrganization. Series - Anthropology of the Filipino People III. Metro Manila, Philippines:Punlad Research House.Jocano, F.L. (1998). Towards Developing a Filipino Corporate Culture. Metro Manila,Philippines: Punlad Research House.Lesser, E. L. (2000). Knowledge and Social Capital – Foundations and Applications. Boston,USA: Butterworth – Heinemann.McLuhan, M. (1964). Understanding Media. Corte Madera, CA: Gingko Press.Price, M. E. (1995). Television, The Public Sphere and National Identity. Oxford: ClarendonPress.Romana-Cruz, N. S. (1997). You know you’re a Filipino if…: A pinoy primer. Metro Manila:Tahanan Books.Toffler, A. & Toffler, H. (1995). War and Anti-War. New York: Warner Books.ThesisAndalong, A. R. (2009). An Exploratory Study of the AFP Cyber Warfare Experience:Initial Lessons Learned. Unpublished Master’s Thesis. National Defense College ofthe Philippines.Cantos III, A. G. (2008). Improving Employability of Information Technology Workersin Metro Manila. Unpublished Master’s Thesis. National Defense College of thePhilippines.Purugganan, A. A. (2001) Protecting the Philippine Cyberspace, Design Elements for aNational Security Plan. Unpublished Master’s Thesis. National Defense College of thePhilippines.Torresyap, S. P. (2000) An Assessment of the Internet Use in Metro Manila and its Implicationsfor National Security. Unpublished Master’s Thesis. National Defense College of thePhilippines.Veloso-Zapanta, A. E. (2007) The Role of Television News Media in the Conflict Between theGovernment of the Republic of the Philippines and The CPP/NPA/NDF. UnpublishedMaster’s Thesis. National Defense College of the Philippines.Wee, D. G. (2008) A Comparative Study of the DND and CPP Website: Internet-BasedCommunication As a Tool To Enhance National Security. Unpublished Master’s Thesis.National Defense College of the Philippines.
  • 188. 188 ICT Development and Cyber Security ReaderPresentationsWatson, V. (2010, November 17). Science, Technology and Security. Lecture presented inNDCP Roundtable, CGEA,, Quezon City.Schaeffer, R. Jr. (2010, October 4-7) The Interface of Science, Technology and Security byRiverbank Associates, LLCOjeda, N. Jr. (2010, June 15) DND Information Management Concepts, DND, CGEA, QuezonCityOjeda, N. Jr. (2010, July 7) Securing Cyberspace: Issues and Challenges. Nanyang TechnologyUniversity, SingaporeEstrada-Claudio, S. (2011, February 4). Filipino Identity, Personality and Relationships: AGender Analysis. Lecture presented to Regular Class 46 of Masters in National SecurityAdministration, National Defense College of Philippines, Camp Aguinaldo, QuezonCity.Online JournalsJolly, R and Ray, D. B. (2006). The Human Security Framework and National HumanDevelopment Reports. United Nations Development Programme. Retrieved on 8July 2011., K. (2005). The Laws of Identity. Washington: Microsoft Corporation. Retrieved on10 July 2011. TheLawsOfIdentity.pdfMcKay, D. (2010). On the Face of Facebook: Historical Images and Personhood in FilipinoSocial Networking. History and Anthropology, Vol 21, No. 4, December 2010, , pp 479 –498. Retrieved on 22 January 2011. ReferencesOffice of the President of the Philippines. (2011). Executive Order No. 47 - Reorganizing,renaming and transferring the Commission on Information and CommunicationsTechnology and its attached agencies to the Department of Science and Technology.Manila: Malacañang Palace.Office of the President of the Philippines. (2004). Executive Order No. 334 – Abolishingthe Information Technology and Electronic Commerce Council and transferring itsbudget, assets, personnel, programs and projects to the Commission on Informationand Communication Technology. Manila: Malacañang Palace.Office of the President of the Philippines. (2004). Executive Order No. 268 – Creating theCommission on Information and Communications Technology. Manila: MalacañangPalace.Office of the President of the Philippines. (1992). Republic Act No. 7356 – An act creatingthe National Commission for Culture and the Arts, establishing a National EndowmentFund for Culture and the Arts, and for other purpose. Manila: Malacañang Palace.
  • 189. 189ICT Development and Cyber Security ReaderMNSA Thesis (Abridged)Electronics Security System of Universal Banksin the Philippines: An AssessmentEngr. Rodrigo I. Espina, Jr. MNSARegular Class 46AbstractThis study determines the current and emerging cyber crimes affecting the universal banksin the Philippines and the preparedness of the banking system in addressing the frauds and threats.Primarily, the following questions were asked: What are the current and emerging crimes experiencedby universal banks in the Philippines? How prepared are universal banks for these evolving threats?What are the best practices in electronic banking by universal banks in the Philippines and the specificstrategies and solutions they employ to fight fraud? What is the extent of the universal banking sector’scompliance to regulations of the Bangko Sentral ng Pilipinas (BSP)? In answering the aforementionedproblems, the study employed a mixed method of analysis, which includes survey among the currentuniversal banks in the country, interviews of key informants and document validations.The study concludes that biggest hindrance to properly addressing cyber threats and fraudsis attributed not primarily to the absence of banking regulations and/or policies but more to thehesitance of the banks to cooperate with proper authorities especially in reporting cybercrime incidencesbecause of reputational risks. Considering the dramatic developments in information technologies,the study underscored an urgent need for Philippine legislature to create laws that would addressthe new and difficult challenges presented by such developments, particularly to prohibit computercrimes and outline appropriate punishments for those crimes. Any lapses in the electronics securitymanagement will extremely expose the banks to risks and vulnerabilities which can lead to the collapseof the banking sector which is a huge setback to the already struggling economy of the nation.The Problem Many banks have established presence on the Internet using web technologiesby providing customers with the opportunity of performing interactive retail bankingtransactions (Aladwani, 2001), round-the-clock availability, ease of transactions, andavoidance of queues and restrictive branch operating hours (Khalfan et al., 2006; Almogbil,2005). Overall customer satisfaction in this type of banking through electronic channels,sometimes referred to as “e-banking,” or virtual bank without visiting a building(International Business Management, 2010) or a brick and mortar institution (Jimenez andRoman, 2006), has resulted to an upsurge of online bankers worldwide, increasing by 39percent in the Philippines for the period January 2010 to January 2011 from 377,000 to 525,000(comScore, 2011). Along with the rapid diffusion of the internet and the convenience it broughtto the banking and financial services industry, however, came various schemes on bankfrauds committed through identity theft, hacking of bank information and defacing of large
  • 190. 190 ICT Development and Cyber Security Readerbanking corporation websites. in 2009 announced that 47 “” websites of local government units in the Philippines were defaced by Arabian hackers.With the number of cyber crimes constantly rising worldwide and breaching nationalborders, banking institutions dash to combat attendant problems. Ironically, though, theestablished banking institutions are the most vulnerable considering that they are the oneswho have made huge investments in security management systems and technology thatare now rendered almost useless as they are very quickly outmoded.Tens of millions of dollars are being stolen from corporate bank accounts everymonth by cyber criminals, but the victims are largely reluctant to acknowledge the scopeof the problem (InformationWeek, 2009). Global crime in cyberspace is going up and theoverall number of attacks is growing substantially. According to Symantec, in 2008 therewere almost 1.7 million new malicious code threats, 2-3 times more than in 2007 and almost12 times more than in 2006. Businesses have now moved to a world of international criminalnetworks. The threat has been increasing, and the financial and national security implicationsare increasingly serious. In May 2009, a survey by Actimize found that 81% of financial services organizationsexpect an increase over the next year in ATM/debit card fraud. A Verizon study foundthat computer hackers stole more sensitive records in 2009 than in the previous four yearscombined, with ATM cards and PIN information growing in popularity. Organized criminalgroups orchestrated nine in 10 of the most successful attacks, with 93% of the recordsexposed coming from the financial sector. Symantec, McAfee, and Trend Micro are the worldleaders in providing the highest levels of security to business customers. Zeus and Clampibotnets, which steal online account credentials with a focus on bank accounts, have gainedin size and strength in recent months. Cheap ($700), and easy-to-use toolkits that hackerscan purchase to control botnets are widely available online. ( In 2008 alone, industry estimates of loss from intellectual property datatheft range as high as $1 trillion.( =25282&mode=vzlong) McAfee reports nearly one-third of companies it surveyedsuffered large scale distributed-denial-of-service attacks multiple times each month, andnearly two-thirds of those said such attacks impacted operations. (Annual Security Report,”Cisco, 2009) The number of crimes are steadily increasing by the year, in fact, dubbing 2010as the “Year of Fraud.”In the Philippines, crimes and losses of banking institutions are reported only bythe resources that had been lost valued in pesos or in US dollars. These countless instancesof bank fraud in the Philippine banking industry remain unreported, the reasons for whichare attributed by McConell International (2000) to the banking institutions’ fear of exposingvulnerabilities, the potential for copycat crimes, and the loss of public confidence. While the Basel Committee on Banking Supervision (Bank for InternationalSettlements) believes that “it is incumbent upon the Boards of Directors and banks’ seniormanagement” to take prudent “steps to ensure that their institutions have reviewed andmodified where necessary their existing risk management policies and processes to covertheir current or planned e-banking activities,” (Basel, 2003) the BSP, as early as 2000 uponthe enactment of the Electronic Commerce Act, has issued various implementing circularsfor electronic banking, specifically Circular 240 and 269, to mitigate and ensure propercontrol of operational risks that are inherent to the technology.
