The National Citizens’ Movement for Free Elections (Namfrel) said the reported hacking of the Commission in Elections (Comelec) servers must be fully investigated and resolved at the soonest time possible.
In a statement, the poll watchdog group cited how the reported hacking raised concerns among stakeholders including candidates, political parties, observation groups, and IT professionals.
"The reported hacking of Comelec servers raises questions of integrity of the automated election system (AES) that will be used for the upcoming national and local elections and cast doubt on the capability of Comelec to secure the elections," Namfrel said.
The group then recommended that the Comelec consult with IT security experts in investigating and resolving the reported incident.
It also recommended the setting up of an Incident Response Team (IRT), whose primary responsibility includes developing a proactive incident response plan, conducting vulnerability assessment of the Comelec’s technology infrastructure including the AES, resolving system vulnerabilities, implementing strong information security practices, and addressing information security incidents.
"The AES is a mission critical system and any reported incident of hacking into the AES must be quickly responded to," Namfrel said.
"Among other plans that the IRT must develop is a quick response communications plan that will cover incidents like the 7-hour data outage which happened in 2019 and the recently reported hacking incident," it added.
On Monday, Comelec Spokesperson James Jimenez said they are already validating the allegations of the article published by the Manila Bulletin, specifically whether Comelec systems have, in fact been compromised.
"The article alleges that the hackers were able to 'download files that included, among others, usernames and PINS of vote-counting machines (VCM).' The fact, however, is that such information still does not exist in Comelec systems simply because the configuration files - which includes usernames and PINs - have not yet been completed. This calls into question the veracity of the hacking claim," he said.
Jimenez said its also important for the poll body to verify such report.
"When you say data breach in Comelec, people will really get nervous. That's why it is important to us that we validate it and in case the report is wrong, of course someone will be responsible for that ... because all of a sudden they issue a report without verification," he said.