NATIONAL CYBER SECURITY PLAN

OFFICE OF THE PRESIDENT

Task Force for the Security of Critical Infrastructure (TFSCI)
08 August 2004
 Malacañang, Manila

MESSAGE

My Beloved Countrymen,

Over the past years, the threats to the country’s cyberspace have dramatically
increased. As our country’s level of dependence upon information technology and
information infrastructures increases, we are becoming more exposed to the potential
impact these threats could create against our socio-economic well-being, political
stability and national security priorities.

Truly, if we aspire to emerge as a strong information and knowledge-based economy,

we cannot let these threats prevail over our way of life as a nation. It is the policy of
this administration to provide the environment wherein our cyberspace is secured and
protected, thereby adequately providing information assurance that our critical cyber
infrastructures would be free from any disruption and interference.

We have to focus our national effort in meeting the challenges that lie ahead. The task
of protecting our critical cyber infrastructures is enormous owing to its continuously
increasing size and number. Yet, by sharing the responsibility and engaging the
private sector and the citizenry to do their part, there would be no reason for us to fail.

This National Cyber Security Plan shall be the cornerstone of the country’s cyber
security policy. It would be the instrument that will guide us all in creating a more
secured and stable environment for the country and the generations ahead.

GLORIA MACAPAGAL-ARROYO
President
 Task Force for the Security of Critical Infrastructures
Malacañang, Manila

MESSAGE

Advancements in the field of information and communication technology may be

considered as one of the forces that have drastically changed the landscape of
international and national security. Such technological innovations have made the
existing world order more complicated -- no longer is the nature of threats definitive
under conventional military and police parlance as it was before.

While information and communication technology has transformed the way

businessmen conduct their businesses, how individuals think and live, and how
governments operate and look at their security priorities, threats and challenges that
were almost unthinkable prior to 9/11 have now emerged horizontally and vertically.
Transnational threats from 1) non-state actors, 2) spread of technology for chemical,
biological, radiological and nuclear purposes, 3) proliferation of high technology and
intelligent communication and weapons systems, and 4) heightened activities leading
to the exploitation of cyberspace to attack national strategic infrastructures, are just
some of the threats that confront us today.

Information and communication technology has created the cyberspace as a multi-

dimensional arena for economic, commercial, military, cultural and political
competition. Cyberspace prompted the advent of new players with new knowledge in
the art of warfare, bringing with them new and sophisticated weapons systems. Being
a widely accessible medium, it facilitated easier and cheaper ways to commit crimes or
even wage wars. Nation states have started rethinking ways of how to address such
concerns to the point of adjusting major security policies. Despite these steps, threats
continue to evolve and remain potent against changes in our strategic, operational and
tactical priorities.
The cyberspace, being a domain of limitless opportunities and challenges, is a
promising avenue for emerging knowledge-based economies such as the Philippines.
However, along with these opportunities are the threats posed by terrorist and
criminal organizations, as well as organized and freelance hackers who thrive and
persist in exploiting said opportunities.

This National Cyber Security Plan is a guide to protect the nation’s digital
infrastructure and the Philippine Cyberspace as a whole. It is a working plan that
seeks to generate a coordinative, cooperative and collaborative effort between the
public and private sectors to protect our cyber or digital infrastructures. It also
envisions harmonizing and systematizing national cyber security policies and
programs.

This Plan endeavours to build our nation’s capability to detect, respond and manage
threats against our cyber or digital infrastructures. At the same time, it aims to
strengthen the organizational, policy and institutional foundations for cyber
infrastructure protection across all sectors. Said foundations must be centered on
harnessing collective responsibility, awareness, participation, and commitment of all
stakeholders in government, private sector, as well as the citizenry.

Protecting the Philippine Cyberspace from being disrupted, exploited and destroyed is
the primordial duty of every citizen of this country. Through the full implementation of
this Plan, the government hopes to institutionalize a critical cyber infrastructure
protection program for the country that is set and clearly defined in the national
security agenda.

USEC ABRAHAM A PURUGGANAN

HEAD
Task Force for the Security of Critical Infrastructures (TFSCI)
 Commission on Information and Communications Technology

MESSAGE

The country is in the midst of a general expansion of utilization of the cyberspace.

This is manifested in the significant growth in the number of online Filipinos,
increased computer ownership and usage of internet and other communication tools for
the last years. However, more than a venue, a forum or a network perhaps, the
cyberspace is becoming the backbone that supports major government operations and
programs especially those that are involved in the delivery of essential goods and
services.

