Shared Responsibility in Securing the Digital Future of Filipinos
Atty. Richard Leo M. Baldueza
07 December 2023
Introduction
The COVID-19 pandemic drastically sped up the shift to digital transactions in the public and private sectors. Due to the lockdown measures implemented by the government, doing transactions online was no longer a preference but a necessity. People were forced to migrate to a system where they could perform their necessary transactions without leaving their homes. As a result, people who have avoided transacting online found themselves learning to pay their bills, transfer their funds, or even order necessities online.
However, the surge of digital transactions also exposed inherent dangers in uncharted systems: cybersecurity threats and cybercriminals. Together with population segments who lack basic technological know-how, such as older adults and technology-averse individuals, digital fraud is more likely to happen.
The subscriber identity module or SIM card registration has yet to reach 100% and the national identification (ID) system completion seems distant in the Philippines, making it a haven for cybercriminals. Therefore, there is a need to revisit government policies to deal with these emerging cybersecurity threats. Without innovative approaches, cybercriminals have exponentially leveled up their modus operandi to the point that they almost get away with their deeds scot-free. Thus, there is a pressing need to equip legislative officers and staff with the proper information and tools to ensure they are well-versed in the operational milieu of the current digiscape.
To meet this challenge, the Development Academy of the Philippines (DAP) held its fifth and final installment of the Thursday Talks Lecture Series entitled, “Safe and Sound: Protecting Filipinos in the Digital Future” under the Capability Building on Innovative Leadership for Legislative Staff (CBILLS) Program on 21 September 2023.
Securing Digiscape For An Efficient E-Government
Engr. Pierre Tito Galla, the Cybersecurity Lead of Better Access and Connectivity (BEACON) Activity at the United States Agency for International Development (USAID) Philippines and co-founder of Democracy.Net, focused on the global cybersecurity perspective in e-governance during the first session of the lecture. He discussed the basic features of the information technology (IT) data system – Confidentiality, Integrity, and Availability (CIA). He highlighted the need for resilience, especially in an environment where numerous attackers were anonymous, innovative, and relentless. Engr. Galla also reminded everyone that with technology moving at a breakneck pace, it was only a matter of time before security breaches could happen in all systems. Therefore, in fortifying systems in the 21st century, Information and Communication Technology (ICT) should be distributed, redundant, and decentralized. These are the key features that can help protect the system from cyber-attacks.
Trust in the system is crucial to encouraging system use and ensuring user confidence. However, he lamented the absence of cybersecurity professionals who could address this pressing need. Unsurprisingly, Filipinos skilled in IT prefer to work abroad and harness their talents elsewhere. It is the familiar story of the brain drain phenomenon where experts and highly trained individuals move outside the country for better opportunities. Without timely intervention, the global and national shortage of cybersecurity professionals will continue. Hence, Engr. Galla encouraged us to rethink the policy opportunities in this area.
Furthermore, Mr. Tirso Raymond Gutierrez, Chief of Staff under the Office of the Undersecretary for e-Governance of the Department of Information and Communications Technology (DICT), presented how the government applied digital transformation systems and solutions in delivering services to the public. He highlighted our government’s awareness of the cybersecurity situation and said it has an approved plan to deal with it in the short, medium, and long terms. Mr. Gutierrez also shared that they have employed a multi-sectoral, multi-agency, and citizen-centric approach to this problem. With everyone’s help, he said they were confident we could protect our digital landscape against cybercriminals.
Addressing and Mitigating Cyber Risk in the Digital Financial Landscape
The second lecture session presented government and private sector case studies on securing the digital financial landscape by discussing regulations and other initiatives in mitigating cyber risk. Director Melchor Plabasan of the Technology Risk and Innovation Supervision Department of the Bangko Sentral ng Pilipinas (BSP) shared that the previously high number of unbanked people decreased due to the pandemic. About 56% of the adult population currently has financial accounts since we have been forced to adapt to the new digital transaction system. However, he admitted that cybercrime has exponentially increased along with the general population’s uptick in digital transaction use. For example, he mentioned that around 31% of the cases in 2022 Reports on Crimes and Losses (RCL) were “Card Not Present” (CNP) fraud, where users reported the unauthorized use of their credit or debit cards even though these were still in their possession. Undoubtedly, much work must be done to ensure that access to these accounts remains restricted and exclusive to the subscriber or customer. Director Plabasan joined the first two speakers in advocating for a cybersecurity system that is Cohesive, Agile, Risk-based, and Proportionate, as these qualities will eventually help protect our digital future. Lastly, he reminded everyone, private and government sectors, to constantly engage or collaborate in mitigating cyber risk.
