11-The Philippine National CyberSecurity Plan and...
Transcript of 11-The Philippine National CyberSecurity Plan and...
![Page 1: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/1.jpg)
![Page 2: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/2.jpg)
CONTENTS
1 History of CyberSecurity in the Philippines
23
The National CyberSecurity Governance Framework
The National CyberSecurity PlanStrategic DriversFocal Areas – Critical Infostructure, Government,
Businesses, and IndividualsKey Enablers – Manpower, Industry, R&D, Domestic
and International Collaboration
![Page 3: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/3.jpg)
CONTENTS
4 Key Strategic Imperatives
5 Strategic Collaboration
Enhance Security and Resilience of CII and government public and military networks to deal with sophisticated attacksIncrease efforts to promote adoption of CyberSecurity measures among individuals and businessesGrow Pool of CyberSecurity Experts
National Level CommitteePublic-Private PartnershipInternational Collaborations
![Page 4: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/4.jpg)
![Page 5: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/5.jpg)
2000 2001 2003 2005 2007RA 8792, Electronic Commerce Act of 2000
Creation of PHCERTConvention on Cybercrime/ Budapest Convention
Creation of Computer Crime Section of the PNP
Growing number of hacking attacks
& cybercrimes were recorded
I Love YouVirus
First cybercrime conviction under
the E-Commerce Law
Growth in cybersex and
child trafficking cases
HISTORY OF CYBERSECURITY IN THE PHILIPPINES
![Page 6: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/6.jpg)
2009 2012 2014 2015 2016RA 9775,Anti-Child Pornography Act of 2009RA 9995,Anti-Photo and Video Voyeurism Act of 2009
RA 10175, Cybercrime Prevention Act of 2012
RA 10173, Data Privacy Act of 2012
RA 10175 suspension lifted
DOJ Reported that 9 out of 10 Filipinos
are victims of various forms of
cybercrime ranging from hacking attacks
to online scams
Election Breach
Bank Heist
EO 189 s. 2015, Creating the National CybersecurityInter-Agency Committee
HISTORY OF CYBERSECURITY IN THE PHILIPPINES
RA 10844, Department of Information and Communications Technology Act
![Page 7: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/7.jpg)
1992
1998
2000
2003
2004
2009
2012
Laws enacted that are technology-related
![Page 8: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/8.jpg)
1992
1998
2000
2003
2004
2009
2012
RA 7610Special Protection of Children
against Abuse Act
![Page 9: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/9.jpg)
1992
1998
2000
2003
2004
2009
2012
RA 8484
Access Devices Regulation Act
![Page 10: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/10.jpg)
1992
1998
2000
2003
2004
2009
2012
RA 8792
ElectronicCommerce Act
![Page 11: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/11.jpg)
1992
1998
2000
2003
2004
2009
2012
RA 9208
Anti-Trafficking Act
![Page 12: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/12.jpg)
1992
1998
2000
2003
2004
2009
2012
RA 9262Anti-Violence against
Women and Children Act
![Page 13: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/13.jpg)
1992
1998
2000
2003
2004
2009
2012
RA 9775Anti-Child
Pornography Act
RA 9995Anti-Photo and
Video Voyeurism
![Page 14: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/14.jpg)
1992
1998
2000
2003
2004
2009
2012
RA 10173Data
Privacy Act
RA 10175Cybercrime
Prevention Act
![Page 15: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/15.jpg)
![Page 16: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/16.jpg)
CyberSecurity in the Philippines should be
divided according to its major CyberSecurityResponsibilities: Law Enforcement, Protection and National Defense
Law Enforcement
Network Protection
Intelligence Community
DOJ-NBIDILG-PNP
DICTCICC
NICA
DND / AFPNSC
National Defense
Identify CriminalsPreserve EvidenceProsecute
Disseminate BroadlyEnsure Timely Release
Defend the CountryProtect Military Networks
AttributionAdvise and Inform
Decision Makers
CommunityAgency/
Organization Emphasis
![Page 17: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/17.jpg)
Cyber Security Maturity Model
Source: Presentation of Robert Lentz Former CISO US Department of Defense
![Page 18: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/18.jpg)
Where are we now? Tools based Reactive / Manual
How do we get there? Crafting of the National CyberSecurity Strategy, Policies, Plans and Programs Establishment of NCERT and Implementation of
other Programs defined in the National Cybersecurity Plan
What do we want to achieve?Cyber Resilient Philippines
![Page 19: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/19.jpg)
DRIVERS
![Page 20: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/20.jpg)
Attacks to CIIBank Heist, Navigation Systems Manipulation,Control of Electronic Medical Equipment and Records,
Override of Oil and Gas Systems
Attacks toGovernment Infostructure
Hacking resulting in Data breachDefacement of PH Government Agencies
Websites
Sophistication of Cyber Attacks
APT, DDoS, SPAM, Spear Phishing,Social Engineering
![Page 21: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/21.jpg)
![Page 22: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/22.jpg)