Clearly, when it comes to the issue of protecting our cyber infrastructures, everybody
automatically becomes a stakeholder due to the recognition of the fact that our cyber
infrastructures face mounting challenges and threats each day.

To this end, the public sector has to take the lead in terms of defining policy and
programs aimed not only to harden these infrastructures but also to develop them
further in support of national development goals. On the other hand, the private sector
has to be involved in the national cyber infrastructure planning process and programs
more decisively.

This effort by the government in formulating the National Cyber Security Plan (NCSP)
is a major initiative to place cyber security as an essential component in the planning
and implementation of ICT development programs in the Philippines. This plan will be
useful in identifying loopholes, inadequacies and other necessities that must be
attended to by the government and the private sector to adequately meet the
challenges ahead.
Rest assured that the Commission on Information and Communications Technology
(CICT) shall remain in support of the government’s effort to protect our critical cyber
infrastructure.

VIRGILIO L. PEÑA
CHAIRMAN
Commission on Information and Communications Technology
 National Computer Center

MESSAGE

The recent horizontal and vertical surge in the field of information and
communications technology exposed the country to a host of new threats. Admittedly,
such exposure is a just one of the consequences of the global entry into the cyberspace
era where the defining factor of survival would be our ability to manage and eliminate
such threats.

Being the foundation of our emerging information and knowledge-based economy, the
protection of our cyberspace is one of the specific requirements in our national policy
and program formulation. It is becoming one of the essential functions of the
government due to the fact that cyber security impinges on the normal operation or
functioning of the country’s vital information and communications infrastructures.

Current practices and assumptions proved to be inadequate in meeting these

challenges. Time has come for the government, together with the private sectors and
citizenry, to consolidate and coordinate efforts to ensure that as the country move to
higher level of technological advancement, the enhancement of our capability to
remain prepared against threats that come our way should continue as one of our
national security priorities.

The private sector, national law enforcement, defense, legislative and other
information technology communities have a crucial task to play in the actual conduct
programs against a wide range of illegal cyberspace activities in order to protect
society from their adverse effects. This National Cyber Security Plan should be able to
provide the proper direction in which efforts, resources and awareness be properly
mobilized at a national scale in order to promote a secure cyberspace environment
where our national capabilities, information infrastructures and other vital assets
remain free from any disruptions, intrusions or interferences.

This Plan embodies a national and a collective responsibility that all stakeholders
must perform. Toward this end, protection of our critical cyber infrastructures remains
a decisive duty that we as a nation, irrespective of sector, interests or level, cannot
renege therefrom.

ANGELO TIMOTEO M. DIAZ DE RIVERA

DIRECTOR GENERAL
National Computer Center
 ACKNOWLEDGMENT

This National Cyber Security Plan is a product of a series of consultations and

workshops that the Task Force for the Security of Critical Infrastructure (TFSCI)
conducted with different sectors and stakeholders as early as November 2003.
Believing that there is an urgent need to protect the country’s critical cyber
infrastructures against threats, the formulation of this Plan became one of the primary
foci of the TFSCI in its effort to provide the country a strategic, operational and
tactical direction in the area of cybersecurity.

The TFSCI extends its appreciation to the Commission on Information and

Communication Technology headed by Undersecretary Virgilio L. Peña and to all the
members of the TFSCI Cybersecurity Workgroup headed by Assistant Secretary
Angelo Timoteo Diaz de Rivera, Director General of the National Computer Center.
The Cybersecurity Workgroup which is a functional group whose members come from
the government and the private sector generated substantial knowledge that were
incorporated in this Plan.

Likewise, the TFSCI is grateful for the efforts of the members of the Cyber Security
Plan Project Team under Ms Maria Assumpta Milallos and Dr Segundo Romero,
Executive Director of the Development Academy of the Philippines for their invaluable
contribution and assistance in the initial drafting of the plan.

TFSCI also acknowledges the contribution of Atty Elfren Meneses of the Anti-Fraud
and Computer Division of the National Bureau of Investigation and the efforts of
P/Supt Gilbert Sosa (MCP) of the Transnational Crime and Anti-Fraud and Computer
Division of the Criminal Investigation and Detection Group of the Philippine National
Police.

