By Tracy Cabrera
MANILA — In realizing government’s lack of measures to counter cyber security threats confronting the country, senators have raised the alarm for “grave concern” over the issue, especially with the prospective entry of a telecommunications company that is partly owned by People’s Republic of China.
In a statement, Senate public services committee chairperson Senator Grace Poe-Llamanzares expressed dismay over the admission of officials from the Department of Information and Communications Technology (DICT), as well as the National Security Council (NSC), that the Philippines still did not have sufficient mechanisms in place to combat cyber security warfare that is raging around the world.
“This really is the problem. We’re talking about the franchise of Dito Telecommunications, and one of the issues being brought forth—and I think fairly—is how do we protect ourselves, knowing that a certain percentage of ownership is owned by a foreign national,” Poe-Llamanzares pointed out.
“How can the government assure us that they have given a fair assessment of our safety, of our sovereignty, if we don’t even have a proper cyber security group that does the assessment?” she added during the online hearing on the franchise applications of Taguig-based Dito Telecommunity Corporation (formerly Mindanao Islamic Telephone Company) and Instant Data Technologies from San Antonio, Texas.
The lady senator was reacting sharply to statements from the DICT and the NSC headed by secretary Hermogenes Esperon Jr. that supposedly indicated that no government entity was handling cyber security concerns.
“I know, Secretary Esperon, you’re drafting this and that, but when it comes to the actual mechanism in place, should we have a threat, there’s really no plan,” Poe said.
“So how can we say that we are safe when we do not have a mechanism to determine that we are safe or not?” she queried.
In response, Esperon clarified that the cyber security group of the Armed Forces of the Philippines (AFP) was performing the function of assessing the prevailing threats of cyber attacks.
“That’s why we need to fund the DICT so that they could have an operations center for lawful intercept,” the former Philippine Army commanding general said.
For her part, Sen. Risa Hontiveros aired her grave concern over the presence of ‘state-sponsored’ hacking in foreign countries, mainly China-based groups that are carrying out attacks on behalf of the Chinese government.
She quoted reports that the China-based hacking group, code-named Naikon, had been “quietly carrying out a five-year cyber espionage campaign” against governments in the Asia-Pacific region, including Australia, Indonesia, the Philippines, Vietnam, Thailand, Myanmar and Brunei.
But just as Hontiveros asked Esperon if the NSC had monitored the activities of Naikon, the secretary said he did not hear her question because of connection problems. This prompted Poe-Llamanzares to state in jest that the glitches could be part of sabotage.
“What is ironic is that (this happens) as they’re saying things that are important. Secretary, I think a message is being sent out,” she said Poe, addressing the national security adviser.
Hontiveros reiterated her apprehension on the grant of a franchise to Dito Telecom, which is 40 percent owned by ChinaTel.
“ChinaTel is not a private corporation (but) a proxy of a Chinese regime intent on pushing its weight around and imposing its will upon the region,” she pointed out.
Under Chinese law, a Chinese corporation is obliged to cooperate in intelligence-gathering efforts, Hontiveros said.
“By allowing a proxy of the Chinese government to set up networks in the country, as well as facilities in our military camps, it is reasonable to conclude that a state-sponsored hacking group can easily get one foot in our door,” the lady senator said.
Telecommunications engineer Pierre Galla of Demoracy.net.ph said the country had not yet established a “cyber defense doctrine” to guide the AFP and the intelligence community in combating threats in the digital landscape, including those posed by state-sponsored hacking groups.
According to Galla, the DICT set up a Cybersecurity Management System Project to serve as a security operation center for the DICT, Office of the President, NSC, Presidential Communications Operations Office (PCOO), National Intelligence Coordinating Agency (NICA) and the defense, finance, energy, foreign affairs and budget departments.
“But it seems that because of the lack of mention of this security operation center, maybe it’s not running. Maybe it is an expensive paperwork that we’ve thought of setting up,” he opined.
Due to a number of “sensitive” issues on national security that resource persons declined to answer, the Senate committee agreed to hold a separate ‘executive session’ but not online in deference to a comment by Sen. Juan Miguel Zubiri that “for all we know, if we hold the executive session online, our lines will still be hacked.”
Poe-Llamanzares likewise called out executives of the second franchise applicant, Instant Data, whose president failed to go online for the hearing because of ‘connectivity issues.’ (AI/MTVN)