  • 191. 191ICT Development and Cyber Security ReaderObjective of the Study and Statement of the Problem The primary objective of this study is to determine the current and emerging cybercrimes in the Philippines and the preparedness of the banking system in addressing thefrauds and threats. Specifically, the study sought to answer the following questions:1. What are the current and emerging crimes experienced by universal banks inthe Philippines?2. How prepared are universal banks for these evolving threats?3. What are the best practices in electronic banking by universal banks in thePhilippines and the specific strategies and solutions they employ to fightfraud?4. What is the extent of the universal banking sector’s compliance to regulationsof the BSP?To answer these problems, questions in an Information Systems Survey wereformulated under the following key themes:1) Top Threats and Frauds in the Banking Sector;2) Resources Used by Organizations to Combat Cyber Threats and Frauds;3) Need for Awareness and New Tools Against CybercrimesSignificance of the StudyThere is a need for government to establish tools, methods or approaches inidentifying current and emerging cyber threats and vulnerabilities, and respond to entitiesthat jeopardize the operations of the banking system. Some threats and risks are too complexas to subject the banks to vulnerabilities exposure to operational losses causing tremendousimpact on the banking sector and, inevitably, to national security.This study will be useful to the following:1. Policymakers, particularly the BSP so that they can put the findings intoa public policy context, with implications for actions, particularly incombating cyber crimes affecting the banking sector;2. Banking sector and regulatory bodies, so that they would improve theirinformation security capabilities;3. Researchers and scholars, so that they could replicate this study and enhancethe literature on information security of the banking systems.Scope and Delimitations of the Study For the purposes of this study, the researcher limited the conduct of the informationsecurity systems to the universal banks in the Philippines with focus on computer relatedfrauds. The sample is considered sufficient as the universal banks account for almost 85%- 90% of the national financial infrastructure systems in the country.
  • 192. 192 ICT Development and Cyber Security ReaderReview of Related LiteratureThe customer is the focus of the banking business and the safety of his funds cannotbe compromised at any cost (Gillis, 2010). Given the present knowledge-based, global andcompetitive environment, particularly the speed of the evolution of banking technologysystems, demand of stakeholders for convenience and continuous upgrade of bankingfacilities and their attendant risks has correspondingly become greater. Technology, though, cannot alone keep the customer satisfied. Following the seriesof scandals, frauds, financial scams, irregularities, and misconducts committed by bothcorporate entities and individual fraudsters anywhere and everywhere in the world, “theneed for good corporate governance and application of ethical values and principles in theconduct of business operations at every level of a corporate organization right from top levelis felt more relevant now than before to serve the varied needs, aspirations and expectationsof different segments of stakeholders who have a stake in the healthy functioning of acorporate entity as a socially responsible member of the civil society. Business ethics,professionalism and corporate governance are the important imperatives for survival andgrowth of a modern business organization confronted with multiple challenges. In additionto full disclosure of the workings of the company, a professional and good managementhas to identify and quantify the risk being undertaken by various stakeholders.” (U.S.Department of Commerce, 2004). Indeed, good risk management can help mitigate theimpact of negative outcomes and help companies take advantage of positive ones (Brodeurand Gunnar, 2008).Policy, Legal and Regulatory Framework for Electronic Banking in the Philippines The 1987 Philippine Constitution recognizes “the vital role of communicationsand information in nation-building” (Art. II, Sec. 24). This role can be best contextualizedby considering how the country is composed of over 7,000 islands, millions of overseasFilipino workers and one of the world’s major players in the call center/business processoutsourcing industry. Information and communication technologies (ICTs), as such, playa crucial role in linking Filipinos across the archipelago, linking their families around theworld, and providing crucial support services to companies from different nations (Mendes,et al., 2007). The Bangko Sentral ng Pilipinas was established on July 3, 1993 pursuant to theprovisions of the 1987 Philippine Constitution and the New Central Bank Act of 1993.The BSP took over the Central Bank of Philippines, established on January 3, 1949, as thecountry’s central monetary authority. The BSP enjoys fiscal and administrative autonomyfrom the National Government in the pursuit of its mandated responsibilities.The Philippines is largely dependent on the Information and CommunicationTechnology (ICT) operations. Almost all sectors of the government depend on ICT.The banking sector is the sector which is very much dependent on information andcommunications.In the Philippines the whole sector of the government largely depends on thirdparty providers for their ICT needs. This means that all data and electronic contents of everytransaction shall pass through the channels of an external environment. Thus, exposureto different threats and vulnerabilities is high. In 2000, the Philippines was classified by
  • 193. 193ICT Development and Cyber Security ReaderMcConnel International, a UK based cybercrime analyst, as one of the ten countries in theworld with outstanding cybercrime laws. However, as cybercrimes continue to proliferate,there is a need to amend such laws.Executive Order (EO) 269 created the Commission on Information andCommunication Technology (CICT) which shall be the primary policy, planning,coordinating, implementing, regulating, and administrative entity of the executive branch ofGovernment that will promote, develop, and regulate integrated and strategic ICT systemsand reliable and cost-efficient communication facilities and services. Strict adherence of thebanking sector to all policies and regulations is vital to the success of the banking industry.Both internal and external operations of the bank shall be prudently monitored. As mandated by the Electronic Commerce Act of 2000, the BSP has issued twogeneral Circulars for electronic banking, specifically Circular 240 and 269, Series of 2000.These Circulars set the basic and general rules and regulations for electronic banking servicesin the banking sector. For instance, banks wishing to provide and/or enhance existingelectronic banking services shall submit to the BSP an application describing the services tobe offered/ enhanced and how it fits the bank’s overall strategy. This shall be accompaniedby a certification signed by its President or any officer of equivalent rank and function tothe effect that the bank has complied with the following minimum pre-conditions ( An adequate risk management process is in place to assess, control, monitor andrespond to potential risks arising from the proposed electronic banking activities;b. A manual on corporate security policy and procedures exists that shall address allsecurity issues affecting its electronic banking system, particularly the following:i. Authentication - establishes the identity of both the sender and the receiver;uses trusted third parties that verify identities in cyberspace;ii. Non-repudiation – ensures that transactions cannot be repudiated or presentsundeniable proof of participation by both the sender and the receiver in atransaction;iii. Authorization – establishes and enforces the access rights of entities (both personsand/or devices) to specified computing resources and application functions;also locks out unauthorized entities from physical and logical access to thesecured systems;iv. Integrity – assures that the data has not been altered;v. Confidentiality – ensures that no one except the sender and the receiver of thedata can actually understand the data.c. The system had been tested prior to its implementation and that the test resultsare satisfactory. As a minimum standard, appropriate systems testing and useracceptance testing should have been conducted; andd. A business continuity planning process and manual have been adopted whichshould include a section on electronic banking channels and systems.The Electronic Commerce Act of 2000 (Republic Act No. 8792) has laid down basiclegal and regulatory framework for electronic commerce in general which includes aspectsof electronic banking. Similarly, the General Banking Law of 2000 (Republic Act 8791)mandated the BSP to regulate electronic banking activities. In response, the BSP issued
