MANILA, Philippines — Partido Reporma chairman and standard-bearer Sen. Panfilo “Ping” Lacson welcomed a decision of the National Privacy Commission (NPC)’s to investigate the alleged hacking and data breach at the Commission on Elections (Comelec).
“If the hacking is true, it may have a huge implication on the May 9 elections,” Lacson said.
He instructed his in-house cyber security team to cooperate with the NPC investigation and share what leads it may gather.
“It is critical that we get to the bottom of this issue so all of us will be enlightened,” Lacson said in an interview over radio dzME.
He said his cyber-security team is following some leads, including a Facebook post dated Nov. 21 last year, but noted there is nothing conclusive so far.
Still, he said he instructed the team to extend assistance to the investigation by sharing its leads with the NPC, which is to hold a clarificatory meeting on Jan. 25.
Meanwhile, poll watchdog National Citizens’ Movement for Free Elections (Namfrel) said the hacking issue has to be carefully investigated.
Namfrel has been informed that the data reportedly downloaded appear to be those that will be used to set up the automated election system (AES) and that the preparation of the data set has yet to be completed.
Stakeholders including candidates, political parties, observation groups, and IT professionals, have raised concerns as the reported hacking of the Comelec servers raised questions on the integrity of the AES that will be used for the May elections and cast doubt on the capability of Comelec to secure the elections.
“The issue must be fully investigated and resolved at the soonest time possible,” Namfrel said.
It urged the Comelec to consult with IT security experts in investigating and resolving the incident.
Namfrel asked the poll body to set up an incident response team that will develop a proactive incident response plan (IRT), conduct vulnerability assessment of the Comelec’s technology infrastructure including the AES, resolve system vulnerabilities, implement strong information security practices and address information security incidents.
“The AES is a mission critical system and any reported incident of hacking into the AES must be quickly responded to. – Rhodina Villanueva