Atty. Christine Lovely Red-Allego, Assistant Vice President for Government Relations of the Bank of the Philippine Islands (BPI), provided a glimpse of what the private sector was doing to mitigate the cyber risks. Firstly, she assured everyone that the private sector is leaving no stone unturned to ensure the integrity of its systems. She said that they were employing the latest technology to secure the digital financial landscape, monitor the activities of cyber criminals, and try to stay several steps ahead of those who wish to exploit the system. Most importantly, she assured everyone that the private sector is an able, willing, and active partner in cybersecurity. Lastly, she reiterated that the private sector and the government continuously do their part to meet the challenges in the digital financial landscape.
As someone who works in the government’s legislative department, I realized that much work needs to be done in cybersecurity policy. We must be proactive if we want to secure the future of our digital landscape. However, before we take the necessary steps to address the policy gaps, we must comprehend some fundamental realities and always keep them in mind.
Inclusivity in Formulating Cybersecurity Policies
First, digitalization is not a fad or a passing trend. It is here to stay and is changing everyone’s lives, whether we like it or not. Policymakers must recognize this and strive to be inclusive in formulating policies for everyone. To reiterate, we should make policies not just for the young and technologically aware but also for the older, poorer, and more technologically averse population segment, as the latter are more vulnerable to cybercrime. Hence, our policies should reflect these concerns, and adequate attention must be directed to all population segments.
No More Excuses
Second, there should be no more excuses, especially on the part of the government. We fully know the cybersecurity situation and the extent of our capabilities and strengths. Thus, we must work with what we already have towards a singular goal of securing our digital landscape. Limited budget, lack of cybersecurity professionals, and enemy anonymity can no longer be tolerated as excuses for failure. We must be as agile, innovative, and relentless as our digital enemies. Again, we work with what we have and keep moving forward together.
Shared Responsibility
Third, in all efforts, we must realize that protecting our digital future is a shared responsibility. It is not solely the duty of the government or private sector to protect the citizens from cyber threats. We now realize that leaving cyber security concerns to a single entity to guard the front door while leaving the back open is not the way to move forward.
Digital Literacy for All
Fourth, cybercriminals have already identified that in an ICT system, the weakest link will always be humans. They are the most prone to failures, biases, and errors. Hence, there is a comprehensive and continuous need to educate everyone to be more aware and vigilant about what is happening to their digital accounts. Finding opportunities for cyber criminals will be tough if everyone is well-informed and conscious of potential cybersecurity risks.
Innovation is the Name of the Game
Fifth, in the digital age, our policies should be as constantly innovative as technology rapidly advances. The technology that impresses and amazes us now will most likely be passé in the next few years or months. Hence, we must craft our policies accordingly and keep abreast of these advancements. Legislators and their staff need constant retooling and retraining on the latest technological trends to ensure they are updated on policies and approaches. We always need inputs from experts and civil society organizations to develop a balanced and comprehensive policy framework to address the problems.
Whole-of-Country Approach
Lastly, on a personal note, it has now become imperative to implement a whole-of-country rather than whole-of-government approach in dealing with cybersecurity concerns. All government agencies, the private sector, and civil society organizations must work hand in hand towards a common direction to deal with the problems. If we hope to move forward, we must act together and row the boat towards a common direction and goal.
To my fellow government workers, I would like to appeal that we should stop working in silos. We must be aware of what others are doing and try to engage all government efforts at all levels to maximize our chances of success in mitigating cyber risks.
Together, we call for a secure digital future.
References
Allego-Red, C. (2023). Securing the Digital Financial Landscape. [Webinar]. Development Academy of the Philippines. https://www.youtube.com/watch?v=pL3ybo7jgKg
Galla, P. (2023). Cybersecurity and the e-Governance Bill. [Webinar]. Development Academy of the Philippines. https://www.youtube.com/watch?v=pL3ybo7jgKg
Gutierrez, T. (2023). Digital Philippines: Accelerating Citizen Experience through e-Governance. [Webinar]. Development Academy of the Philippines. https://www.youtube.com/watch?v=pL3ybo7jgKg
Plabasan, M. (2023). BSP Approach: Strengthening the Cyber Resilience of the Financial Services Industry. [Webinar]. Development Academy of the Philippines. https://www.youtube.com/watch?v=pL3ybo7jgKg
Disclaimer: The views expressed in this article are solely those of the author, and do not necessarily reflect the positions of the House of Representatives, the Senate of the Philippines, or the Development Academy of the Philippines.