  • 194. 194 ICT Development and Cyber Security ReaderCirculars 240 and 269 Series of 2000 which provided the basic and general rules andregulations for electronic banking services in the Philippine banking sector. It also builtup its capacity to respond to the needs of the electronic banking environment through theCreation of a Core Information Technology Specialist Group (CITSG) within BSP as thecentral group to address electronic banking issues (Encinas, 2009).Subsequently, the BSP issued Circular 471 in 2005 for the mandatory registration ofRAs/ MCs for AML Compliance, Circular 511 in 2006 on Technology Risk Management tofocus on operational, compliance, reputation and strategic risks associated with tech-relatedproducts, and Circular 542 also in 2006 on Consumer Protection for E-banking, to focus onboard oversight and internal controls on security, authentication, customer origination/verification, monitoring and reporting, disclosure and complaint resolution The BSP’s Guidelines on Technology Risk Management ensure that banks have theknowledge and skills necessary to understand and effectively manage technology-relatedrisks. It contains the following: 1) outline of primary risks related to use of technology; and2) description of risk management process to manage the risks ( /downloads/Regulations / attachments / 2006 / c511.pd). On the other hand, the Consumer Protection for Electronic Banking governs theimplementation of e-banking activities of banks to comply with the requirements to: 1)Safeguard customer information; 2) Prevent money laundering and terrorist financing; 3)Reduce fraud and theft of sensitive customer information; and 4) promote legal enforceabilityof banks’ electronic agreements and transactions. Erring banks and/or its officers shall beimposed monetary penalties and/or suspension of electronic banking activities for failureto seek prior BSP approval and for failure to submit within prescribed deadline requiredinformation/documents. Likewise, in January 2009, the BSP issued Circular 649 regulatingthe issuance of electronic money. The aforementioned BSP initiatives resulted in the increase in electronic bankingactivities (and ATMs) in the banking system. For example, as of December 2005, there wereno rural banks with electronic banking services. As of December 2006, there were already36 rural banks with electronic banking services out of the 80 banks with electronic bankingservice. Most of these e-banking functions of the 36 rural banks are related to mobile phonebanking. (Encinas, 2009). The BSP has the authority to conduct inspection and determine compliance to thesaid provisions. Also, BSP is legally bound to impose penalties on banks that violate andcircumvent the regulations. The following BSP guidelines on bank protection mandate allbanks to adopt an adequate security program commensurate to its operation, taking intoconsideration the size, location, number of offices, and business operations ( Also, as stipulated, the primary objectives of the regulations are designed to:a. promote maximum protection of life and property against crimes (e.g. robbery,hold-up, theft, etc.) and other destructive causes;b. prevent and discourage perpetration of crimes against banks; andc. assist law enforcement agencies in the identification, apprehension, andprosecution of the perpetrators of crimes committed against banks.The guidelines also mandate the manner of designating a security officer of the
  • 195. 195ICT Development and Cyber Security Readerbank. It emphasizes the importance of assuring the competencies of security officers whodirectly report to the president of the bank. Aside from minimum security measures suchas adequate physical security (personnel), banks are also mandated to establish a securityprogram defining measures and procedures in detecting and preventing the commission ofbank crimes, as well as providing contingency plans in case of calamities, terrorist attacks,and other emergency situations. As a matter of procedure, banks are required to submit to the BSP reportsregarding the conduct of reviews and self-assessment of their security programs. Updatedsecurity programs shall also be submitted to BSP for further analysis and feedback. Also,data regarding the crimes and losses incurred by the bank shall be reported to BSP fordocumentation. BSP circulars, however, have not gone to the extent of proposing riskmanagement solutions but allowed them to design their own programs to mitigate risks.Findings Based on Industry StudiesBank Frauds and Cyber Crimes According to the National Cybersecurity Coordinating Office, incidences of cybercrimes in the country have steadily increased from 2003 to 2011, penetrating all sectors ofsociety and posing imminent danger to all technologically- driven sectors. The usual typesof cyber attacks are shown in Table 1. More recent schemes on bank frauds committed through identity theft are “Overthe shoulder looking” scheme (involves the offender observing his potential victim makingfinancial transactions and recording the personal information used in the transaction);“Phishing” scheme (perhaps the oldest form of identity theft stems from the two words“password” and “fishing” that entails sending email scams and mail supposedly from theconsumer’s bank as a way to obtain the consumer’s personal information, social insurancenumber, and in this case their online banking username and password; and “Trojan Horse”
  • 196. 196 ICT Development and Cyber Security Readerscheme (when malicious software (malware) or embeds to a consumer’s computer withoutthe consumer being aware of it in links or as attachments from unknown email sendersand the records, username and password are transmitted to the offender when the accountholder accesses online banking sites.) In an advisory released in January 2011, computer security vendor Trend Micro(Pinaroc, 2011) confirmed several phishing attacks had occurred in the Philippines, mainlyagainst major banks and credit card companies, particularly the United Coconut PlantersBank (UCPB) when security experts retrieved e-mail messages from the UCPB which werefound to be suspicious and contained warnings of “unauthorized attempts” to log into itscustomers’ online accounts. The security company said the messages contained informationon a supposed partnership between the bank and a foreign outsourcing services provider,but the links contained in the e-mail “aimed to collect banking credentials from unwittingusers.” Trend Micro reported that similar phishing cases have been reported by the Bankof the Philippine Islands and Banco de Oro in February 2011 but noted that due to thePhilippines’ comparatively small credit card user base, the problem is not as widespreadas other countries.Types of AttacksAmong the other effects of cyber crimes, web defacement of any sector of thegovernment has the highest percentage of occurrence. Effect of this in the banking sector isperceived to be costly and would even mean loss of profit and bankruptcy.Banking Industry’s Preparedness The BSP issued at guidelines and memoranda in the conduct of electronic bankingin the Philippines.1. Circular No. 240 dated 5 May 2000 which prescribes prior clearance of the BSP beforebanks can provide electronic banking services. Circular No. 240 elaborated all therequirement of the banks prior to engaging in electronic banking. This is to ensurethat the banks have enough resources, adequate risk management, infrastructureand safe and secure medium to handle electronic banking.
