Bicol-based congressmen are pushing for the institutionalization of a dedicated fund for the mitigation of cybersecurity risks as well as the prevention of digital attacks on government offices and private businesses.

The authors, led by Camarines Sur 5th district Rep. Migz Villafuerte and 2nd district Rep. Luigi Villafuerte, filed House Bill (HB) No. 2826 for this purpose.

The solons' proposed Cybersecurity Risk Management and Mitigation Fund (CRMMF) shall be used for managing imminent or actual cyber attacks, including threat identification and detection, incident response, system recovery and protection, and other related works or services.

According to the Villafuertes, 30 percent of the CRMMF shall be set aside as a Quick Response Fund for the immediate restoration of affected critical information infrastructure (CII).

This is composed of the country’s computer and ICT systems and processes essential to the continuous delivery of vital services. However, these have become at risk from phishing, ransomware and social engineering attacks, along with the rise of new threats from Artificial Intelligence (AI) such as deepfakes.

Also known as "The Cybersecurity Act,” HB No.2826 says the specific amount of the CRMMF and the appropriate recipient-agencies shall be determined upon approval of the President, in accordance with the favorable recommendation of the National Cybersecurity Agency (NCSA). This is a new agency being proposed by the measure.

Otherwise known as “The Cybersecurity Act,” HB 2826 was introduced by the Villafuertes with Rep. Tsuyoshi Anthony Horibata and Bicol Saro Rep. Terry Ridon.

The Villafuertes pitched the NCSA and the CRMMF as Department of Information and Communications Technology (DICT) Secretary Henry Aguda revealed that the government foiled Distributed Denial of Service (DDoS) attacks on Philippine banks last Nov. 5.

Nov. 5 is observed as the Guy Fawkes Day, or annual hacking day wherein hacking activities, digital attacks and online protests happen across the world as a form of cyber activism.

“The CRMMF shall be used for cybersecurity risk mitigation, prevention, and preparedness activities such as but not limited to training of personnel, procurement of equipment, and capital expenditures,” Migz, chairman of Committee on Information and Communications Technology, said.

He said this fund “can also be utilized for the management of imminent or actual cybersecurity threats which may occur during the current fiscal year or those that occurred in the past two years from the current fiscal year".

New legislation on cybersecurity is among the 44 priority measures under the Common Legislative Agenda (CLA) that President Marcos drew up with Congress leaders during the first Legislative-Executive Development Advisory Council (LEDAC) meeting last Sept. 30 at Malacañang.

Luigi, a deputy majority leader, said that under HB No.2826, “All departments or agencies that shall be allocated with funds from the CRMMF shall submit to the NCSA monthly statements on their utilization of CRMMF and make an accounting  of such disbursements in accordance with existing accounting and auditing rules.”

He says the proposed CRMMF shall fund the operations of their bill-proposed National Computer Emergency Response Team (NCERT), which is “the group of information security experts and practitioners responsible for responding to cybersecurity incidents of organizations, with the aim of minimizing the impact or damage and ensuring recovery of affected CII systems".

The NCERT shall be a quick-response team with a robust capability to promptly detect, analyze and mitigate cyber incidents affecting national security or public interest and to work with relevant government agencies, private sector entities, and international partners for coordinated incident response.

Also, the NCERT shall enhance cyber threat intelligence and situational awareness; establish a liaison network of CERTs among government agencies to support the implementation of the NCSA’s mandate; and perform vulnerability assessment and penetration testing initiatives to detect, identify, and analyze cyber threats and to properly attribute cyber-attacks against CIIs.

All national government agencies (NGAs), government-owned and -controlled corporations (GOCCs) and local government units (LGUs) are mandated by HB No.2826 to adopt cybersecurity baselines and designate Chief Information Security Officers in their respective institutions to ensure institutional resilience.

The Villafuertes said that nowadays, governments and businesses have become highly vulnerable to increasingly pernicious attacks on cyberspace. This has made the creation of a quick-response NCSA a must for building a robust defense infrastructure to shield individuals and organizations from cyberattacks, they said.

Camarines Sur 5th district Rep. Tsuyoshi Anthony Horibata and Bicol Saro Party-list Rep. Terry Ridon served as co-authors of HB No.2826.