On confidential funds for cybersecurity activities


“CONSIDERING that in application of article 28 of article II of the Constitution of 1987, the State adopts and implements a policy of full public disclosure of all its operations of public interest, subject to reasonable conditions prescribed by law; »Thus reads the executive decree 02, series of 2016, on freedom of information, signed on July 23, 2016.

How can we verify what the Department of Information and Communication Technologies (DICT) is spending our taxes on if it is hidden behind the cloak of confidentiality and secrecy?

What does the “Cash Advance for Confidential Cyber ​​Security Expenses” withdrawn in the last two months of 2019 cover?

To better understand “cybersecurity activities”, it would be helpful to examine the powers and functions of the DICT as mandated in Law of the Republic (RA) 10844 or the law that created the agency.

“ARTICLE 5. Mandate. – The Department will be the main political, planning, coordinating, implementing and administrative entity of the executive branch of government which will plan, develop and promote the national ICT development program. To fulfill this mandate, the law defines the powers and functions of the DICT. Among the agencies attached to the DICT, as provided for in Article 15 of RA 10844, is the Cybercrime Investigation and Coordination Center (CICC) to which “all powers and functions related to cybersecurity, including, but not limited to, formulating the National Cybersecurity Plan, establishing the National Computer Emergency Response Team (CERT) and facilitating international intelligence cooperation regarding cybersecurity issues are transferred. The creation of the CICC is provided for by article 24-26 of RA 10175, or “Cybercrime Prevention Act of 2012”, and is headed by the secretary of the DICT.

Shortly after the organization of DICT in 2016, he created the Cybersecurity Bureau which, more than a year ago or on January 16, 2019, launched its “Cyber ​​Security Management System (CMS) Project” of 512 million P with the objective of detecting cybersecurity incidents, in particular in government agencies in “near real time”. Ten government agencies were connected to the CMS at the time of its launch.

Based on the published terms of reference for the project, the CMS includes a Threat Intelligence Platform and a Web Intelligence Tool.

There are free tools like Snort for packet analysis, Wireshark for network protocol analysis, and other free downloadable tools that the Cyber ​​Security Office can use.

To ensure that the skills required to manage and operate the CMS are developed, the terms of reference of the CMS project include training, knowledge transfer and capacity building. How many current DICT staff assigned to the CMS project have completed the training programs? How effective have the training programs been?

In terms of activities, the DICT would have organized the national computer emergency response team, or CERT-Ph. The people assigned to CERT-PH would have followed training programs for the creation and organization of a CERT.

The Cybersecurity Office has also traveled the country offering cybersecurity awareness programs and panel discussions on digital parenting, health and emergency services, banking and financial services, protecting children online and other cybersecurity issues.

This is starting to sound like the DICT completion report. But why the basic information?

At the heart of the question of the use of confidential funds recently raised is the question of the conduct of surveillance and intelligence operations.

Among the functions assigned to the DICT is the management of cybersecurity issues. Thus, the CICC, which was created under RA 10175, has become an agency attached to the DICT. At no time during the drafting of the bill creating the DICT was the conduct of surveillance and intelligence operations discussed.

As commonly understood in the context of law enforcement and national security, surveillance and intelligence operations involve close monitoring of (suspected) criminals, activists, radicals, or those perceived by the government as enemies of the state; it involves monitoring activities in a certain place or location for the purpose of gathering information.

As is also generally understood, surveillance and intelligence operations are conducted by government law enforcement, defense and security agencies.

So why would the DICT be involved in surveillance and intelligence operations when it is clearly not a law enforcement agency or a national defense or national security agency?

In an earlier statement released by DICT, he revealed that he is a member of the National Security Council (NSC). Would DICT now meet the requirements of the NSC or would it just be consulted on the use of technology and technologies that the NSC can use?

What type of cybersecurity incidents has the CMS monitored so far? Among these incidents, were there any that were successful? Are the results proportional to the cost of the CMS?

What else did the DICT need to spend that the CMS couldn’t handle?

If the additional 300 million pesos were for cybersecurity activities, what activities are they? What additional results are expected?

As we ask these questions, DICT Secretary Gregorio Honasan 2e and Under Secretary Eliseo Rio Jr. issued a joint statement on February 7, 2020, which clarified that “xxx, the use of confidential expenses [fund] is intended only for lawful control and monitoring of network systems and infrastructure. It is not used for the surveillance of individuals and persons since that is not part of the mandate of the department.

For now, the DICT has set its limits in the conduct of surveillance and intelligence activities.

Darcy J. Skinner

Leave a Reply

Your email address will not be published.