  • 197. 197ICT Development and Cyber Security Reader2. Memorandum to All Banks dated 19 June 2000 reiterated the provisions of CircularNo. 240 and reminded the banks of compliance in such provisions.3. Circular Letter dated 8 August 2000 clarified that there are some exemptions to theprovisions of Circular 240. Among these are the electronic banking services engagepurely informational in nature.4. Circular No. 269 dated 21 December 2000 is the amendment of Circular No. 240. Itstrengthened the provisions in electronic banking and requiring more safety andsecurity procedures in handling electronic banking.Online Banking Best Practices The Bank of San Antonio in Texas, USA, despite its sophisticated IT systems,recognize that cyber criminals are likewise becoming extremely sophisticated, and thatcriminal hackers move very, very quickly and the stolen funds are typically not recovered.  Itbelieves that the key to fighting this type of fraud and crime for a company is to take actionto strengthen internal procedures and online banking procedures before becoming thevictim of such an attack. It then suggests the following procedures and tools to help preventcriminals from accessing company accounts:a. Strict monitoring of all accountsb. Implement a system of dual control and approval.  Prior approval dual controlmeans one employee originates/initiates the transaction or batch, and a secondemployee must authorize transaction or batch prior to the Bank processing it. Dualcontrol for initiation does not occur when one person can initiate and approve thetransaction themselves, and a second employee receives the confirmation after themoney has been sent.c. Never share User IDs, passwords, PIN numbers, dynamic tokens, etc., with anyone,and do not leave any such information or items in an area that is not locked/secured. Do not use the login or password for your financial institution on any other websiteor software.d. Obtain and install antivirus, anti-malware and anti-spyware software, and considerinstallation of a firewall. Make sure it is active and automatically updated by thevendor (or take necessary steps to keep it updated). This measure will help protectagainst known viruses, malware and adware, but many viruses, malware andadware are undetectable by such data security programs, so this step is one ofseveral security protection measures that should be followed.e. Limit or eliminate unnecessary web-surfing and/or email activity, includingpersonal activity, on computers used for online banking. Many hacking attacks usesocial networking sites (such as FaceBook) to transmit computer viruses.  Criminalhackers even use information on such social networking sites to “spear phish,” ortarget specific individuals, such as a company’s chief treasury management personor chief financial officer. f. Consider a dedicated computer for online banking that is never used for e-mail orgeneral internet browsing/surfing.
  • 198. 198 ICT Development and Cyber Security Readerg. Educate all personnel on good cyber security practices, clearing the internetbrowser’s cache before visiting the financial institution’s website, and how to avoidhaving malware installed on a computer.  For example, if a media player needs tobe updated, go to the official media player website to install the update.  Clickingon a fake update installation link could just mask a criminal hacker downloadingmalware onto the computer.h. Verify use of a secure session (“https://” and not “http://”), and avoid savingpasswords to a computer.i. Never leave a computer unattended when using any online banking or financialservices, and always lock computer when logging off such sites and leaving itunattended.j. Change, revise and re-visit the IT employees who have “keys to the kingdom”access for user approval, access rights and deleting/adding new users.  Whilemany attacks occur from outside hacking, insider hacking does occur, and dividingor rotating “keys to the kingdom” IT authority can cut down on opportunities forinsider fraud.k. Never access the financial institution’s website for online banking (or any privilegedor sensitive computer system) from a public computer at a hotel/motel, library orpublic wireless access point.l. Understand and carefully control the authorized users and permissions grantedto any of the bank’s employees who are approved for online banking use and areissued unique User IDs, passwords (and tokens, if applicable).m. Immediately report any suspicious activity in the bank’s accounts to Bank personnel;there is a limited recovery window and a rapid response may prevent additionallosses.n. Do not click on a link in any e-mail purported to be sent from Bank; Bank officiale-mails will always instruct user to log in to online banking for updates, instructions,notifications, account statements, etc.o. Be suspicious of e-mails purporting to be from other financial institutions, federal,state or local government departments or agencies, or taxing authorities that requestaccount information, account verification or banking access credentials such asUser IDs, passwords, PIN codes and similar information.  Opening attachments,or clicking on links in such suspicious e-mails, can also expose your computer tomalicious code or malware that will be installed to your computer.  Remember,legal process, subpoenas, and information from government agencies still generallycomes as regular snail-mail. Bank’s online banking website is only scheduledfor downtime for regular maintenance at certain times late in the evening/earlymorning, and never during prime business hours.  If you log into online bankingand receive a message such as “please wait for website update, which will takeapproximately 15-20 minutes,” immediately contact Bank personnel to determineif it is a legitimate delay in online banking services caused by the Bank.
  • 199. 199ICT Development and Cyber Security Reader On the other hand, the Nordics continue to be one step ahead of the other Europeancountries in terms of Internet banking penetration. The estimate is that 43.0 per cent ofbanking customers in the Nordic region bank online, with Germany having the highestnumber of customers banking online (Business Wire, 2007). Egg Banking is a British internet bank owned by Citigroup, with headquartersin Derby and London, England. Egg was born out of Prudential’s initial banking arm(Prudential Banking plc) that had been established in 1996. Egg itself was launched in1998 and is now the world’s largest internet bank in that it is only possible to operate anEgg account over the internet, or via their call centre. Egg specializes in savings, creditcards and general insurance but no longer offers  loans  or  mortgage  products. ( Fineco is an Italian online bank and brokerage. It is the largest online brokerage firmin Italy with over 800,000 customer accounts. It was founded in 1999 and then integratedwith Capitalia. It is now part of the Unicredit Group after its acquisition of Capitalia in 2007.It is a niche player aiming at becoming the bank of choice for digital customers.Alliance & Leicester in an online bank that is now part of Santander, one of the world’sbiggest banks. The lender is enjoying significant success in terms of Internet sales andservicing. The OP Bank Group of Finland focuses on encouraging customers to use onlineself-service functionalities. Finland has one of the highest online banking penetrations inEurope. Providing excellent and advanced banking services has contributed in establishingOP Bank Group as the leading online players in the Finnish banking industry. Being a country which strives for technological innovation, the economic policiesof Hong Kong always is favorable towards attracting new businesses. One aspect of thisattraction is the legislature which governs certain business activities. Hong Kong is onecountry which laid down their own legislature in governing ‘internet banking’ to avoidscams and fraudulent activities which would otherwise make the customers to lose faithin the system and thus the businesses to be less attracted in doing their business. There are several legislatures in Hong Kong that are being enacted to regularize theprocess of internet banking and to avoid any vulnerability that is considered a threat to theprocess. (Hong kong e-commerce legislation, http://www.Lowtax.Net/Lowtax/H tml/Hongkong/Jhkeleg.html)Compliance of the Banking Sector to BSP Regulation.Compliance to the regulations is ordinary to the banking sectors. Meeting theminimum requirements as stipulated in the BSP regulations would suffice their complianceto the provisions. With a primary objective of avoiding penalties and sanctions to be imposedon them by BSP, bank management through the security officers developed a system inmonitoring the compliance of their banks to BSP regulations.However, compliance to the regulations of the BSP does not mean utmost securityfrom the different threats and vulnerabilities of the bank. Data submitted to the BSP bydifferent banks reflected some losses and frauds, both internal and external causes. This
  • 200. 200 ICT Development and Cyber Security Readermeans that the security management being implemented by the banks are far from beingholistic.Some sectors argue that the regulation of BSP is too shallow. A simple implementationof technology, notwithstanding the effectiveness of the system, would already mean stampof compliance from BSP examiners. BSP in its regulation emphasizes the cost implicationsof the systems, so the responsibility of implementing the required security technologies isthe burden of the banking sectors.Core Information Technology Specialist Group (CITSG) of BSP is very strict inthe implementations of regulations pertaining to online banking operations. Stringentrequirement have to be followed before going into operations. Aside from that, all personnelof the group developed expertise in their own field and acquired certifications from reputableinstitutions to be able for them to be equipped and implement the BSP regulations with fullauthority. CITSG maintained the standards that all examiners and auditors of informationsecurity systems are Certified Information System Auditor (CISA).Aside from the BSP, there are other government sectors imposing regulations onsecurity. City or municipal administrators have their own ordinance and regulations forthe implementation of security infrastructures and technologies.Generally, a governmental regulation does not specify what technology is requiredin order to meet its requirements. In fact, many regulations do not even specify any detailsof an effective internal control.Therefore, administrators and compliance officers are left todetermine what methods they will use to meet the often vague requirements within eachregulation.BSP is mandated to conduct examination and inspection of all banks in thePhilippines. All aspects of the banking system are being examined, including the complianceto the BSP rules and regulations regarding bank protection. To ensure compliance, the reportssubmitted by the bank examiners are counter-validated by management.Banking sectors, however, are more focused on regulatory compliance involvingfinancial reporting, security, and data privacy. Achieving compliance alone is simply meetingthe requirements of the law. But improving security management coupled with businessperformance, in the context of compliance, involves using the processes in accordance withand technology changes to help increase the efficacy of the business. This is where the realbenefits of compliance are achieved.Taking full advantage of the opportunity requires an environment that allows“continuous compliance.” It is an integrated approach that helps permanently improvecompliance processes and practices beyond individual projects or efforts. This requirescompliance to be cost-effective, with appropriate controls, proof of controls, and the abilityto securely manage public-facing assets such as security management applications system.This requires a strong security infrastructure that protects the systems, applications, dataand, processes from unauthorized use or access. Companies that commit themselves todeveloping an integrated security management infrastructure for continuous compliancewill initially focus on four critical capabilities: Identity Administration, Provisioning, AccessManagement, and Monitoring and Auditing.
