As per the latest data from January 2021, in a population of 110.3 million close to 74 million are active internet users in the Philippines, where the number increased by 4.2 million between 2020 and 2021.

Another noteworthy fact is that at the same time in January 2021, there were 152.4 million mobile connections that was equivalent to 138.2% of the total population.

In the last couple of years, Philippines has witnessed a mammoth internet savvy population that is also hugely active on social media to say the least. But with such dynamics, there is always a vulnerability to cyber crimes that becomes inevitable.

So much so that in 2016, the country suffered its most damaging data leak comprising 70 million votes data registered with the Commission on Elections.

Taking into consideration the nature of the cyber attacks and the growing digitization in the country, the Department of Information and Communications Technology (DICT) in Philippines launched the National Cybersecurity Plan 2022 (NCSP) with an aim to make Philippines cyber secure.

Below mentioned are the key focus areas of the National Cybersecurity Plan 2022 that explains how it is making Philippines cyber secure:

1. Securing Philippines’ critical infostructure (CII)- One of the primary goals of NCSP is to ensure continuity in CII operations, the failure or limited activity of which due to natural or man-made disasters can cause a havoc in sectors like emergency services, healthcare, telecommunications, banking, logistics and many more, thereby adversely impacting most of the citizens.

In the course of enabling cyber security capability and ensuring the protection of CII, compliance and assessment are made pivotal where they cover Protection Assessment, Security Assessment and Compliance to Cyber Risks concerning CII. Government agencies are subjected to obligatory National Drill Exercises to adhere to a regular protocol of reporting threats, security breaches and establishing constant monitoring.

2. Protection of government networks- NCSP strives to protect the government networks through a National Computer Emergency Response Program which is also part of the National Drill Exercises. The program is designed to function as per an emergency protocol which is there to assist the government agencies in the event of cyber-crimes or attacks. The emergency protocol is supposed to become an integral part of operations for all government entities.

NCSP insists on deploying Chief Information Security Officer (CISO) positions in government agencies, where the crucial responsibilities of a CISO include- using information security policies; allocating resources; and taking budget decisions. 

The NCSP has also bifurcated the hierarchy of the Computer Emergency Response Program into National CERT, Government CERT, Sectoral CERT, and Military CERT, where each one has a specific area to focus on. For instance, the Military CERT comes under The Department of National Defense (DND).

One of the main objectives of this strategy is to establish a threat intelligence and analysis operations centre in order to aid- Research and Development; Testing Laboratories; and Threat Scenario Simulators.

3. Safe keeping of the supply chains- To ensure the safety of the supply chains, NCSP has guided the government in setting common criteria to maintain compliance of the suppliers, where evaluation happens as per an established norm to ensure that the ICT equipment are compliant with the government’s standards.

4. Protection of individuals- NCSP has insisted that the government should take a holistic approach for the protection of the individuals. Topics related to cyber security are incorporated as a part of higher education. Also, advanced programs like webinars and specialized courses to obtain skills and knowledge in a short time are promoted.

Encouragement is given to apprenticeships and cooperative education programs to ready an instant workforce that can simultaneously earn a salary and learn the necessary skills.

NCSP also emphasizes on outreach programmes, that are conducted via different mediums and strategic relationships are developed with youth communities as well as the relevant local and international private organisations.

With the above-mentioned focus areas, it is quite evident that National Cybersecurity Plan 2022 is not only shielding Philippines from cyber attacks but has also provided the future road map for the growth and improvement of digital forensics, network analytics and defence conceptualization.