Gatchalian urges enhanced cybersecurity services in PH amid Philhealth hack

Senator Win Gatchalian called on all government agencies and the private sector to beef up their protection against cybersecurity threats, taking note of the hacking of the Philippine Health Insurance Corp. (Philhealth) that remains unresolved.

Gatchalian filed Senate Bill 2066, or the Critical Information Infrastructure Protection Act. The measure mandates all covered critical information institutions (CII) to adopt and implement adequate measures to protect their information and communications technology (ICT) systems and infrastructures and respond to and recover from any information security incident.

It also mandates the Department of Information and Communications Technology (DICT) to determine and update information security standards and require CII institutions to comply with such standards. It mandates the National Computer Emergency Response Team (NCERT) to act as the central authority for computer emergency response teams in the country and to administer the centralized information security incident reporting mechanism that would cover industries that include banking and finance, broadcast media, emergency services and disaster response, energy, health, telecommunications, and transportation, among others.

According to Gatchalian, more Filipinos and businesses rely on digital technologies to perform their daily tasks, especially after the COVID-19 pandemic. On the average, Filipinos are estimated to use and consume 4.3 more digital services compared to pre-pandemic years. E-commerce also continues to grow exponentially and sales are expected to be valued at $10.3 billion by 2025, the senator said, citing estimates made by GlobalData.

"It is high time that we take the necessary steps to protect our critical information infrastructure by ensuring, at the minimum, compliance with international standards and globally accepted best practices for cybersecurity," Gatchalian stressed.

"With the increased use of digital technologies in our daily lives, malicious actors from casual scammers to highly sophisticated state-based groups, hunt for vulnerabilities in ICT systems and networks to steal information, disrupt essential services, and profit from attacks," said Gatchalian, citing as an example the ongoing cyberattack on Philhealth's database wherein cybercriminals have asked for $300,000 in exchange for handing over decryption keys, as well as deleting and not publishing the data they illegally obtained.

"The adoption and implementation of minimum information security standards is a globally accepted best practice to provide guidance, which would lead to more efficient use of resources, improved risk management, consistent delivery of critical and essential services and effective protection of the confidentiality, integrity, and availability of information that is vital to the nation," he added.

Gatchalian hinimok ang mas mahusay na cybersecurity services sa bansa sa gitna ng pag-hack sa Philhealth

Nanawagan si Senador Win Gatchalian sa lahat ng ahensya ng gobyerno at pribadong sektor na palakasin ang kanilang proteksyon laban sa mga banta sa cybersecurity kasunod ng hacking na nangyari sa Philippine Health Insurance Corp. (Philhealth).

Inihain ni Gatchalian ang Senate Bill 2066, o ang Critical Information Infrastructure Protection Act. Ang panukalang batas ay nagmamandato sa lahat ng critical information institutions (CII) na magpatibay at magpatupad ng sapat na mga hakbang upang protektahan ang kanilang mga sistema at imprastraktura ng information and communications technology (ICT) at tumugon sa anumang insidente ng information security.

Ang panukala ay nagmamandato rin sa Department of Information and Communications Technology (DICT) na tukuyin at i-update ang mga pamantayan sa seguridad ng impormasyon kung saan ang mga naturang pamantayan ay kailangang sundin ng mga CII. Inaatasan din nito ang National Computer Emergency Response Team (NCERT) na kumilos bilang isang central authority para sa mga computer emergency response team sa bansa at pangasiwaan ang "centralized information security incident reporting mechanism" na saklaw ang mga industriya tulad ng banking and finance, broadcast media, emergency services and disaster response, enerhiya, kalusugan, telekomunikasyon, at transportasyon, bukod sa iba pa.

Ayon kay Gatchalian, mas maraming Pilipino at negosyo ang umaasa sa digital technologies para maisagawa ang kanilang pang-araw-araw na aktibidad, lalo na't nagkaroon na tayo ng karanasan ng pandemya. Ang mga Pilipino ay kumukunsumo nang higit pa sa 4.3 na digital services bago mag- pandemya. Ang e-commerce ay patuloy na lumalawak at ang benta nito ay inaasahang magkakahalaga ng $10.3 bilyon pagdating ng 2025, sabi ng senador, batay sa pagtatantya na ginawa ng GlobalData.

"Panahon na para gawin natin ang mga kinakailangang hakbang upang maprotektahan ang ating kritikal na imprastraktura ng impormasyon sa pamamagitan ng pagtiyak at pagsunod sa international standards ng cybersecurity," sabi ni Gatchalian.

"Sa pagtaas ng paggamit ng mga digital na teknolohiya sa ating pang-araw-araw na buhay, ang mga kawatan mula sa mga maliliit hanggang malalaking organisadong grupo ay naghahanap ng mga kahinaan sa mga sistema at network ng ICT upang magnakaw ng impormasyon, makagambala sa mahahalagang serbisyo, at kumita mula sa mga pag-atake," sabi ni Gatchalian, na inihalimbawa ang cyberattack na nangyari sa database ng Philhealth kung saan ang mga cybercriminal ay humingi ng $300,000 kapalit ng pagbibigay ng mga decryption key at ang pagtanggal at hindi pag-publish ng data na iligal na nakuha.