  • 201. 201ICT Development and Cyber Security ReaderSummary of Findings, Conclusions and RecommendationsSummary of FindingsThe summary of the most essential findings of the study are as follows:Objective No. 1: To determine the scale of multi-faceted fraud and threats to universalbanks in the Philippines.· Topping the list of frauds that universal banks experienced in 2010 are Phishing/vishing, credit/debit card frauds incidents, third party POS skimming, and checkfraud incidents.· Fraud losses are measured mainly by the amount of money lost in the fraud incident(thirteen out of fifteen UB’s);· Because of fraud incidents, 60% suffered non-financial losses, particularly concerningregulatory or other compliance issues, and loss of customer confidence andreputational loss (53.3%);Objective No. 2: To assess the industry’s preparedness for evolving threats.· Universal banks detect fraud usually during the actual account audit reconciliationof data, upon third party notification, and during actual transaction. Organization’saction in response to fraud incidents is by increasing efforts to improve customerawareness (100%) and increased internal monitoring (86.67%);· Most of the respondents do not have a way of knowing the impact of electronicfraud on the reputation of the financial service industry;· Majority of the organizations employ a combination of manual reports (86.67%)in-house fraud detection systems (87.67%); and independent fraud detection toolsand technologies (46.67%) as fraud detection tools;· Most of the organizations assign between 6 and 25 people (60%) to fraud prevention;20% between 1 and 5; 13.33% between 25-100; and 6.67% with more than 100;· Majority (86.67%) do not know whether the organization has plans to increase ordecrease resources towards fraud prevention;Objective No. 3: To identify specific strategies and solutions employed by banking/security leaders to fight fraud.· Majority of the organizations intend to use the following technologies as part oftheir organization’s on-going fraud prevention and detection program: end-to-endencryption (73.33%); authentication technologies (53.33%); fraud case managementsystem (43.67%); intrusion prevention technologies (13.33%); others (6.67%).· Majority (86.67%) consider customer awareness emphasizing the techniques usedas the most effective way to prevent fraud: customer awareness emphasizing thetechniques used (86.67%), employee education emphasizing education (80%), andfraud detection tools and technologies (40%);
  • 202. 202 ICT Development and Cyber Security Reader· Majority (66.67%) perceive the effectiveness of the organization’s fraud awarenessprograms for customers as needing improvement (66.67%), while 26.67% perceivethem as extremely effective.Objective No. 4: To determine the extent of compliance of the banking sector, in general,to BSP regulations.· Compliance to the regulations of the BSP does not mean utmost security from thedifferent threats and vulnerabilities of the bank. Data submitted to the Security,Investigation and Transportation Department of BSP by different banks reflectedsome losses and frauds, both internal and external causes. This means that thesecurity management being implemented by the banks is far from being holistic. ConclusionsThe study revealed that cyber attacks in the Philippines are real, although they donot affect as much the liquidity of the banking sector at the moment. Some respondents tothe study, however, warn about the tremendous impact of cybercrime problems on financialinstitutions, and underscored the need to address the problems by mitigating its effects,foremost of which is investing in technology, training of personnel, greater transparencyin addressing such crimes, and increased coordination and cooperation with other sectorsof society.The respondents cite as the biggest hindrance to properly addressing cyber threatsand frauds not primarily the absence of bank regulations and/or policies but more to thehesitance of the banks to cooperate with proper authorities especially in reporting cybercrimeincidences because of reputational risks.While the magnitude of cyber crimes in the Philippine banking system is not as highand do not seem to have significant effects on the banking sector at this point in time, thethreats and perceptions of future attacks at the most damaging magnitude are realistic. Theissue of cybersecurity is something that has to be given attention within every organization;everyone who uses the Internet needs to be aware of the need for cybersecurity. Everybank official should know that insuring the security of their network is fundamental to thecontinued smooth operation of their business.RecommendationsConsidering that banks typically refuse to discuss security issues for fear ofreputation damage and potential liability, and in view of their hesitance for governmentto be involved in the monitoring of private sector networks or internet traffic, the BSPshould formulate policies that increase security while preserving privacy, civil libertiesand innovation.Companies, as well as the education system, should work hard to train on theimportance of cybersecurity by embarking on research and development activities in thefield, focusing primarily on information and communications technology. Awareness andethical practices shall also form part of the teaching curriculum.
  • 203. 203ICT Development and Cyber Security ReaderComputer crimes pose a daunting task for bank security personnel because theyare highly technical crimes. It is also important that bank officials and other members of theorganization are knowledgeable about computer crimes in order to reduce the threat theypose. They should go beyond awareness. All personnel and agencies involved must havea measurable competency, proficiency, licenses, such as AMLC certifications.Banks should hire or outsource certified computer fraud examiners to properlyinvestigate computer related crimes and initiate a proactive approach in mitigating cyberfrauds. Also, all personnel of the banks engage in the electronic banking operations musthave certification such as Certified Information Security Auditor (CISA) or equivalent fromany reputable institution.Considering the dramatic developments in information technologies, there is anurgent need for Philippine legislature to legislate cybercrime laws that would address thenew and difficult challenges presented by such developments, particularly to prohibitcomputer crimes and outline appropriate punishments for those crimes.Lastly, it is strongly recommended that all banks shall strictly follow the banksregulations imposed by the Bangko Sentral ng Pilipinas specifically on the online bankingissues.Recommendation for future studiesFor future studies, the next researcher could focus on the baseline standards forthe technology the banks may implement. Since the cost of technology may impact on thecapitalization of the banks, especially on banks with lower capitalization, the researchermay study the appropriate technological solutions that may have lesser impact on the cost.One area of interest is the creation of a third party network solution that will be centralizedand equipped with a foolproof technology.The future researcher may likewise replicate this study to the other types ofbanks stated in the current list of financial institution being regulated by BSP (see Annex),composing of 18 commercial banks, 73 thrift banks; and 635 rural banks and cooperativebanks, as of April 1, 2011. The future researcher may use the template of this study or anyother techniques applicable for the purpose.Another area of interest could be the assessment on the liabilities and vulnerabilitiesof all internet service providers (ISP) serving the banks. It would be interesting to researchon the safety procedures and risk management aspects of the providers.Implications on National SecurityAny lapses in information security management of the bank make it more vulnerableto frauds and threats exposure. As the computer related frauds evolved and becomingmore organized, the banking system in the Philippines is facing real threats that must belooked at.Strategic approach must be done to avoid any potential damages that would leadto the collapse of the banking sector which is a huge setback to the already strugglingeconomy of the nation.
