Many Philippine government servers remain to be vulnerable as hackers continue to leak data from poorly protected websites. The recent Office of the Solicitor General data leak was not the first, early September this year, another group of hackers breached the security of the server of the OSG. MalaikatHati a hacker believed to be from Indonesia defaced career.osg.gov.ph and posted: "We hack this site to inform about the vulnerability of your site. Please patch your security, A big vulnerability found at your site". A warning that was obviously not taken seriously by the agency as more than a month later, Phantom Troupe, a Pinoy hacking group, went inside the server using the same vulnerability exploited by the Indonesian hacker. According to Phantom Troupe, the group downloaded more than nine thousand files that include personally identifiable information of people applying for a job at the OSG.
... the National Security Council was hacked in 2019 exposing sensitive information to unknown hackers.
Since the first .gov.ph site was hacked in 1999, government agencies have vowed, promised, and pledged to go after the hackers. A few were arrested but eventually released for lack of evidence; some suspected attackers were arrested and presented to the media but eventually were released because the cases against them were dismissed.
The latest hacking incident on the OSG will not be the last if the government will not work together to secure the country's cyber space. Let's not forget of the following high profile hacks that happened against some of our government servers:
- It is an open secret to the country's cybersecurity community that the National Security Council was hacked in 2019 exposing sensitive information to unknown hackers.
- The Armed Forces of the Philippines was hacked not only once or twice but a lot of times since last year up to the present.
- The Philippine government portal .gov.ph was defaced by the same hacker who downloaded sensitive information from the Office of the Solicitor General recently.
- Tech4Ed a project of the DOST was breached last year allowing hackers to download more than four million lines of data.
- The government web hosting service (GWHS) is now a hacker's playground because of misconfiguration.
- A lot of government websites are misconfigured that sensitive information is leaked regularly.
- Lastly, the COMELEAK the biggest security data leak in the history of the country could be put to shame as another leak could happen if the people concerned will not act on the information they received from the Ph security community. COVID-19 data from contact tracing apps are in danger of being exposed.
-o0o-
The Philippines has a National Cybersecurity Operations Center says former DICT Assistant Secretary
Former DICT Assistant Secretary Allan S. Cabanlong, the author of the National CyberSecurity Plan 2022 was surprised when he learned from the news that Gen. Hermogenes Esperon Jr. the National Security Adviser and Director General of the National Security Council said that the country has no cybersecurity operations center. His first reaction was that Esperon was misquoted because he personally briefed Esperon about some of the things asked during the senate hearing.
Cabanlong said a National CyberSecurity Operations Center or NCSOC is a comprehensive centralized facility to monitor CyberSecurity threats on a national level. NCSOC employs people, processes, and technology to continuously monitor and improve the country's security posture while preventing and responding to cybersecurity incidents, threats and events. This according to Cabanlong has already been operational in the country thru DICT since late 2019 and shared to government agencies, private corporations, and critical information infrastructure of the country through the Cybersecurity Management System Project or CMSP, a national platform for intelligence sharing to monitor threats and defend the country's infostructure from ever-increasing cyber threats and cyber-attacks. "Aside from monitoring, NCSOC can also investigate cyber threats to critical information infrastructure and coordinate with Law Enforcement for proper action" Cabanlong added.
Here's what Former ASec Cabanlong posted on his Facebook account:
This post is in reply to the Senate Inquiry of Sen Grace Poe on the National CyberSecurity Plan(NCSP) of 2022 and the Establishment of the National CyberSecurity Operations Center (CMSP Project) operated by the Philippines National CERT (CERT-PH)
The CMSP is projected to release timely information on any Cyber Threats to our country. Said information provides actionable intelligence to government agencies, private companies and individuals on how to protect their networks; systems and personnel on current threats and find solutions to suppress the threat thru the information sharing platform of CMSP.. Release of Information has been color coded with reference to international acceptable norms of Information sharing.
In NCSP2022 governance framework, the delineation of functions of vital agencies have been clarified. DICT will lead for Protection thru a NCERT, NBI & PNP will lead the Enforcement together with DOJ for Prosecution and the DND/AFP will lead for Cyber Defense and establish a cybercommand; the reference to the organization of the AFP CyberGroup.
Every functional group should create its own Cyber strategy; cybercrime strategy for the PNP/NBI/DOJ group; CyberDefense Strategy for the DND and AFP group; DICT will assist Critical Information Infrastructure (CII) group in crafting their CyberSecurity strategy related to CII function e.g ENERGY CyberSecurity strategy.
In my 2years and 8 months stint with the DICT as the Assistant Secretary for CyberSecurity and Enabling Technologies, i was able to accomplish much to kick start the CyberSecurity of the Philippines. I authored the NCSP2022, Built and Designed the CMSP, implemented various programs on CyberSecurity with the academe, supported law enforcement cybercrime suppression activities among others.
All I ask to the ones who replaced me is to continue this advocacy for the good of our country. CyberThreats are invisible and TIMELY detection is important so we can prevent it.
Cyberattack is not a matter of IF but WHEN! Create strong cyber Policies and doctrines, before you can create additional technical projects! Go back to the drawing board and rethink if the NCSP 2022 has been faithfully implemented. Politics should come later after we protect our cyberspace and national security! Im here to Help!
-o0o-
When asked about the news about the National Security Adviser's answer during the hearing. Cabanlong said, "Maybe its worth mentioning on the part of the DICT that they should have been able to inform and update NSA thru the National CyberSecurity InterAgency Committee (NCIAC) about all these things especially the updates on CMSP. NCIAC is meeting regularly."
The Cybersecurity Plan 2022 was more than one year in the making and it was ready and working when Cabanlong left the office.
"I already gave them the directions what to do before I left. Implement na lang at ayusin process", he added.