TFSCI also conveys its sincerest appreciation to its dedicated staff, namely Mr Arnel
Romero, TFSCI Executive Officer; Mr Ronando Capistrano, Director for Policy and
Programs; Engr Irmino Noel R. Limpin (MCP), Director for ICT; LtSG Ferdinand
Gloria, Director for Operations; Ms Czarina May Altez; Ms Mary Louise Castillo; and
Mr Dexter Calayo for preparing the final version of this Plan.

And finally, to Almighty God, our country’s guardian and greatest security provider,
for the inspiration and strength and for making everything possible.

i
 TABLE OF CONTENTS

Page

Executive Summary 1
Introduction 3

PART ONE: DEFINING THE CYBERSPACE 5

I. The Philippine Cyberspace 6

II. Significance of the Digital Infrastructures 8
III. Components of Philippine Cyberspace 10

PART TWO: CHALLENGES IN CRITICAL CYBER 12

INFRASTRUCTURE PROTECTION

I. Categories of Cyber Threats 13

II. Tools for Cyber Attacks 16
III. Modes of Operations 20
IV. Potential Threat Sources 21
V. View of the Threat 21
VI. Motivations 22
VII. Increasing Risks 23

PART THREE: INTERNATIONAL AND DOMESTIC 24

CYBERSECURITY REGIME

I. International Regime 25

A. United Nations Cybersecurity Resolutions 25

B. APEC Cybersecurity Strategy 28
C. ASEAN Cybersecurity Initiative 29

II. Legal Regime in the Field of Cyber Security in the Philippines 30

ii
PART FOUR: STRATEGIES AND PROGRAMS 32

I. Cyber Infrastructure Protection Requirements 33

II. General Direction and Goals 33
III. Guiding Framework 34
IV. Cyber Security Strategies and Programs 34

Strategy 1 – Understanding the Risk 34

A. National Assessment 34

Strategy 2 – Risk Control 36

A. Preventive Capability Programs 36

B. Protective Capability Programs 37
C. Response Capability Programs 38
D. Enhancement of Law Enforcement Capability 38
E. Business Continuity / Resiliency Program 39
F. Remediation Program 39

Strategy 3 – Organization and Mobilization for Cyber Security 40

A. Establishment of a focal point 40

B. Creation of Nationwide Monitoring Points 40
C. Public and Private Partnership/Cooperation 40
D. Advocacy and Public Awareness 41

Strategy 4 – Institutional Build-Up 41

A. Passage of cybercrime law 41

B. Administration of Justice 41
C. Security Standards 41
D. Education & Training 42
E. Knowledge Management (KM) 42
F. Research & Development 42

PART FIVE: THE WAY AHEAD 43

APPENDICES – Cyber Security Workgroup Workshop Outputs 45

iii
 The National Cyber Security Plan

EXECUTIVE SUMMARY

The initiative to formulate a National measures to respond to the challenges

Cyber Security Plan is part and parcel of cyber threats.
of the current national effort to address
critical infrastructure protection In formulating this Plan, it was deemed
concerns. It forms part of the National necessary to determine the nature and
Critical Infrastructure Protection Plan characteristics of the Philippine
(NCIPP) which outlines the strategies Cyberspace. Here, it is defined as the
and programs to be pursued in total apparatus (elements and systems)
protecting the nation’s critical that enables people and
infrastructures. network/computer systems to
communicate with each other. It is the
This Plan addresses the cyber aspect of space where information is posted,
critical infrastructure protection. While exploited, manipulated, traded,
it focuses on the nature and accessed and created by the interaction,
characteristics of information and communication and collaboration of
communication technology, it takes into people and organizations via the
account important physical aspects and network of information and
dimensions of critical infrastructure communication system infrastructures.
protection to achieve more effective