  • 204. 204 ICT Development and Cyber Security Reader Political. The legal framework and regulatory policies necessary for the adaptationof the key solutions to the stated problems are political in nature. The legislation of cybercrime law will be the strategic guidelines of future decision makings and strategies of thekey actors in the preventions of computer related frauds. Techno-Scientific. The fraud itself is technology driven and innovates in a very fastphase. Generally, technology would be the primary consideration in coping up with thestrategic solutions in the preventions of computer related frauds. However, because of thehigh cost of technology development, it is sometimes being neglected and become secondary.Technology innovations may not be the only solutions to the problem but it poses a veryimportant role in the preventions of computer related frauds and at the same time play animportant role in the national security and development. Economic. The absolute end goal of the study is achieving economic sustainabilitywhich is free from frauds and threats brought about by cyber crimes. The economic activitiesin the country draws it strengths from the stability of the banking sectors. A better bankingsystem would somehow contribute to the economic development of the country. Socio-Cultural. The evolution of computer related frauds affects the social activitiesof the nation. Frauds directly affect the bank customers. With this reality, the effects of itwill ripple down the system and will affect the whole community, as well. Military. Peace and security of the nation will be at stake if the effect of the computerrelated frauds in the banking systems could not be controllable. The military could contributeto the strict implementations of laws that could help in the preventions of frauds.# # #BibliographyBooksCruz, Marcelo (2003). Developing an Operational VAR Model using EVT. In: (Eds.) Advancesin Operational Risk. Second edition, 109-119.London: Risk books in association withSAS UK.Toral, Janette (2009) E-Commerce for Entrepreneurs: Volume 1: Internet User’s Guide toE-Commerce PoliciesUnpublished StudiesAlmogbil, A., (2005). Security, Perceptions, and Practices: challengesfacing Adoption of Online Banking in Saudi. Unpublished Ph.D.D i s s e r t a t i o n , G e o r g e W a s h i n g t o n U n i v e r s i t y , W a s h i n g t o n .Articles in Books, Journals, Newspaper and MagazinesAhuja, Ashal Vashumal (2010) Cyber Crime in Banking Sector, Retrieved 23 April 2011 for International Settlements (2003). Risk management principles for electronic
  • 205. 205ICT Development and Cyber Security Readerbanking, July. Available at Accessed on 10March 2011.Bardoloi, Sabyasachi Bardoloi (2004). Operational risk: A new dictum in financial serviceindustry emerges. 8 March. Available at on 19 March 2011.Bies, Susan Schmidt (2006). BIS review, 62. Geneva: A BIS publication.Brodeu, André Brodeur and Pritsch, Gunnar. Making risk management a value-addingfunction in the boardroom. September. McKinsey&Company. Available at Accessedon 10 March 2011Colville, Robert (May 5, 2011) Weekeend Read: Cyber crime goes global. Computer CrimeResearch Center. Retrieved 04 June 2011 from news/Weekend+Read+Cyber+crime+goes+global/ 4698925/story.html#ixzz1LUz3cZypComscore (2011). Internet banking surges in Southeast Asia. 9 March. Available at / news / 2011-03 – internet – banking – surges - southeast-asia.html. Accessed on 10 March 2011.Encinas, Rogelio (2009). Regulating Mobile Banking: The Philippines Perspective. Availableat Accessed on 10 March 2011.Espenilla, Nestor (2007) Banking supervision and examination in the Philippines. A paperpresented at the Conference: The Financial stability and financial sector supervision:lessons from the past decade and way forward. Organized by IMF Regional Office forAsia and the Pacific (OAP),Keio University-21. Century COE-Market Quality Projectand The Financial Research and Training Center (FRTC) of Japan’s Financial ServicesAgency (FSA), 17 December, Tokyo, Japan. Available at / external/ np / seminars / eng / 2007 / fsa / pdf / s2/9_s2_speak 4bgp.pdfGillis, Art. (2010). What India Provides in Low Labor Rates, U.S. Can Return in HighExperience. 23 November. Availableat on 10 March 2011.Grundy, Emma (1993) Computer Fraud: A People Problem. Journal of FinancialCrime. Retrieved 10 May 2011 from Business Management (2010). An Overview of Internet Banking. Availableat internet - banking.html. Accessed on11 March 2011.Jayamaha, R (2005). BIS Review, 88.Geneva: A BIS publication.Jimenez, Eduardo C. and Roman, Pia Bernadette (2006). Electronic Banking: DeliveringMicrofinance Services to the Poor in the Philippines: Case Study on the Philippines.Available at Jimenez.pdf. Accessed on 10 March2011.Khalfan, A., Yaqoub, S.Y., Alrefaei, Y., Al-Hajery, M. (2006). Factors influencing the adoptionof Internet banking in Oman: a descriptive case study analysis. International Journal ofFinancial Services Management 1 (2), 155–172.Lee, AS (March 12, 2009) Fighting Fraud With Computer Forensics. Security FAQs. Retrieved5 June 2011 from International (2000), Cyber crime . . . and punishment? Archaic laws threatenglobal information, December. Available at Accessed on 10 March 2011.Mendes, Shawn, Erwin alampay, Edwin Soriano and Cheryll Soriano (2007). The Innovative
  • 206. 206 ICT Development and Cyber Security ReaderUse Of Mobile Applications In The Philippines – Lessons For Africa.. SwedishInternational development Cooperation Agency, September.MetricStream, Inc. (2011). Basel II Operational Risk Management Solutions. Available athttp:// Accessed on 10 March 2011.Mukhopadhyay, CS Sushita (April 6, 2010) Cyber Crime and Cyber Terrorism: The need toknow cyberlaws. CA Club India. Retrieved o8 May 2011 from Media Research Group (2007), The online Filipino: Philippine Internet landscape,National ECommerce Congress, Dusit, March.Oprisk & compliance (2006).Volume 7, 27-29. London: Incisive Media publications.Pandey, Dayanand (2006). Operational Risk: Measurement Issues, Basel-II and UAE banks.Paper presented to the 6th Global Conference on Business and Economics. 