Cybercrime , Fraud Management & Cybercrime , Geo Focus: Asia
Philippines to Hike Up Security Budgets After Cyberattacks
Recent Attacks on Government Agencies, House Lawmakers Trigger Spending IncreaseFilipino authorities pushed for higher funding support for the country's cybersecurity agency and other government agencies in the wake of multiple agencies suffering data breaches due to targeted cyberattacks.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Elizaldy Co, a member of the House of Representatives and chairman of the House Appropriations Committee, said on Monday that the government aims to provide additional funds to the Department of Information and Communications Technology and other agencies to boost their capacity to combat cybercrime.
The announcement comes a month after the government set the agency's budget at PHP 8.8 billion or $155 million, slightly lower than the PHP 9 billion or $158 million the department received in 2022.
The government also allocated PHP 326 million to the Cybercrime Investigation and Coordinating Center, which was lower than the previous year. Both agencies requested additional funding, but the government maintained that they must first improve their rate of utilization. DICT used only 67% of its allocated budget in financial year 2022-23.
The government said in September that the budget should meet DICT's needs, but a series of cyberattacks targeting government agencies forced a quick shift in thinking. The latest cyberattack on Sunday involved malicious actors defacing the website of the House of Representatives.
Cybercriminals have targeted and breached several high-profile government agencies and departments in the Philippines since April, including the Philippine Health Insurance Corp., the Department of Science and Technology, the Philippine Statistics Authority and the Philippine National Police.
Cybersecurity company Cyfirma said the Philippines faces significant cybersecurity challenges in the form of ransomware attacks and cyberespionage attacks from Russian, Chinese and North Korean state actors. The most significant attacks this year included China's People's Liberation Army exfiltrating data from a prominent manufacturing and electronics company and targeting government institutions related to trade, defense and external affairs.
Cyfirma said the Philippines continues to face numerous geopolitical threats because of its close ties to the United States, its location in the South China Sea and its feud with China about sovereignty over the Scarborough Shoal in the South China Sea.
The National Defense College of the Philippines said in June that state-sponsored cyber operations, such as those conducted by China's Naikon APT group, pose a major cybersecurity threat to civilian and government agencies.
"With the Philippines' claim on the West Philippine Sea, Naikon's operations certainly impact the country's efforts to pursue its national interests. In all, a cyber defense strategy will aid the Philippines in navigating the geopolitical environment, which is plagued by these kinds of threats and attacks from APT groups," wrote Christine Lisette M. Castillo, a defense research officer with the NCDP's Research and Special Studies Division.
Alexie Tutor, another member of the House of Representatives, said DICT has limited budget and personnel and therefore must work with Interpol and security agencies in the U.S., Japan and ASEAN countries to secure the country's institutions. Tutor said DICT could with the U.S. Department of Justice. "Our country does have international bilateral and multilateral anti-crime agreements and arrangements which could be activated," she said.
DICT said it will use its allocated budget for 2023 to provide cybersecurity and vulnerability assessment and testing services to 60 Filipino government agencies and reduce the response time to less than two hours for 90% of cybersecurity incidents.
In July, the agency released its five-year national cybersecurity plan for public consultation. The plan focuses on strengthening the security of critical information infrastructure, providing more convergence among government agencies to secure their digital infrastructure, increasing the cybersecurity workforce, and enhancing international cooperation in cybersecurity.