Cybersecurity Policy Framework 3 of 3
Understanding how the Policy Framework is used is critical for your Enterprise to implement the Cybersecurity Guidelines and achieve full compliance. In this last article in this series we will show how the National and International Cybersecurity Policies, Laws, and Implementation Guidelines have evolved in the Philippines
National Cybersecurity strategyThis Cybersecurity Policy Framework focuses on three key regulatory aspects of Cybersecurity policy, framed by a wider national strategy as well as an international strategy for Cybersecurity.
Philippine National Strategy for Cybersecurity
What is a National Strategy for Cybersecurity?
Task Force for the Security of Critical Infrastructure (TFSCI) 08 August 2004 has published a National Cyber Security Plan that you can read here...
The organization that most closely meets the definition of a Cyber Security Agency is the Commission on Information and Communications Technology which created the above plan and is responsible for ongoing Cyber Security efforts under DICT.
Highlights from that plan are:
- Enterprise Networks/ Intranets
- Local Internet Service Providers (ISPs)
- Regional Network Providers (RNPs)
- Internet Backbone
- User Services
- Online Content
- Source of Online Content
- Telecommunication Services
Why is a National Strategy Needed?
Over the past years, the threats to the country’s cyberspace have dramatically increased. As our country’s level of dependence upon information technology and information infrastructures increases, we are becoming more exposed to the potential impact these threats could create against our socio-economic well-being, political stability and national security priorities. Truly, if we aspire to emerge as a strong information and knowledge-based economy, we cannot let these threats prevail over our way of life as a nation. It is the policy of this administration to provide the environment wherein our cyberspace is secured and protected, thereby adequately providing information assurance that our critical cyber infrastructures would be free from any disruption and interference. -- GLORIA MACAPAGAL-ARROYO, President
What Makes a successful national strategy for Cybersecurity?
Advancements in the field of information and communication technology may beconsidered as one of the forces that have drastically changed the landscape ofinternational and national security. Such technological innovations have made theexisting world order more complicated -- no longer is the nature of threats definitiveunder conventional military and police parlance as it was before. -- USEC ABRAHAM A PURUGGANAN, HEAD Task Force for the Security of Critical Infrastructures (TFSCI)
Key policy principles
- Outcome-focused –
- Prioritized –
- Practical and realistic –
- Respects ;privacy, civil liberties and rule of law
- Globally Relevant –
To assist policy-makers in the development of a national cybersecurity strategy, Microsoft has published a guide, based on its experience of emerging best practices around the world. The guide, “Developing a National Cybersecurity Strategy”, is available at microsoft.com/en-us/cybersecurity/.
Internationally Cybersecurity Agencies
The following graphic shows the state of National Cybersecurity Agencies.
Many possible types of agency but all with one essential purpose
A national Cybersecurity agency, if appropriately structured, can substantially increase the readiness of a country’s Cybersecurity ecosystem, with many of the economic and developmental benefits already outlined.
The creation of such an agency can follow many paths, e.g. by delegation of existing powers from other parts of government to a standalone body or by creation of multiple agencies with clear briefs focused on distinct aspects of Cybersecurity .
In all cases, however, public-private partnership and cooperation will be key because much of “cyberspace” is built, owned and operated by the private sector. Obstructive dynamics between a national Cybersecurity agency and businesses, not to mention with peer agencies in other states, will be counterproductive.
Ion Management and our Modern Workplace have been designing and implementing the Philippine Cybersecurity laws, policies and implementation guidelines since the beginning and works hand in hand with Security Product Vendors and Philippine Cybersecurity Agency.
Useful Links related to Philippine Cyber Security:
1) National Cybersecurity Plan
2) Laws/Policies/Standards in force relating to cyber/information security (Abstract or summary of each document with URL pointing to authoritative source)
- 2011-2016 National Security Policy
- R.A. 8792 (E-Commerce Act)
- R.A. 9775 (Anti-Child Pornography Act of 2009)
- R.A. 9995 (Anti-Photo and Video Voyeurism Act of 2009)
- R.A. 10173 (Data Privacy Act of 2012)
- R.A. 10175 (Cybercrime Prevention Act of 2012)
- M.O. 37, s2001 (Providing for the Fourteen Pillars of Policy and Action of the Government Against Terrorism – critical infrastructure is defined in this document and requires the preparation of a comprehensive security plan [a] above)
- E.O. 810, s2009 (Institutionalizing the Certification Scheme for Digital Signature)
- A.O. 39, s2013 (Government Web hosting Service of DOST ICT Office)
- PNS ISO/IEC 270001:2005 (Information technology — Security techniques — Information security management systems – Requirements)
- PNS ISO/IEC 27002:2005 (Information technology — Security techniques — Code of practice for information security management)
3) Incident Response/Report an Incident
- ITU-T X.1205 (April 2008, Series X: Data Networks, Open System Communications and Security – Overview of Cybersecurity)
- Process for reporting an incident
- Form to be accomplished
4) Awareness Campaign/Education/Events
- Video Clip on Be Aware, Secure and Vigilant
- Poster for download
- Pamphlets for download (Pamphlet 1 and Pamphlet 2)
- Booklet (2013 NSTW) for download
5) International Cooperation
- ASEAN- Japan
6) Contact Information
- DOST ICT Office
Office of Deputy Executive Director for Cybersecurity
Ground Floor, ICTO Building
Carlos P. Garcia Avenue
U.P. Campus, Diliman
1101 Quezon City
Tel: (632)920-0101 local 1200
- National Bureau of Investigation
Taft Avenue, Manila
Tel: (632)523-8231 to 38 local 3454, 3455
- Philippine National Police
PNP-ACG Operations Center
Camp Crame, Quezon City
- DOJ Office of Cybercrime
Padre Faura Street
Tel: (632)521-8345 and (632)524-2230
To learn more about the existing Cybersecurity agency models, see:
• Australian Cyber Security Centre (ACSC): acsc.gov.au/
• National Cybersecurity Agency of France (ANSSI): ssi.gouv.fr/en/
• The National Cyber Bureau of Israel: pmo.gov.il/English/PrimeMinistersOffice/DivisionsAndAuthorities/cyber/Pages/default.aspx
• Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC): nisc.go.jp/eng/
• Singapore Cyber Security Agency (CSA): csa.gov.sg/