15-17October. Gutnam Conference Center, USA.Puthuseeri, Vinod (2010) Information Security, Information Security Risk Assessment, RiskAssessment. Available in on 10 March 2011.Spatarella, Joe (January 5, 2010) Online Banking Solutions.Bank Systems and Technology.Retrieved 06 April 2011 from, Ronald B. (2002) Computer Crime. Retrieved 6 May 2011 from, Brian J. (January 14, 2011) Computer crimes can affect your bottom line. DallasBusiness Journal. Retrieved 04 April 2011, from, Dave (2010), CMO at IronKey; Organized Cyber Crime and Corporate BankTakeovers Retrieved from Department of Commerce (2004). Business Ethics: A Manual For Managing AResponsible Business Enterprise In Emerging Market Economies. Washington, DC,USA.Villafuerte, Fitz (2009) Business, Investments and Personal Finance. Available at Accessed on 8March 2011.Yadab, Apoorva (October 3, 2007) Banking Fraud: Preventiona and Control. Ezine Article.Retrieved 08 April 2011 from—Prevention-and-Control&id=772623Official / Government DocumentsBangko Sentral ng Pilipinas (BSP) Circular No. 587 Series of 2007 (11 October 2007): RevisedFormat of Report on Crimes and Losses, and Other Related Policy GuidelinesBangko Sentral ng Pilipinas (BSP) Circular No. 542 Series of 2006 (11 August 2006): ConsumerProtection for Electronic BankingBangko Sentral ng Pilipinas (BSP) Circular No. 269 Series of 2000 (8 December 2000): NewGuidelines Concerning Electronic Banking ActivitiesBangko Sentral ng Pilipinas (BSP) Manual of Regulations for Banks (MORB) Sub SectionX621.1: Grant of Conditional Approval To Provide Electronic Banking Service
  • 207. 207ICT Development and Cyber Security ReaderBangko Sentral ng Pilipinas (BSP) Manual of Regulations for Banks (MORB) Sub SectionX621.4: Grant of Final Approval To Provide Electronic Banking ServiceRepublic Act No. 8484 or An Act Regulating the Issuance and Use of the Access Devices.Prohibiting Fraudulent Acts Committed relative Thereto, Providing Penalties and ForOther Purposes (February 11, 1998)Republic Act No. 8792 or An Act Providing for the Recognition and Use of ElectronicCommercial and Non Commercial Transactions and Documents, Penalties for UnlawfulUse Thereof and for Other Purposes (July 26, 1999)
  • 208. 208 ICT Development and Cyber Security ReaderDIRECTORY OF PARTICIPANTSMR FREDDY TAN CISSP (ISC)2 ftan@isc2.orgCOLONEL ROMEO S BORRES PAF 950 CEISG, Philippine Air Force COL LARRY Z AQUINO AFP Command and General Staff College larryaquino90@gmail.comMR GEORGE C TAN Anti-Money Laundering Council Secretariat VIVIAN F MAGNO Anti-Money Laundering Council Secretariat RACHELLE D ACUPAN ARMCI Solutions & Company rachelle.acupan@bdo-advisory.comBGEN NICOLAS D OJEDA JR AFP (RET) Armed Force & Police Mutual BenefitAssociation Inc (AFPMBAI) ROCKY J BINAG PAF Armed Forces of the Philippines rocky394@yahoo.comSSG RANDEL A GANTALAO Armed Forces of the Philippines gantalaorandel@yahoo.comMR CLAYTON JONES Asia-Pacific (ISC)2 cjones@isc2.orgLTC JEAN A LATOJA WAC Assistant Chief of Staff for Communication, Elec-tronics and Information Systems, MC6 jlatoja@yahoo.comMS DECY L SIAO Bangko Sentral ng Pilipinas PATRICK JOSEPH M SADORNAS Bangko Sentral ng Pilipinas NOELITO C ALBANO (GSC) PA AFP Bids and Awards Committee, AFP noal84@yahoo.comSGT DARIO G PASCUAL PA Caree Management Division, OJ1, GHQ, AFP hacking_1289@yahoo.comMR OCTAVIOUS CAESAR D MACUSI Career Executive Service Board odmacusi@yahoo.comCDR CORNELIO RODEL D MAGO CEISSAFP VICENTE L CEJOCO PN (GSC)CEISSAFPvlcejoco@yahoo.comcondedagdag@yahoo.comENS RANDY O HENGOYON CGWCEISS JOSE B JACINTO JR PCG CGWCEISS, Phil Coast Guard RANIER M ALVARADO CICT, House of Representatives rm.alvarado.24@gmail.comMS OFELIA M PASCUA Claims Division, PVAO ofel.pascua@yahoo.comENS-PCG HENRY U DICHUPA PCG Coast Guard Legal Service, Phil Coast Guard dichupahenry@gmail.comMR CRAIG COVEY Cobra Itech Services Corporation
  • 209. 209ICT Development and Cyber Security ReaderLTC LARRY Z AQUINO PAF (GSC) Command and General Staff College larryaquino90@gmail.com1LT VIRGILIO T PALECPEC JR PAFCounter Intelligence Technical UnitMIG 17, Intelligence Service, AFP17arjaysantos@gmail.coPSUPT LEO M FRANCISCOCriminal Investigation and Detection GroupPhilippine National Police JAMES MARTY O MINGUILLAN PN CSEISB, CID, J2 ROBINA M ASIDO Daily Manila Shimbur robina.acido@gmail.comMR LOUIE C MONTEMAR De La Salle University louiemontemar@gmail.comGHIO ANGELO S ONG Defense Presse Corps ghiongangeloug@gmail.comMR JERRY P RITUAL Department of Energy ELIZAR S CANTUBA Department of Environment andNatural Resources JOSE ESTEBAN C LEIDO Department of Environment andNatural Resources ROBERTO L DE LEON Department of Environment andNatural Resources ESTER A ALDANA Department of Interior and Local Government titel_compt2004@yahoo.comCDR ROGER S GAMBAN PN (RET) Department of National Defense rogergamban@yahoo.comMR AUGUSTO CAESAR S LORENZO Department of National Defense AGNES PERPETUA R LEGASPI Department of Trade and Industry LAMCEL C CARANGUIANDeputy Assistant Chief of Staff forCommunication, Electronics and Information Sys-tems, MC6 lamcelcaranguian@yahoo.comPCSUPT CATALINO B RODRIGUEZ JR DICTIM OLIVER P OBONGEN PN DSMC-DISG berong99@gmail.comMR FEDERICO HERIBERTO C DE LA LLANA MM EDP - IMD, National Security Council HO KYUNG YOO FEU-East Asia College hokyung_yoo94@yahoo.comMR FERDINAND C PALOR Finance Division, Phil Veterans Affairs Office ferdz926@yahoo.comMAJOR REY A GUBANTES PAF Foreign Liaison, OA-2, Philippine Air Force masculado142@gmail.comMS KAREN P AGUIRRE Guidance Unit, FEU-East Asia College kpaguirreinfo@gmail.comMAJOR VALENTINO T AUSTRIA PA HHSC, Army Signal Regiment (P) ARTEMIO A ADASA JR, MNSA House of Representative PHILIP P VILLAMIN House of Representatives vphone@gmail.comMR FELINO D CASTRO V ICT Management Service, DSWD
  • 210. 210 ICT Development and Cyber Security ReaderDIR PHILIP A VARILLA ICTO-DOST ITO ANDRES D NAVARRO IMO, DND SALVADOR M SAMBALILO PN Information Systems Group,NCEISC, NSSC, Phil Navy AVEGALE CECIL G ALCARAZInformation Systems Security Department, Pag-IbigFund / PSINSP ALLAN S CABANLONG Information Technology Management Service NIKKO L DIZON MNSA Inquirer nicolettekn@gmail.comMR MENARDO S GARCIA Intelligence Service, AFPmenardogarcia@yahoo.comTSGT RUBEN A BIRUNG PA Intelligence Service, AFP rabirung@gmail.comMAJ CHRIS V CABADING PA Intelligence Service, AFP xtiansr00@yahoo.comMR HARINDRANATH MEPURATHU International Organization for Migration hmepurathu@iom.intCPT REX C BOLO PA ISG, Philippine Army rexcbolo97@yahoo.comMR MERVIN R BUNAG ISSA Manila Chapter mervin.bunag@gmail.comMR CHINO S RODRIGUEZ IT Resource Mgt Office crodriguez@ateneo.eduLTCOL MARCIANO JESUS C GUEVARA J-staff, AFP, GHQ-AFP /oj7_bat@yahoo.comMS CAROLINA P DELA CRUZ Knowledge Management Division,Department of Health ARIEL O LABRA Law Department, City Govt of Makati atty.arielolabra@gmail.comATTY / P/ENS BLESSIE L TURIJA-PALMOS Legal Service blessiepalmosa@yahoo.comENGR MERLINA PANGANIBAN Makati Mayors Office merlinagp@gmail.comMS ELSIE I ENCARNACION Metro Manila Development Authority FREID RICK C TURINGAN Metro Manila Development Authority ANNABELLE C RAGSAC Mngt Information Systems Division, IMO ROMMEL ANTHONY SD REYES PN N6 Philippine Navy JOEY I NARCISO National Bureau of Investigation joey@joeyinarciso.comMR VICTOR V LORENZO CPA National Bureau of Investigation victorlorenzo38@yahoo.comDIR RAUL N NILO National Computer Center FEDERICO HERIBERTO C DE LA LLANA National Security Council CONG RODOLFO PLAZA MNSA NDCPAAI
