TECH4GOOD
Today, wars can be started using a computer mouse instead of bullets. That is the gist of the message of DICT Secretary Ivan John Uy during the recent launch of the Philippine National Cybersecurity Talent Workforce Assessment Report. “It is for this reason that the Philippines should strengthen its capacity to withstand foreign cyber aggression,” he continues.
Taking into mind the case of the two Balkan states that were recently sent back to analog by unprecedented cyber-attacks, we should all be asking ourselves, “Is the Philippines ready for a cyber war?” Do we have the plans, assets, and skills necessary to fight a cyber war? Is cybersecurity a top priority for everyone: the government, the business sector, organizations, and individuals? Do we have the right policies in place to ensure that we have a working national ecosystem in place?
The case for preparing for cyber warfare and maintaining cybersecurity is very broad. It is not just about ensuring national security but should also consider the economic implications, especially for a leading global hub for IT and BPO services like the Philippines, and the general safety of everyone using the internet.
For today, we initially focus on the availability of cybersecurity talent in the country necessary to safeguard the critical information infrastructure (CII) of our country. CII is usually defined as those ICT resources, that when compromised or destroyed, shall have a devastating impact on national security, economy, and public safety.
The report was done by IBM Consulting and commissioned by the United States Agency for International Development (USAID) through its Better Access and Connectivity (BEACON) project. The report assesses the current state of the Philippine cyber workforce and the national ecosystem supporting the workforce. It also presents recommendations on how the country can address the current challenges of the cybersecurity ecosystem due to gaps in cybersecurity workforce development.
The report highlights the persisting dearth of cybersecurity professionals in the Philippines which is seen as a growing national risk. It also presents actions that can be taken to drive talent development across government, industry, and the academe. If properly executed, these strategic actions can position the Philippines to seize emerging opportunities toward building global leadership in cybersecurity services and products leveraging on the country’s current status as a destination of choice for supplying outsourced IT services.
The situation is not exclusive to the Philippines. A recent ISC2 report states that there are up to four million vacancies globally today for cybersecurity professionals. In the ASEAN region, the Philippines ranked fourth in terms of the number of Certified Information Systems Security Professionals (CISSP) is concerned with 202 as of 2021. CISSP is considered by many as the gold standard in information systems security certification. Singapore tops the list with 2,804. What is alarming, however, is the fact that among the top IT and BPO services countries, the Philippines is ranked 10th. This put at risk the growth aspirations of the country’s IT and BPO sectors.
The gaps do not only center on the lack of certified cybersecurity talents. The government, a very critical sector, does not even have dedicated job roles for cybersecurity staff unlike in the private sector where the top Information Systems Security position is usually made part of ExCom. There is also the issue of very high attrition rates primarily due to better opportunities abroad for these professionals. But the major cause of the shortage is the underdeveloped talent pipeline.
I agree with most of the recommendations given in the report to address the shortage of cybersecurity talent in the country. Among them are programs intended to develop a larger talent pipeline where children are encouraged to take on technology as a career and increase their level of cybersecurity awareness. Cybersecurity awareness should also be encouraged among employees and all educational institutions. The report also calls for the Civil Service Commission to develop job descriptions and salary grades for cybersecurity roles. DMB will also have to do its part by having the organizational structure and staffing plans of the government bureaucracy include the appropriate cybersecurity jobs.
I also concur with some of the jump-start recommendations of the report. Among them is the creation of a separate cybersecurity-focused agency under the Office of the President, making the pay scale of cybersecurity job roles in government competitive, the conduct of cybersecurity legal training for judges and prosecutors, and the creation of a national multi-sectoral cybersecurity consortium answerable to the President.
The reason for all of us to act fast is compelling. Three out of four Philippine businesses have suffered a cyber-attack according to a Kroll report. Kaspersky studies say phishing emails in the country have increased this year and, in 2021, the Philippines was the fourth most targeted country by cyber criminals. Losses can reach ₱6.15 billion per day if our critical information infrastructure is successfully breached, according to a recent study by secure connections.
The growing threat and damage of cybersecurity attacks are clear. The report says it is no longer a matter of “if” but a matter of “when.”
(The author is the lead convenor of the Alliance for Technology Innovators for the Nation (ATIN), vice president of the Analytics Association of the Philippines, and vice president, UP System Information Technology Foundation.)