Press Release
October 18, 2023

Cayetano on gov't cyberattacks: 'This is where confidential funds are actually useful'

Senator Alan Peter Cayetano on Tuesday said there are only certain agencies that are clearly in need of confidential funds, one of them is the Department of Information and Communications Technology (DICT) which is in dire need of resources to upgrade the government's protection from cyber attacks.

In the Senate hearing conducted by the Committee on Science and Technology on October 17 on the recent hacking spree of government websites, Cayetano, who chairs the Committee, cited ideas on how the DICT can improve the government's defense against hackers.

For one, he said, the DICT can use confidential funds to buy information, such as by hiring a "black hacker" as a government asset.

"Another use of confidential funds is reward. Kung ang penalty sa crime na ginawa ay kulong ng five years, then y'ung nagsumbong sa kanya may P250,000 or P500,000, it prevents major breaches of our cybersecurity. It's worth it," he said.

The DICT's budget for cybersecurity decreased from P1 billion in 2022 to P600 million in 2023, then to only P300 million this year.

"I'm not lobbying for you, but what I am saying is that there are certain agencies na talagang klarong klaro kung saan kailangan ang confidential fund. And klarong-klarong kailangan when you have something to do with security," the independent senator said.

The hearing focused on the ransomware attack on Philhealth's data system on September 22, 2023. Medusa, the group behind the attack, demanded roughly P17 million from the agency.

'Cybersecurity fire drills'

Cayetano noted that completely preventing cyber attacks is impossible, but implementing robust defenses to make it difficult for hackers to infiltrate government systems should be sufficient to deter them.

"If we can upgrade the country in the sense na, 'Hackers hindi kayo uubra dito,' then they'll go somewhere else," he said.

"You can minimize [the data they can steal] to the point na it's not worth their time kasi nga very much ready ang Pilipinas na kontrahin," he continued.

Cayetano urged the DICT to help government agencies establish a regular "fire drill" so that government offices, from the national level down to their branches, are trained to act quickly in cases of cyber attacks.

"Can we have a code red na when you text all of your branches, that will simply mean [kailangan] patayin na [nila] lahat ng computer and wait for further instructions?" he said.

DICT Undersecretary for Connectivity, Cybersecurity, and Upskilling Jeffrey Ian Dy admitted that the department still does not have the sophistication of such a singular command, but systems that facilitate faster communication are in place.

To protect the data privacy of Filipinos, the senator also proposed the idea of implementing a modern documentation system in which pieces of information are segregated, making it difficult for hackers to relate them to the owner.

Ledesma, nonetheless, assured the public that the ransomware attack did not affect the major databases of Philhealth and that the majority of membership information was safe.

"Although some membership data has been compromised, our production servers are intact. It was the individual workstations that were affected," Ledesma said.

A second hearing on the matter is expected to be held to zero in on the recent cyber attacks against other government agencies.


Cayetano tungkol sa gov't cyberattacks: 'Dito talagang kailangan ang confidential funds'

Sinabi ni Senador Alan Peter Cayetano nitong Martes na may mga departamentong malinaw na kailangan ng confidential funds, isa na diyan ang Department of Information and Communications Technology (DICT) na kailangang-kailangan ng pondo para palakasin ang proteksyon ng gobyerno laban sa mga cyber attack.

Sa isinagawang pagdinig ng Senate Committee on Science and Technology nitong Oktubre 17 tungkol sa mga naganap na pangha-hack ng mga government website, nagbigay si Cayetano, na chairperson ng nasabing komite, ng mga ideya kung paano mapapabuti ng DICT ang depensa ng gobyerno laban sa mga hacker.

Isa na rito ang pagbili ng DICT ng mga impormasyon gamit ang confidential funds, kabilang na ang pag-hire sa mga "black hacker" bilang isang asset ng gobyerno.

"Another use of confidential funds is reward. Kung ang penalty sa crime na ginawa ay kulong ng five years, then y'ung nagsumbong sa kanya may P250,000 or P500,000, it prevents major breaches of our cybersecurity. It's worth it," aniya.

Mula sa P1 bilyon noong 2022, bumaba ang budget ng DICT para sa cybersecurity sa P600 milyon noong 2023, hanggang maging P300 milyon na lamang ngayong taon.

"I'm not lobbying for you, but what I am saying is that there are certain agencies na talagang klarong klaro kung saan kailangan ang confidential fund. And klarong-klarong kailangan when you have something to do with security," pahayag ng independyenteng senator.

Pinagtuunan ng nasabing pagdinig ang ransomware attack na nangyari sa data system ng Philhealth noong Setyembre 22, 2023. Humihingi ng humigit-kumulang P17 milyon bilang ransom ang Medusa, ang grupo sa likod ng pag-atake.

'Cybersecurity fire drills'

Sinabi ni Cayetano na imposibleng matuldukan ang lahat ng cyber attack, ngunit makakatulong kung pahihirapan ang mga hacker na pasukin ang mga online system ng gobyerno.

"If we can upgrade the country in the sense na, 'Hackers hindi kayo uubra dito,' then they'll go somewhere else," aniya.

"You can minimize [the data they can steal] to the point na it's not worth their time kasi nga very much ready ang Pilipinas na kontrahin," dagdag niya.

Hinimok ni Cayetano ang DICT na tulungan ang mga ahensya ng gobyerno na magkaroon ng regular na "fire drills" para sanay at handa ang mga opisina, mula sa national level hanggang sa mga regional branch, na kumilos nang mabilis sakaling magkaroon muli ng pangha-hack.

"Can we have a code red na when you text all of your branches, that will simply mean [kailangan] patayin na [nila] lahat ng computer and wait for further instructions?" aniya.

Inamin ni DICT Undersecretary for Connectivity, Cybersecurity, and Upskilling Jeffrey Ian Dy na wala pang katulad na singular command na nabubuo ang departamento, ngunit may mga kasalukuyang sistemang ginagamit para mapadali ang komunikasyon sa pagitan ng mga ahensyang may kinalaman sa cybersecurity.

Para maprotektahan ang data privacy ng mga Pilipino, iminungkahi din ng senador sa DICT ang pagpapatupad ng makabagong digital documentation system kung saan hiwa-hiwalay na nakabangko ang mga data, para mahirapan ang mga hacker na tuntunin ang identidad ng may-ari ng mga impormasyon.

Sa huli, tiniyak ni Ledesma sa publiko na ang hindi naapektuhan ng ransomware attack ang pangunahing database ng Philhealth kaya ang karamihan ng membership information ay ligtas.

"Although some membership data has been compromised, our production servers are intact. It was the individual workstations that were affected," ani Ledesma.

Inaasahang magkakaroon ng pangalawang pagdinig sa usapin para talakayin naman ang mga cyber attack na nangyari sa iba pang mga ahensya ng gobyerno.

News Latest News Feed