A defensive posture for the Philippines' cybersecurity strategy

The weaponization of cyberspace has triggered new ways to disrupt a country's digital infrastructure, undermine its institutions, and erode public trust.

Unfortunately, the internet has become a venue to launch digital attacks and spread disinformation. Malicious actors have become diverse, ranging from state-sponsored hackers, terrorists and criminal organizations. These entities benefit from the open nature of the internet and the low cost of cyber weapons. 

Moreover, innovations in artificial intelligence (AI) can add another ominous side to this emerging battlespace. For instance, the conflict in Ukraine has become a showcase for cyber warfare.

Since 2014, Russian cyber warriors have deployed digital weapons aimed at disabling Ukrainian infrastructure and weaken its government. The most notable of this is the infamous NotPetya attacks in 2017.

This malware initially targeted the Ukrainian national bank and eventually spread to Europe and North America, causing widespread disruption in global trade. In fact, the White House has estimated the cost of the attack at $10 billion. 

Another interesting case is Taiwan, where its government reports 30 million cyberattacks a day. Due to the escalating tensions with China, this surge in attacks can be seen in socially engineered malicious emails with fake URLs, stealing of sensitive information, and spread of malware through clickbait techniques.  

In general, these low-cost weapons exploit the vulnerabilities in both human behavior and digital systems, resulting in the following: 

(a) Data theft: Individual and proprietary data are often the targets of this insidious act; 
(b) Denial of access to information and services: This type of attack is meant to obstruct access to credible information like news, government websites, etc. 
(c) Disablement of infrastructure: Attacks of this nature are intended to stop the delivery of a service (i.e. power, health services, government) often in an extended time period; 
(d) Undermining of institutions: Digital attacks combined with an elaborate disinformation campaign are devised to weaken resolve and undermine the credibility of governments and institutions. 

The Philippines is not exempt from this phenomenon. The COVID-19 pandemic provides examples of misinformation (or fake news) designed to cause confusion and undermine public health initiatives.

In addition, a 2021 report from the cybersecurity firm Sophos concluded that 69% of surveyed Philippine companies had been victimized by ransomware attacks. The recent hacking incidents affecting law enforcement agencies and one of the country’s digital payment services underscore the importance of adopting a defensive posture for the country’s cybersecurity. 

A cyber defense posture calls for a forward-defense strategy which highlights the importance of preparation, quick reaction, resilience, and deterrence. This proactive stance places emphasis on the importance of preparation -- where vulnerabilities are uncovered and standards are defined. Through audits and sharing of information, this phase aims to identify and address weaknesses in digital systems and gaps in organizational practices.

In addition, its quick reaction function provides a rapid response capability. It is a country’s cyber delta force that is always ready to respond at a moment’s notice, while its resilience side refers to the ability to recover from an attack.  This phase also uses business continuity and IT disaster recovery techniques to ensure that services are immediately restored. 

Finally, the deterrence stage requires states to create responses that will increase the cost of an attack on the perpetrator's side. For instance, developing strong attribution capabilities can deter state-sponsored attackers due to possible political, economic, and diplomatic backlash. 

Another crucial element of a cyber defense posture is leadership. For this, governments are called to be the catalyst for collective defense. Collective defense in the cyber sense means that critical sectors are identified, standards are defined, and a mechanism for information sharing is established.

Incentives also play a significant part in encouraging the participation of various stakeholders. Furthermore, the whole of society concept is often used in collective defense.  This is reflected in the private sector’s role in establishing best practices. These are often codified and shared across a sector.

For example, the creation of a common classification of cyberthreats for the banking industry can provide warnings to banks and their customers. Threat leveling can also encourage sectors to develop actions based on industry-accepted practices.  

In addition, the academe plays an important role in research, the development of educational programs, and the support of sandboxing venues like hackathons, white hat hacking among others. For its part, civil society organizations must ensure that cyber defense initiatives remain citizen-centric and that basic rights are protected. Due to its broad and complex nature, countries like the United States, Canada, UK, and Singapore have created dedicated agencies to oversee this domain. 

For all its positive attributes, cyber defense can be a divisive concept. Governments with fragmented policies, standalone mindset, and that use a “siloed approach” in implementing programs will find it difficult to adopt this posture. In addition, conflict in institutional mandates, traditional accountability practices, outdated organizational structures and culture are some of the barriers to the realization of this strategy.  

Today, the Marcos administration is completing its national security strategy. This document is expected to define the country's security agenda for the next five years. In addition, the Department of Information and Communications Technology (DICT) is also finalizing its national cybersecurity strategy. I believe that these are excellent opportunities to reexamine our assumptions and have an open mind on cyber defense.  

Sherwin Ona is a non-resident fellow of think tank Stratbase ADR Institute. He is also an associate professor and chairperson of the Political Science Department of De La Salle University.