DICT: National government agencies need own cybersecurity teams | ABS-CBN
Welcome, Kapamilya! We use cookies to improve your browsing experience. Continuing to use this site means you agree to our use of cookies. Tell me more!
DICT: National government agencies need own cybersecurity teams
DICT: National government agencies need own cybersecurity teams
ABS-CBN News
Published Oct 08, 2023 10:53 AM PHT
|
Updated Oct 08, 2023 12:46 PM PHT
MANILA - The Department of Information and Communications Technology (DICT) on Sunday said national government agencies should have their own cybersecurity response teams as the threat of cyberattacks increases.
MANILA - The Department of Information and Communications Technology (DICT) on Sunday said national government agencies should have their own cybersecurity response teams as the threat of cyberattacks increases.
DICT Undersecretary Jeffrey Ian Dy said that while the Philippines has a National Computer Emergency Response Team (NCERT), that team "could not handle" all government agencies in need.
DICT Undersecretary Jeffrey Ian Dy said that while the Philippines has a National Computer Emergency Response Team (NCERT), that team "could not handle" all government agencies in need.
NCERT is a unit under the DICT that receives, reviews, and responds to computer security incidents.
NCERT is a unit under the DICT that receives, reviews, and responds to computer security incidents.
"We... have to rely, kahit maliit na group lang, let's say 7 people, in every large national government agency," Dy told Teleradyo Serbisyo.
"We... have to rely, kahit maliit na group lang, let's say 7 people, in every large national government agency," Dy told Teleradyo Serbisyo.
ADVERTISEMENT
(Even just a small group of, say, 7 people in every large national government agency.)
(Even just a small group of, say, 7 people in every large national government agency.)
"We respond to more than 3,000 events, or cybersecurity issues nationwide, mula January hanggang August. Pero ang mga tao namin puro mga [job order]" he added.
"We respond to more than 3,000 events, or cybersecurity issues nationwide, mula January hanggang August. Pero ang mga tao namin puro mga [job order]" he added.
Job order staff do not have security of tenure, are paid less and do not have mandatory benefits, according to workers' groups like COURAGE who oppose labor contractualization.
Job order staff do not have security of tenure, are paid less and do not have mandatory benefits, according to workers' groups like COURAGE who oppose labor contractualization.
Dy said that since government agencies do not have their own cybersecurity response unit, that means that "we are sharing resources from the national level."
Dy said that since government agencies do not have their own cybersecurity response unit, that means that "we are sharing resources from the national level."
PHILHEALTH BREACH
Dy said they could have responded to the ransomware attack on Philippine Health Insurance (PhilHealth) Corp.'s system sooner "if we have the correct tools."
Dy said they could have responded to the ransomware attack on Philippine Health Insurance (PhilHealth) Corp.'s system sooner "if we have the correct tools."
"Nag-down 'yung online system ng PhilHealth for more than a week. I think mababawasan siya ng mga 3 days kung mayroon tayo ng klase ng automated tools that will make our analysis faster," he said.
"Nag-down 'yung online system ng PhilHealth for more than a week. I think mababawasan siya ng mga 3 days kung mayroon tayo ng klase ng automated tools that will make our analysis faster," he said.
It took PhilHealth a while to restore its systems because of the lack of capacity and tools to analyze its cybersecurity "environment," as the system is linked to the eGovPH app.
It took PhilHealth a while to restore its systems because of the lack of capacity and tools to analyze its cybersecurity "environment," as the system is linked to the eGovPH app.
He said individual computer units had to be checked to make sure they were free of the Medusa malware.
He said individual computer units had to be checked to make sure they were free of the Medusa malware.
"Kung kumalat 'yun, ko-konnect 'yun sa amin. Yung DICT, connected din sa other agencies," he said.
"Kung kumalat 'yun, ko-konnect 'yun sa amin. Yung DICT, connected din sa other agencies," he said.
"That is why PhilHealth took longer to up those systems. 'Yun yung naging problema doon."
"That is why PhilHealth took longer to up those systems. 'Yun yung naging problema doon."
Dy stressed the importance of confidential funds in their agency to fight data leaks and other ransomware attacks. The agency is asking for P300 million for next year.
Dy stressed the importance of confidential funds in their agency to fight data leaks and other ransomware attacks. The agency is asking for P300 million for next year.
The National Privacy Commission on Saturday said it has launched a deeper investigation into the data breach that hit PhilHealth after initial analysis found that it involved 734GB of data, an amount that it described as staggering.
The National Privacy Commission on Saturday said it has launched a deeper investigation into the data breach that hit PhilHealth after initial analysis found that it involved 734GB of data, an amount that it described as staggering.
It said that the investigation will look into the accountability of PhilHealth officials for the breach, which may have partly been caused by expired antivirus software.
It said that the investigation will look into the accountability of PhilHealth officials for the breach, which may have partly been caused by expired antivirus software.
The NPC said that its Complaints and Investigation Division found “sensitive personal information” among the data that was affected by the breach.
The NPC said that its Complaints and Investigation Division found “sensitive personal information” among the data that was affected by the breach.
ADVERTISEMENT
ADVERTISEMENT