  • 211. 211ICT Development and Cyber Security ReaderCOL CARLYZAR DIVINAGRACIA PAF (RES) MNSA NDCPAAI dcarlyzar@hotmail.comLTC DOLORES DE QUIROS - CASTILLO PA (RES)MNSA NDCPAAI dollydqc@yahoo.comMR GAUDENCIO A CANTOS III MNSA NDCPAAI gcantosiii@yahoo.comMR DICKSON G WEE MNSA NDCPAAI / bloatedgenius@yahoo.comMS SHIRLEY MARIE P PLAZA MNSA NDCPAAI shirleypplaza@gmail.comMAJOR JAY JOSEPH C ESPIRITU PA Net Center, ASR(1) IA JOEY T FONTIVEROS PA NETC, ASR (P) fontiverosjt@army.milMR ALFREDO G FRANCO Network Solutions Engineering Group EDUARDO R BARRAMEDA JR PN NISF, PN erbj101@lonaicom.netMR DAVID R LCRUZ OASPP davecruzph@yahoo.comCPT ROMEO M PAZZIUAGAN ODCS FOR CEIS, J6 GEORGE F CATAMEO ODCS for Reservists & Retiree Affairs, J9 rraoja_opns@yahoo.comMAJOR DON MARIA R ANICETE PAF Office for Defense Reform,Department of National Defense donanicete@yahoo.comEVA B DELOS SANTOS Office for Public Affairs evabds25@yahoo.comCOL ARNOLD DF ANDALES PA, MNSA Office of AC of S for CEIS, G6, PA rnold61@yahoo.comMR KELVIN ART T OFRECIO Office of Civil Defense CHARLEMAGNE F BATAYOLA JR PA Office of Strategic & Special Studies Division, AFP yuri10936@gmail.comMAJOR ELMER D HAMAMOTO PA Office of the AC of S for CEIS, G6, PA ERNESTO C FONBUENA JR PAF (GSC)Office of the Deputy Chief of Staff for Communica-tion, Electronics and Information Systems, OG6 JOSE RAYNIL B MAHINAY PAF Office of the Deputy Chief of Staff for Personnel, J1 raynil_m@yahoo.comPROF LEMUEL RODOLFO B BRAÑA Office of the President, Cobra Itech Services Corpo-ration lrbbrana@cobraitech.comMR DEXTER D CONCEPCION Office of the Vice President STEPHEN P CUTLER PHD Official Global Control Corporation steve.cutler@ogcc.biz1LT KAREN LELETH P DIPALING PA OG2, PA kar_dips06@yahoo.comCDR ROBERTO E RUBIA OJ4 amir6177@gmail.comCOLONEL JAIME FERNANDO R HIDALGO PA OJ5, GHQ, AFP /
  • 212. 212 ICT Development and Cyber Security ReaderCOL ERNESTO C FONBUENA JR PAF (GSC) OJG JESSE REY F RIOS Operations Section, Office of Civil Defense - Cordil-lera / civildefense_car@yahoo.comATTY JOSE ANGELO V CUNANAN OUSLLASC gelocunanan@alumni.ateneo.eduMR JAIME L ROQUERO Phil - Star jrlaude@yahoo.comCOMMODORE SALVADOR Q ESGUERRA AFP (RET) Phil Veterans Affairs Office sqesguerra@gmail.comCOL SUSTHENES C VALCORZA GSC (PAF) Philippine Air Force MARVEL C SABELLON PAF Philippine Air Force JUDE P EJERCITO PAF (GSC) Philippine Air Force jude.ejercito@yahoo.comSGT JAN BER M TERRITORIO Philippine Army 1LT IVY M PILONES Philippine Army ivy_06ymra@yahoo.comLTC ROMEO N BAUTISTA III PA Philippine Army JERIC MAXIMO M REYES PA Philippine Army afpps@yahoo.comMR VIRGILIO M GAJE Philippine Information Agency vergaje@yahoo.comLTC EDWARD VINCENT S ARRIOLA PN (M) Philippine Marine Corps JOSE DODJIE C BELLOGA PA Philippine Military Academy dodjieb@pma.phPSSUPT BENJAMIN C ACORDA JR Philippine National Police acorda91@yahoo.comPSSUPT BARTOLOME R BUSTAMANTE Philippine National Police legalbuster@yahoo.comPSSUPT EDWIN JOSE G NEMENZO Philippine National Police PSSUPT RENE D ONG Philippine National Police RUBIN D ATILLO PN Philippine Navy JAN KYLE Q BORRES PN Philippine Navy KRISTINE B SALON PN (M) Philippine Navy JAIME R LAUDE Philippine Star jrlaude@yahoo.comMS MELENDA I LUNA Philippine Veterans Affairs Office vrmd_pvao@yahoo.comMR ROBERT DG LOSABE Philippine Veterans Affairs Office rlsport12345@yahoo.comMS OLIVIA C ALEJANDRINOISA III, MID Philippine Veterans Affairs OfficeDepartment of National Defense olvcruz@gmail.comMR DARIOS S VALLEJOS Planning / IT, Office of Civil Defense Region 3
  • 213. 213ICT Development and Cyber Security ReaderMR ALLAN TIENZO Powerlink allan.tienzo@powerlink.ph1LT MARICHRIS A BELLEZA PA Presidential Security Group SIMOUN S UNG PVB Card Corporation simoun.ung@paybps.comsimoun.ung@osac.phMS ROCHELLE O CHAVEZ RTC Makati cchlechavez@yahoo.comMS AUGUSTA N ALTOBAR SACSO, FEU-East Asia College BEATRIZ G SUMAGAYSAY SACSO-Discipline Unit, FEU-East Asia College GABRIEL B FORTU SACSO-Guidance Unit, FEU-East Asia College JOHN WILMER DG JIMENEZ SACSO-SADU, FEU-East Asia College CEZAR DV GUTIERREZ Senate of the Philippines rasec15g@yahoo.comDIR FD NICOLAS B PICHAY Senate of the Philippines artandlaw.pichay@yahoo.comMR DAVID Y SANTOS Solar News david.yu.santos@gmail.comMS IMELDA M ACOSTA Training Section, OCD Region 1 /sugary14SgMM@yahoo.comMR STUYVESANT LIM TRUSTWAVE slim@trustwave.comMS FLORDELIZA A VIDAURRETA UDO-MAKATI CITY GOVT JEROME GARRIDO Urban Development, Makati Mayors Office jerome.garrido@powerlink.phLAURENT M DE WINTER 2ND SECRETARY, POLITICAL, US Embassy dewintermm@state.govMR KYLE MILLS US Embassy millskg@state.govMR MOISES
  • 214. 214 ICT Development and Cyber Security ReaderNational Defense College of the PhilippinesMissionTo prepare and develop potential national security leadersfor high positions of responsibility and command,and undertake strategic research and policy studiesto enhance national defense and security(PD 190 s. 1973; PD 452 s. 1974; Admin Code of 1987, DC 2 s. 2007)VisionTo be the center of excellence in educational and policy development forstrategic and dynamic leaders in national defense and security by 2022.Functionsa. Undertake an academic program and confer the degree of Master in NationalSecurity Administration (MNSA) or such other appropriate courses upon all itsstudents who have satisfactorily completed the prescribed courses of study;b. Undertake a research program as basis in the formulation of national defenseand security policies;c. Conduct extension program such as non-degree training, seminar-workshops,policy conferences and other similar fora on national defense and securityissues;d. Conduct other programs and projects in support of the mission of the Departmentof National Defense (DND) and its bureaus and offices and other governmentagencies.Join the MNSA Regular Courseand become one of the country’sSCHOLARS and ADVOCATES of NATIONAL SECURITY at the NDCP —“where admission is an honor.”For details, call telephone nos.Office of the NDCP President- (02) 911-8469;Registrar- (02) 912-1510; Academics Division- (02) 912 9117;Research Division-(02) 912-9125; Admin Division (02) 912-1412visit us @