CONTENTS

1 History of CyberSecurity in the Philippines

23

The National CyberSecurity Governance Framework

The National CyberSecurity PlanStrategic DriversFocal Areas – Critical Infostructure, Government,

Businesses, and IndividualsKey Enablers – Manpower, Industry, R&D, Domestic

and International Collaboration

CONTENTS

4 Key Strategic Imperatives

5 Strategic Collaboration

Enhance Security and Resilience of CII and government public and military networks to deal with sophisticated attacksIncrease efforts to promote adoption of CyberSecurity measures among individuals and businessesGrow Pool of CyberSecurity Experts

National Level CommitteePublic-Private PartnershipInternational Collaborations

2000 2001 2003 2005 2007RA 8792, Electronic Commerce Act of 2000

Creation of PHCERTConvention on Cybercrime/ Budapest Convention

Creation of Computer Crime Section of the PNP

Growing number of hacking attacks

& cybercrimes were recorded

I Love YouVirus

First cybercrime conviction under

the E-Commerce Law

Growth in cybersex and

child trafficking cases

HISTORY OF CYBERSECURITY IN THE PHILIPPINES

2009 2012 2014 2015 2016RA 9775,Anti-Child Pornography Act of 2009RA 9995,Anti-Photo and Video Voyeurism Act of 2009

RA 10175, Cybercrime Prevention Act of 2012

RA 10173, Data Privacy Act of 2012

RA 10175 suspension lifted

DOJ Reported that 9 out of 10 Filipinos

are victims of various forms of

cybercrime ranging from hacking attacks

to online scams

Election Breach

Bank Heist

EO 189 s. 2015, Creating the National CybersecurityInter-Agency Committee

HISTORY OF CYBERSECURITY IN THE PHILIPPINES

RA 10844, Department of Information and Communications Technology Act

1992

1998

2000

2003

2004

2009

2012

Laws enacted that are technology-related

1992

1998

2000

2003

2004

2009

2012

RA 7610Special Protection of Children

against Abuse Act

1992

1998

2000

2003

2004

2009

2012

RA 8484

Access Devices Regulation Act

1992

1998

2000

2003

2004

2009

2012

RA 8792

ElectronicCommerce Act

1992

1998

2000

2003

2004

2009

2012

RA 9208

Anti-Trafficking Act

1992

1998

2000

2003

2004

2009

2012

RA 9262Anti-Violence against

Women and Children Act

1992

1998

2000

2003

2004

2009

2012

RA 9775Anti-Child

Pornography Act

RA 9995Anti-Photo and

Video Voyeurism

1992

1998

2000

2003

2004

2009

2012

RA 10173Data

Privacy Act

RA 10175Cybercrime

Prevention Act

CyberSecurity in the Philippines should be

divided according to its major CyberSecurityResponsibilities: Law Enforcement, Protection and National Defense

Law Enforcement

Network Protection

Intelligence Community

DOJ-NBIDILG-PNP

DICTCICC

NICA

DND / AFPNSC

National Defense

Identify CriminalsPreserve EvidenceProsecute

Disseminate BroadlyEnsure Timely Release

Defend the CountryProtect Military Networks

AttributionAdvise and Inform

Decision Makers

CommunityAgency/

Organization Emphasis

Cyber Security Maturity Model

Source: Presentation of Robert Lentz Former CISO US Department of Defense

Where are we now? Tools based Reactive / Manual

How do we get there? Crafting of the National CyberSecurity Strategy, Policies, Plans and Programs Establishment of NCERT and Implementation of

other Programs defined in the National Cybersecurity Plan

What do we want to achieve?Cyber Resilient Philippines

DRIVERS

Attacks to CIIBank Heist, Navigation Systems Manipulation,Control of Electronic Medical Equipment and Records,

Override of Oil and Gas Systems

Attacks toGovernment Infostructure

Hacking resulting in Data breachDefacement of PH Government Agencies

Websites

Sophistication of Cyber Attacks

APT, DDoS, SPAM, Spear Phishing,Social Engineering

Making Critical Infostructure(CII) Trusted and Secure

Making Government Information

Environment Secure

Making Businesses and Supply

Chains more Secure

Making Individuals Aware and

Secure

#CyberResilientPH

#CyberToughPH

#CyberAssurancePH

#CyberSafePH

National Targets:

To systematicallyharden CII forResiliency

To prepare and secure government ICT

Infostructure (Public and Military)

To raise awareness of cyber risk and use of security measures

among businesses to prevent andprotect, respond and recover from attacks

To raise awareness on cyber risks among users as they are

the weakest links, they need to adopt the right norms in

CyberSecurity

Develop CybersecuritySkills and Knowledge

(Human Capital)CISO sa Departamento

Promote CybersecurityDevelopment in

IndustriesNurture Cybersecurity

Research & Development

Strengthen CybersecurityDomestic and International

Collaboration

Public and Private Partnership

KeyENABLERS

Key Strategic Imperatives

Key Strategic Imperatives

Protection of Critical Infostructure

(CII)

Protection of

Government Networks

(Public and Military)

Protection of Businesses and Supply Chains

Protection of Individuals

Critical Infostructures

Computer Emergency Response Program

IncidentResponse

DigitalAnalytics

ActionableIntelligence

Early WarningSystem

Strategic CollaborationINTERNATIONAL

COLLABORATION Enhanced international law enforcement and

judicial cooperation against cybercrime-information sharing Law Enforcement Trainings Training for Judges and Prosecutors Increased public/private and interagency

information sharing in line with cybersecuritystandards Increased collaboration between and among

CERTs

NATIONAL LEVEL COMMITTEE

National Cybersecurity Inter-Agency Committee

Cybercrime Investigation and Coordination Center

PUBLIC PRIVATE

PARTNERSHIP

Public Private Partnership Forums

International Cooperation

Cyber Security JCSWG

ASEAN TELMINCyberSecurity

MalaysiaAPCERT

JAPAN-ASEAN

CyberSecurityWorking Group of ASEAN Defense

Ministers (ADMM)Bilateral Security and

Defense Partnership (USA)CAMP

BUDAPEST ConventionINTERPOLASEANAPOLEUROPOLUSDOJ

Cyber Crime

Q1 Q2 Q3 Q4

NCERT& GCERT

ComprehensiveCISO Program

NationalDatabase forMonitoring

And Reporting

CIIDatabase

Q1 Q2 Q3

RiskAssessmentEvaluation

Criteria

DatabaseOf Risk

AssessmentResults

Implementationof Cyber Training

Facilities Plan

Phase I Phase II

Phase III

Q4

Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4

ComprehensiveCERT Program

ComprehensiveProgram for

CybersecurityEducation

Cyber DrillsDatabase on

Analytics

Database for inventory ofphysical facilities, hardware,

software and people

Database ofCII National

RiskRegisters

Cyber TrainingFacilities

PlanDatabase ofVulnerability Assessment

Results

Audit results of CII that were

identified and prioritized during

Q4 2017

SEPTEMBER2018

JULY2018

JANUARY2017

DECEMBER2017

JANUARY2018

DECEMBER2018

2017 2018

Q1 Q2 Q3 Q4

Feasibility StudiesFor the Threat

Intelligence andOperations Center

Q1 Q2 Q3

Comprehensive Programfor Local and International

Cooperation

Phase IV Phase V

Phase VI

Q4

Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4

ComprehensiveProgram for Threat

IntelligenceAnd Operations Center

Audit results of Government

Agencies prioritized with critical systems

and frontline agencies (e.g. BID,

DFA, DOH, etc.)

Audit results of NGAs and LGUs that are connected to the

government networks (e.g. iGov PH)

SEPTEMBER2020

JULY2020

JANUARY2019

DECEMBER2019

JANUARY2020

DECEMBER2020

2019 2020

Tactical Work PlanN AT I O N A L C Y B E R S E C U R I T Y P L A N 2 0 2 2

12.08.2016

Launching of the NCSP 2022

01.23.2017

Round Table Discussion

Memorandum Circular

03.20.2017

National Cybersecurity Inter-Agency

Council (NCIAC) Meeting

05.02.2017

Publication of NCSP 2022Release of

Memorandum Circular

Quick Wins

Launch the NCSP 2022 Publish the NCSP 2022 Release a Memorandum Circular to implement NCSP 2022 Activate the National Computer Emergency Response Team (NCERT)

THANK YOU!