1
 The National Cyber Security Plan

The components of the Philippine capacity-building measures to enhance

Cyberspace include (1) Enterprise our ability to respond to threats before,
Networks/ Intranets, (2) Local Internet during and after attacks, (3) effective
Service Provider (ISP), (3) Regional law enforcement and administration of
Network Providers (RNP), (4) Internet justice, and (4) a cyber security-
Backbone, (5) User Services, (6) Online conscious society.
Content, (7) Source of Online Content,
(8) End-Users, and (9) There are four (4) strategies identified
Telecommunication Services. which are necessary to protect critical
cyber infrastructures namely: (1)
The cyberspace continues to face a Understanding the Risk, (2) Controlling
myriad of challenges. These include the Risk, (3) Organizing and Mobilizing
threats in the form of events, situations for Cybersecurity, and (4) Institutional
and conditions that tend to disrupt, and Policy Build-Up. Each strategy has
degrade and destroy cyber specific programs to be implemented.
infrastructures. Generally, threats
originate either from accidental or In general, this Plan seeks to
deliberate sources such as (1) accidents institutionalize the necessary
and malfunctions, (2) hacktivism, (3) capabilities in the government and in
cyberterrorism, (4) information warfare, the private sector to adequately meet
(5) foreign intelligence, (6) and respond to challenges and threats
technoterrorism, and (7) cybercrimes. against cyber infrastructures that are
critical to the national way of life and
This plan is also consistent with our well-being.
existing international commitment with Protecting the future is the primary
the United Nations, APEC and the responsibility of each and every Filipino
ASEAN where each member state or today. If the Philippines intends to join
economy agreed to jumpstart collective the ranks of nations that have become
efforts to secure the cyberspace against information-based societies, security of
terrorism. the nation’s digital infrastructures in
cyberspace must be pursued with
The primary goals of this Plan include: urgency. It should be made a vital
(1) assuring the continuous operation of component of the over-all strategic,
our nation’s critical cyber operational and tactical priorities of our
infrastructures, (2) implementing national security strategy.

2
 The National Cyber Security Plan

INTRODUCTION

Consistent with the President’s agenda economy and government. ICT is

of national development through the important to our nation’s capacity to
utilization and development of carry out information-based public and
information and communication private enterprises. Most of these
technology is the protection of digital information-based enterprises like
infrastructures, which should be telecommunication companies, banks,
pursued urgently. The importance of transportation and government
information and communication agencies, among others, are considered
technology (ICT) is underwritten in the as critical infrastructures. The
fact that it has been identified as the importance of ICT is also underscored
"foundation of the Philippine’s future by the fact that mutual dependencies
economic development."1 and interconnectedness among the
various critical infrastructures,
ICT has become an integral component sometimes referred to as digital or cyber
in the operation and management of the infrastructures, are enabled through
ICT.
1
The Medium-Term Philippine Development Plan
2001-2004 (Quezon City: NEDA, November 2001)

3
 The National Cyber Security Plan

Digital infrastructures are the Critical Infrastructure Protection Plan

platforms through which the Philippine (NCIPP), referred to in this volume as
cyberspace spans. It is utilized by the cyber aspect of critical
economic enterprises to improve infrastructure protection, to protect our
productivity, hasten delivery of products critical cyber or digital infrastructures.
and services, and increase It will serve as the guide upon which
competitiveness. They are also used our actions will be based to help assure
extensively not only to facilitate the the resiliency of our critical
exchange and delivery of information infrastructures.
spanning a wide range of resources for
research, education, entertainment, While it can stand as a separate
etc., but also those that involve crucial program, the NCSP shall support and
public services and government enhance the physical aspect of critical
functions. infrastructure protection. It will
address the information and
Our dependence on ICT, however, has communication technology security or
opened up vulnerabilities that can be cyber security requirements of critical
exploited by criminals and terrorist infrastructures.
organizations and other forms of
malicious exploitations and lawless The NCSP outlines the strategies and
activities. The successful exploitation of programs necessary to protect the
these vulnerabilities can cause nation’s critical cyber infrastructures. It
tremendous damages and major highlights the necessary and specific
disruptions to the normal operation of cyber security measures in accordance
the economy and government, thereby with the strategies, guiding principles
posing serious implications to national and basic framework set and defined in
security and to the welfare of our the NCIPP.
people.
As recognized in the NCIPP, the
While ICT provides opportunities for protection of critical cyber
national development, it also brought infrastructures necessitates the need to
along new kinds of threats that implement the concept of “shared
challenge national interest and security. responsibility” that requires
ICT has also become a weapon by which coordination, cooperation and
new ways and means to perpetrate collaboration between the private and
wars, crimes and terrorism are waged. the public sectors. Nonetheless, the
primary task of creating a conducive
This Plan is a response to these environment for the protection of
challenges. It shall be called the critical cyber infrastructures still falls
National Cyber Security Plan (NCSP), under government responsibility.
and will form part of the National

4
 The National Cyber Security Plan

PART ONE - DEFINING THE CYBERSPACE

SOURCE : US DEPARTMENT OF STATE

Bureau of Diplomatic Security
Office of Anti-Terrorism Assistance

The formulation of plans and strategies to secure the cyberspace is

hinged upon the proper understanding of the nature and
characteristics of our cyber or digital infrastructures. Thus, this
section shall provide a brief description of the cyberspace and its
importance.

