National Cybersecurity Risks: Senator Tulfo emphasizes his concern over potential cybersecurity threats tied to the procurement of Chinese equipment by the National Grid Corporation of the Philippines (NGCP). He stresses the potential danger of hidden computer viruses within the hardware.
Foreign Influence on National Infrastructure: The State Grid Corporation of China's 40% stake in NGCP brings to light the issue of foreign ownership and potential influence on critical national infrastructure. This ownership stake might bring potential security concerns.
The Need for a 'Technical Deep Audit': Undersecretary David Almirol underscores the need for a comprehensive 'technical deep audit' of devices before they're installed. This highlights a need for more rigorous equipment inspection to ensure system integrity and security.
Improved Cybersecurity Measures in Government Agencies: Both Senator Tulfo and Undersecretary Almirol emphasize the need for enhanced cybersecurity measures within Philippine government agencies. This broader issue of national cybersecurity stresses the need for ongoing vigilance and system upgrades.
Senator Tulfo expresses concerns over national cybersecurity risks amid Chinese equipment in NGCP
DICT Undersecretary David Almirol emphasizes the need for a 'technical deep audit' to ensure the integrity and security of devices, urging advanced cybersecurity measures in government agencies
At a glance
In a recent Senate hearing focused on strengthening internet connectivity and ensuring safe technology use within the country, Senator Raffy Tulfo raised concerns regarding potential cybersecurity risks. He highlighted the State Grid Corporation of China's 40% stake in NGCP and the equipment procured from China. Tulfo presented a scenario where a computer virus could be hidden within hardware, suggesting a potentially severe threat to national cybersecurity.
Senator Tulfo said, "It's truly very dangerous that almost all our NGCP equipment is made in China and in Chinese characters."
Responding to Senator Tulfo's statement, DICT Undersecretary David Almirol, Jr. acknowledged that such a scenario is "very possible."
Usec. Almirol further explained, "We don't even know that when the equipment arrives here, it may already contain a 'listener.' There may already be a 'listener' embedded. It doesn't hack, but every time you input data, it passes through and is also collected by it."
In cybersecurity, a "listener" refers to a process or service waiting to receive inbound connections or data.
For example, in a network, a listener can be a server actively waiting for incoming client requests. In a database context, a listener might be waiting for queries or data transmission requests. In both cases, the listener is set up to respond when a particular event (like a client request or a data transfer) occurs.
However, in what Undersecretary Almirol refers to, a "listener" can also be a part of a command and control system used in exploits. In this case, an attacker may set up a listener to wait for connections from a payload or backdoor installed on a target system. Once the target system "calls back" to the listener, the attacker can execute commands, exfiltrate data, or perform other malicious actions.
If the equipment Sen. Tulfo is referring to has listeners, here's what it can do:
In the context of legitimate use:
- Accept Connections: One of the main functions of a listener is to wait and accept incoming network connections. When a client tries to connect to a server, the listener on the server side accepts the connection and often passes it to the appropriate service or application.
- Facilitate Communication: Once a connection is established, a listener can help facilitate two-way communication between the client and server. It can receive incoming data, process it if necessary, and forward it to the appropriate place.
- Manage Sessions: A listener can manage multiple connections or sessions simultaneously. It keeps track of the status of these connections and can handle requests to close a session when it's no longer needed.
- Redirect Requests: In some cases, a listener can redirect incoming requests to other servers or services. This can be useful in load balancing, where incoming connections are distributed among multiple servers to ensure no single server is overwhelmed with too much traffic.
In the context of malicious usage:
- Receive Payloads: When used by an attacker, a listener can be set up to wait for and receive connections from a malicious payload or backdoor installed on a target system.
- Command and Control: After receiving a connection from a compromised system, a listener can allow an attacker to execute commands on the target system, exfiltrate data, or carry out other malicious activities.
Knowing all these, I fully support the call of Undersecretary David Almirol when he endorsed the idea of a comprehensive inspection of these devices, referred to as a "technical deep audit." However, he confessed that this procedure is not currently being carried out. He said, "A technical deep audit should be performed on all equipment before they are installed. I don't believe we're currently doing that."
In essence, Undersecretary Almirol recommends a more rigorous evaluation of incoming hardware to ensure the integrity and security of the systems, echoing a broader need for advanced cybersecurity measures in Philippine government agencies.
It's important to note that while listeners can be used for malicious purposes, they're also a fundamental part of how networked systems operate and are not inherently harmful. Like many tools in the world of cybersecurity, the ethical implications depend mainly on how they're used.