By Liezelle Soriano

The Supreme Court has issued guidelines directing all courts, judiciary offices, Justices, judges, court officials, and employees to observe strict security protocols, remain vigilant in identifying and reporting suspicious cyber activities, and adopt a set of guidelines on the observance of proper cyber hygiene.

Acting Chief Justice Marvic Leonen signed Administrative Order No. 150-2023 to minimize the incident of cyber threats, ordering the judiciary not to open unknown links sent in email; practice routine changing of passwords, and report suspicious activities.

“Judiciary employees should be cautious when sharing their personal information online and they should only use applications from trusted sources,” said Leonen.

“Additionally, Judiciary employees should read the privacy policy of any application before using it and should be aware of how their data will be used. By taking these precautions, Judiciary employees can help protect themselves from potential privacy and security risks,” he added.

Earlier, systems of government agencies and the website of the House of Representatives have been hacked.

(ai/mnm)

AMID the unresolved hacking incident at the Philippine Health Insurance Corp. (PhilHealth), Senator Sherwin Gatchalian has urged both government agencies and private sector entities to bolster their cybersecurity defenses.

Gatchalian emphasized the critical need for safeguarding vital information infrastructure and called for compliance with international cybersecurity standards and best practices.

To address these concerns, Gatchalian has introduced Senate Bill 2066, also known as the Critical Information Infrastructure Protection Act.

This legislation mandates all covered critical information institutions (CII) to implement robust measures safeguarding their information and communications technology (ICT) systems.

It also requires the Department of Information and Communications Technology (DICT) to establish and update information security standards, with CII institutions obligated to adhere to these standards.

Additionally, the National Computer Emergency Response Team (NCERT) will be designated as the central authority for computer emergency response teams in the country.

The NCERT will administer a centralized information security incident reporting mechanism that spans various industries, including banking, finance, broadcast media, emergency services, energy, healthcare, telecommunications, and transportation, among others.

Experts have expressed concern about the scale of the PhilHealth data breach. Winthrop Yu, chair emeritus of the Internet Society’s Philippine Chapter, noted that cyber attackers had already released a significant amount of data, raising questions about the breach’s extent. Customized cybersecurity solutions and increased employee training in cyber hygiene are recommended, as off-the-shelf solutions may not suffice.

Lito Averia, president of the Philippine Computer Emergency Response Team, emphasized the importance of proper training and awareness among employees to recognize and thwart cyber threats. He also suggested implementing technical measures like network segmentation and regular data backups to prevent large-scale data breaches.

Gatchalian stressed the growing reliance on digital technologies in the Philippines, particularly in the wake of the Covid-19 pandemic.

Filipinos are increasingly using digital services, and the e-commerce sector is experiencing significant growth. With this increased digital activity, Gatchalian highlighted the heightened risk posed by cyber threats, ranging from casual scammers to sophisticated state-sponsored actors who target ICT systems and networks for various malicious purposes. (ai/mnm)