5
 The National Cyber Security Plan

I. THE PHILIPPINE CYBERSPACE

SOURCE : US DEPARTMENT OF STATE

Bureau of Diplomatic Security
Office of Anti-Terrorism Assistance

At present, the term cyberspace is confused as being imaginary; it is real

conventionally described as “the non- and exhibits physical reality through
physical terrain created by computer servers, routers, cables, switches,
systems.”2 In technical terms, computers and electronic messages.4
cyberspace consists of computer
networks as well as the worldwide For the purposes of this Plan,
network of computer networks that use cyberspace is defined as the
the Transmission Control/Internet consequence of the operation of the total
network protocols to facilitate data apparatus (elements and systems) that
transmission and exchange.3 enables people and network/computer
Cyberspace is differentiated from systems to communicate with each
physical space wherein the latter refers other. These apparatuses are called
to an aspect of reality visible to the information and communication system
naked eye, while the former refers to an infrastructures. Hence, the protection of
ethereal reality in which information in cyberspace requires securing this “total
the form of communicated messages apparatus”.
coexist and are transmitted.
Cyberspace, therefore, should not be Cyberspace resides in the information
and communication system
2
Webopedia Computer Dictionary [online].
Available at
4
http://www.webopedia.com/TERM/C/cyberspace.ht John van Gigch, “Do We Need to Impose More
ml Regulation Upon the World Wide Web? – A
3
Hyperdictionary [online]. Available at: Metasystem Analysis” [online]. Available at:
http://www.hyperdictionary.com/dictionary/cybers http://www.inform.nu/Articles/Vol3/v3n3p109-
pace 116.pdf

SOURCE : Microsoft Office 2003

 The National Cyber Security Plan

infrastructures of Internet Service The Philippine Cyberspace is therefore

Providers (ISPs), gateways, the space where information is posted,
independent networks of exploited, manipulated,
corporations, and traded and accessed, created
telecommunication by the interaction,
companies represented by communication and
domain names, Internet collaboration of people and
Protocol (IP) addresses, organizations via the
MAC addresses, e-mail network of information and
addresses and telephone communication system
numbers. These stress the infrastructures. It is a
inextricable importance of SOURCE : Microsoft Office 2003 consequence of the use of
the physical components these networks of physical
(hardware) in the infrastructures.5 Today, they
protection of the Philippine Cyberspace. are now called digital or cyber
infrastructures.

5
Ibid.

7
 The National Cyber Security Plan

II. SIGNIFICANCE OF THE DIGITAL INFRASTRUCTURES

SOURCE : National Telecommunications Commission (NTC)

Digital infrastructures are the considered critical infrastructures vital

platforms to the Philippine Cyberspace to the operation of the government and
which are critical for key social, the economy.
political, military and economic
functions such as the managing and
operating of the country’s power plants Critical infrastructures have been
and dams, the electric power grid, revolutionized by advances in
transportation and air traffic control information technology in the form of
systems including financial institutions. digital infrastructures. Taking
They are also vital in the day-to-day advantage of the speed, efficiency and
operations of business, government and effectiveness of computers and digital
non-government institutions. Business communications, all critical
establishments, large and small, rely on infrastructures are now increasingly
them to manage communication and being connected and interdependent.
payroll, track inventory and sales,
perform research and development Over the years, the reliance of critical
functions, generate food production and infrastructures on digital
many others. Digital infrastructures are infrastructures has tremendously
keys to our nation’s capacity to carry increased to cope with the demand for
out information-based public and better business processes and
SOURCE : National Telecommunications

private enterprises. Most of these competitiveness aside from better public

information-based enterprises are service and national security. Today,

8
 The National Cyber Security Plan

digital infrastructures are crucial for individuals or organizations. With the

banking, local and rapid increase of digital
international infrastructures, they are
communication services, now considered as
generation and strategic resources and
distribution of water assets that play an
and power, production important role in the
and distribution of good nation’s economic
and services, development and
transportation and competitiveness, security
travel, entertainment, and well-being. Their
security, education and disruption or destruction
many other applications SOURCE : National Telecommunications Commission (NTC)
will have debilitating
that have changed the impacts on national
way we do things as security.