Making Critical Infostructure(CII) Trusted and Secure
Making Government Information
Environment Secure
Making Businesses and Supply
Chains more Secure
Making Individuals Aware and
Secure
#CyberResilientPH
#CyberToughPH
#CyberAssurancePH
#CyberSafePH
National Targets:
![Page 23: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/23.jpg)
To systematicallyharden CII forResiliency
To prepare and secure government ICT
Infostructure (Public and Military)
To raise awareness of cyber risk and use of security measures
among businesses to prevent andprotect, respond and recover from attacks
To raise awareness on cyber risks among users as they are
the weakest links, they need to adopt the right norms in
CyberSecurity
![Page 24: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/24.jpg)
Develop CybersecuritySkills and Knowledge
(Human Capital)CISO sa Departamento
Promote CybersecurityDevelopment in
IndustriesNurture Cybersecurity
Research & Development
Strengthen CybersecurityDomestic and International
Collaboration
Public and Private Partnership
KeyENABLERS
![Page 25: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/25.jpg)
Key Strategic Imperatives
![Page 26: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/26.jpg)
Key Strategic Imperatives
Protection of Critical Infostructure
(CII)
Protection of
Government Networks
(Public and Military)
Protection of Businesses and Supply Chains
Protection of Individuals
![Page 27: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/27.jpg)
Critical Infostructures
![Page 28: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/28.jpg)
Computer Emergency Response Program
IncidentResponse
DigitalAnalytics
ActionableIntelligence
Early WarningSystem
![Page 29: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/29.jpg)
Strategic CollaborationINTERNATIONAL
COLLABORATION Enhanced international law enforcement and
judicial cooperation against cybercrime-information sharing Law Enforcement Trainings Training for Judges and Prosecutors Increased public/private and interagency
information sharing in line with cybersecuritystandards Increased collaboration between and among
CERTs
NATIONAL LEVEL COMMITTEE
National Cybersecurity Inter-Agency Committee
Cybercrime Investigation and Coordination Center
PUBLIC PRIVATE
PARTNERSHIP
Public Private Partnership Forums
![Page 30: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/30.jpg)
International Cooperation
Cyber Security JCSWG
ASEAN TELMINCyberSecurity
MalaysiaAPCERT
JAPAN-ASEAN
CyberSecurityWorking Group of ASEAN Defense
Ministers (ADMM)Bilateral Security and
Defense Partnership (USA)CAMP
BUDAPEST ConventionINTERPOLASEANAPOLEUROPOLUSDOJ
Cyber Crime
![Page 31: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/31.jpg)
![Page 32: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/32.jpg)
Q1 Q2 Q3 Q4
NCERT& GCERT
ComprehensiveCISO Program
NationalDatabase forMonitoring
And Reporting
CIIDatabase
Q1 Q2 Q3
RiskAssessmentEvaluation
Criteria
DatabaseOf Risk
AssessmentResults
Implementationof Cyber Training
Facilities Plan
Phase I Phase II
Phase III
Q4
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
ComprehensiveCERT Program
ComprehensiveProgram for
CybersecurityEducation
Cyber DrillsDatabase on
Analytics
Database for inventory ofphysical facilities, hardware,
software and people
Database ofCII National
RiskRegisters
Cyber TrainingFacilities
PlanDatabase ofVulnerability Assessment
Results
Audit results of CII that were
identified and prioritized during
Q4 2017
SEPTEMBER2018
JULY2018
JANUARY2017
DECEMBER2017
JANUARY2018
DECEMBER2018
2017 2018
![Page 33: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/33.jpg)
Q1 Q2 Q3 Q4
Feasibility StudiesFor the Threat
Intelligence andOperations Center
Q1 Q2 Q3
Comprehensive Programfor Local and International
Cooperation
Phase IV Phase V
Phase VI
Q4
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
ComprehensiveProgram for Threat
IntelligenceAnd Operations Center
Audit results of Government
Agencies prioritized with critical systems
and frontline agencies (e.g. BID,
DFA, DOH, etc.)
Audit results of NGAs and LGUs that are connected to the
government networks (e.g. iGov PH)
SEPTEMBER2020
JULY2020
JANUARY2019
DECEMBER2019
JANUARY2020
DECEMBER2020
2019 2020
![Page 34: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/34.jpg)
Tactical Work PlanN AT I O N A L C Y B E R S E C U R I T Y P L A N 2 0 2 2
12.08.2016
Launching of the NCSP 2022
01.23.2017
Round Table Discussion
Memorandum Circular
03.20.2017
National Cybersecurity Inter-Agency
Council (NCIAC) Meeting
05.02.2017
Publication of NCSP 2022Release of
Memorandum Circular
![Page 35: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/35.jpg)
Quick Wins
Launch the NCSP 2022 Publish the NCSP 2022 Release a Memorandum Circular to implement NCSP 2022 Activate the National Computer Emergency Response Team (NCERT)
![Page 36: 11-The Philippine National CyberSecurity Plan and NCERT2017.cert.org.cn/Upload/image/20170605/20170605073706_41630.pdf · 2009 2012 2014 2015 2016 RA 9775, Anti-Child Pornography](https://reader034.fdocuments.us/reader034/viewer/2022052313/5ad930af7f8b9a9d5c8e4650/html5/thumbnails/36.jpg)
THANK YOU!