9
 The National Cyber Security Plan

III. COMPONENTS OF THE PHILIPPINE CYBERSPACE

SOURCE : US DEPARTMENT OF STATE

Bureau of Diplomatic Security
Office of Anti-Terrorism Assistance

Basically, the components of the networks and Public Switching

country’s cyberspace are those digital Telephone Networks (PSTN). These
infrastructures that interconnect are networks through which most
national, regional and global customers gain access to the Internet
information and communications using telephone lines. They are
networks. These components are sometimes referred to as second level
identified as follows: ISPs. Examples of these are
Infocom, Mozcom and Pacific
1. Enterprise Networks/ Intranets Internet.

Enterprise Networks or intranets 3. Regional Network Providers (RNPs)

pertain to independent networks,
local area networks (LAN) and wide These entities provide WANs across
area networks (WAN) that are large geographic areas. They
connected through function as client/server systems
telecommunication channels. Said integrator, value-added reseller,
networks cater to their and/or provider of Internet services
organization’s business applications, to a wide geographic market.
including critical infrastructures.
4. Internet Backbone
2. Local Internet Service Providers
(ISPs) Composed of organizations that
provide major interconnection
These are organizations that provide between different networks, they
gateways between packet-switching consist of:

10
 The National Cyber Security Plan

and data communications. In

general, the NAPs contract the
long distance carriers for the
channels needed for their
backbone.

5. User Services

These are organizations that provide

domain names, email hosting,
newsgroups, telnet, FTP, and
storage.
SOURCE : NARUS Mobile Arts

6. Online Content

ƒ Network Service Providers These are information resources that

(NSPs) – These are organizations are published in websites and stored
that provide the foundation of the in databases of ISPs and and
Internet backbone, which is organizations that own them..
largely based upon the
architecture of the Internet’s 7. Source of Online Content
precursors.
Sources of Online content are
Considered as peering centers, materials where information or data
NSPs offer national and are generated and transformed into
international interconnecting digital form. They include books,
Internet services to wholesale files, pictures, recordings, video
level RNPs and large ISPs financial data, etc.
through so-called priority
Network Access Points (NAP). 8. End-Users

ƒ Network Access Points End-users pertain to people and

(NAPs) – Network Access Points organizations that utilize the
offer a mechanism for NSPs and network for their personal and
ISPs to interconnect. business purposes.
Collectively, they operate as the
Public Internet Backbone that 9. Telecommunication Services
connects to ISPs, POP and hosts.
These comprise the facilities that
ƒ Long Distance Carriers – provide connection of communication
They supply a national network of channels to ISP’, independent
communication channels for the networks, and individual subscribers
Internet and long distance voice and users.

11
 The National Cyber Security Plan

PART TWO:
CHALLENGES IN CRITICAL CYBER INFRASTRUCTURE
PROTECTION

SOURCE : COMPUTER ASSOCIATES

The Philippine cyberspace is challenged by a myriad of threats each

day. These challenges, both actual and potential, caused
unprecedented reshaping of our national security preparations and
requirements. Enhancing our country’s ability to understand and
recognize these challenges is necessary in order to adequately
manage the growing threats to our critical infrastructures.

12
 The National Cyber Security Plan

I. CATEGORIES OF CYBER THREATS

SOURCE : US DEPARTMENT OF STATE

Bureau of Diplomatic Security
Office of Anti-Terrorism Assistance

Cyber threats are events, situations and relate to safety, reliability and
conditions that tend to reduce, disrupt, trustworthiness.
degrade and destroy digital
infrastructures. Generally, threats Deliberate problems are the result of
originate either from accidental and conscious human behaviour. In dealing
deliberate sources. with deliberate problems, one is faced
with malicious intent. A malicious
In general, accidental causes are human may seek to hide his or her
natural (e.g., a lightning surge that tracks, making it difficult to identify the
destroys a power supply in a network nature of the problem caused (or even to
that causes part of the network to fail) identify that a problem has been
or human but non-deliberate (e.g., caused). A malicious human can, in
faulty design, usage of infested media or principle, tailor actions to produce a
accidental cutting of data cables). desired effect beyond the damage to the
Accidental causes may also be actual system attacked -- unlike an
attributed to situations that directly

13
 The National Cyber Security Plan

accidental problem whose effects are 3. Cyberterrorism

randomly determined.
There are seven (7) more specific The exploitation of digital
categories of threats to the cyberspace. infrastructures for terrorist ends, it
These are accidents and malfunctions, comprises of politically-motivated
hacktivism, cybercrimes, techno- hacking operations designed to cause
terrorism, cyberterrorism, foreign grave harm such as loss of life or severe
intelligence and information warfare. 6 economic damage. An example would
be an intrusion into an air traffic
1. Accidents and Malfunctions control system and causing two planes
to collide.
This category includes operator error,
hardware malfunctions, software bugs, 4. Technoterrorism
data errors, damage to physical
facilities, inadequate system This is the intermediate step between
performance and system malfunctions. "conventional" terrorism and
An example of this is the infamous Y2K "cyberterrorism." Unlike the
or millennium bug. Occurrences of cyberterrorist, the technoterrorist will
these threats are attributed to disaster, attack those systems that exist in the
calamities, and lack of knowledge, as physical world to disrupt cyberspace.
well as lack of maintenance, factory Thus, the computer itself (hardware
defects and faulty designs. rather than software) is the target of
the technoterrorist. The technoterrorist
2. Hacktivism will use "conventional" weapons such as
Considered as the marriage of hacking bombs and physical destruction to
with activism, it covers operations that disable or destroy digital
use hacking techniques against a target infrastructures.
Internet site with the intent of
disrupting normal operations but 5. Information Warfare
without causing serious damage. It also
includes electronic civil disobedience, Defined as being concerned with “the
which brings methods of civil defensive and offensive use of
disobedience to cyberspace like virtual information and information systems to
sit-ins and blockades, automated e-mail exploit, corrupt, or destroy an
bombs, web hacks and computer break- adversary’s information and
ins including the use of malicious codes. information system while protecting
one’s own.”47 Winn Schwartau, a
pioneer on the topic of information
warfare has developed three classes:
personal information warfare which is
6
Purugganan, Abraham A. Protecting the Philippine characterized by the electronic attack
Cyberspace, Unpublished MNSA Thesis, National
Defense College of the Philippines, Camp against an individual’s privacy;
Aguinaldo, Quezon City, May 2001. pp 114

14
 The National Cyber Security Plan

corporate information warfare where hacking or unauthorized access to

corporations use information and its computer systems or networks, or
associated technology to destroy or win forcibly taking over a computer network
against their competitors; and global to destroy and/or modify data and
information warfare which targets programs including stealing
entire industries, nations and global information that can cause disruption to
economic forces. the network. Reasons may vary from
personal gains to political reasons.
6. Foreign Intelligence Cyber crimes include theft, sabotage,
vandalism, cyberstalking, child
The cyberspace is a potentially lucrative pornography, copyright violations,
source of strategic and competitive piracy, trademark counterfeiting,
intelligence that can be collected by Internet fraud and others.
intelligence agencies of governments
and their military and police Likewise, acts which disrupt or
organizations. Intelligence that can be interfere with the normal conduct of
collected in the cyberspace include transactions over the cyberspace are
reports on current events, analytic regarded as cyber crimes. According to
political and economic assessments and the Tenth United Nations Congress on
plans, as well as programs and the Prevention of Crime and the
operations of government, political Treatment of Offenders, in Vienna on
organizations, non-government April 10-17 2000, Cyber crime is defined
organizations/people’s organizations as “any crime capable of being
(NGOs/POs) and business committed in an electronic
organizations. It encompasses environment, where crime refers to
monitoring, eavesdropping and behavior generally defined as illegal or
interception of communications or likely to be criminalized.” Specific cyber
electronic messages. crimes have already been identified by
the international community as well as
7. Cyber Crimes the Philippine legislative body, and will
be elaborated on in the latter parts of
Synonymously referred to as computer this section.
crimes, they are characterized by

15
 The National Cyber Security Plan

II. TOOLS FOR CYBER ATTACKS

SOURCE : KNTV San Jose, California

In carrying out these threats, several These program codes are placed by
tools and weapons are used by developers and vendors to make it
perpetrators of cyber attacks. The easier for them to modify or repair
following are some of the most system parameters. Because they are
commonly known tools: usually compromised, they are used as
entry points for hacking. These can also
be program codes that have been
1. Back Door / Trap Door planted by an attacker into a computer
system’s firewall in the form of a Trojan
This is a set of instructions that permits horse. The Trojan horse acts as a slave
an unauthorized or authorized user to waiting for a command to be executed
bypass the system’s security measures and controlled remotely by a master
(usually a network firewall), usually (usually the attacker).
referred to as backdoor entrances.

16
 The National Cyber Security Plan

2. Trojan Horses 5. Worm

These are programs that appear to be A worm is a program that replicates

valid and useful but usually contain itself via a permanent or dial-up
hidden instructions that can cause network connection. Unlike a virus,
damage to the system. A destructive which seeds itself within the computer’s
software that disguises itself as a hard disk for file system, a worm is a
benign application, they are usually self-supporting program. It can also be
utilized in order to place a used to spread time bombs, viruses,
backdoor/trap door into a compromised Trojan horses, etc.
system.
6. Packet Storming
3. Virus
This is a form of attack that involves
This is a special type of Trojan horse the flooding of ports with a large
that can replicate itself and spread, just number of packets with the intent to
like a biological virus, causing damage deny service to the network. It can be
to a computer system or network. repeated in rapid fire succession
Depending on the author’s motive, a generating enough traffic to shut major
program infected with virus may cause networks. This is sometimes called the
damage immediately upon execution, or “smurf attack.”
it may wait until a certain event has
occurred, such as a particular date, time 7. Email Bombs
or command. It should be noted that
computer virus infection is increasing More commonly known as email
by 47% per year perpetrated by hackers spamming, this is the bombardment of
who maintain 30,000 hacker-oriented email accounts with thousands of
sites on the Internet. messages, distributed with the aid of an
automated tool, causing a recipient’s
4. Logic Bomb incoming email box to jam.

This is a type of Trojan horse whose 8. Packet Sniffing

destructive actions are set to occur
when a particular condition occurs, such These are program utilities that easily
as reaching a particular clock-time of permit unauthorized persons to capture
the initiation of a particular program. and examine packet data. Sniffers
Logic bombs are sometimes used for monitor network data and can be a self-
computerized vandalism and revenge. contained software program of
They are designed to go off long after hardware devices which usually act as
the programmer has left the network probes or “snoops” examining
organization. network traffic but without intercepting
or altering it.

17
 The National Cyber Security Plan

The two kinds of packet sniffing are 10. Chipping

PASSIVE and ACTIVE. Passive sniffing
is usually done in a local area network This pertains to the installation of
environment within the same subnet microchips in the production of
while ACTIVE sniffing is done in a integrated circuits by manufacturers
larger-scale environment, usually over a that can be used for sabotage, by
routed wide-area network. serving as control and locator for some
future undertaking.
9. Software Robots
11. Nano-Machines and Microbes
These are programs that automatically
traverse the web’s hypertext structure These are tiny robots that are smaller
designed to retrieve documents from a than ants and are used to attack
site, and reference all documents in a computer hardware by crawling and
recursive manner. Sometimes called
web wanderers, crawlers or spiders,

software robots are usually used to entering computers through slots and
carry out search tasks but can also be shutting down electronic circuits. A
designed to steal information, destroy special breed of microbes can also be
data, violate copyright or strain used to destroy integrated circuits.
resources on another site and also
overload networks and servers.

18
 The National Cyber Security Plan

14. Distributed Denial of Service

(DDoS)

DDoS attacks employ armies of

"zombie" machines that are controlled
by a single master server. These
machines will then inundate a target
server with thousands of packets of
data, in an attempt to overwhelm the
server and cause it to crash.

DDoS attacks have always been a tool of

choice for attackers in taking down
entire networks.
SOURCE : US DEPARTMENT OF STATE
Bureau
SOURCE : US of Diplomatic
DEPARTMENT OF Security
STATE
Office
BureauofofAnti-Terrorism Assistance
Diplomatic Security
Office of Anti-Terrorism Assistance
15. Steganography

Steganography is simply taking one

12. Electronic Jamming piece of information and hiding it
within another picture or document.
This is the deliberate radiation, re- Computer files such as images, sound
radiation and reflection of recordings, and disks contain unused or
electromagnetic energy for the purpose insignificant areas of data.
of disrupting or preventing the use of Steganography takes advantage of these
electronic devices, equipment, or areas, replacing them with information
systems. like encrypted mail, for instance.

Cyber terrorists can use information-

13. High Energy Radio Frequency hiding to assist them in their plot to
(HERF) Guns–EMP Bombs destroy infrastructures and cause
damage to key government sites and
HERF guns are radio transmitters that services. These attackers can embed
can shoot a high-power radio signal at full messages and communications
an electronic target to disable it. EMP inside pictures that people would never
bombs are weapons that use suspect. Information-hiding can also be
electromagnetic pulse that can be used for hiding Trojans, spreading
detonated near electronic devices. It can viruses, concealing backdoors, hiding
destroy all computer and destructive wiping programs, imbedding
communication systems in a large area. links, and passing secret information.

19
 The National Cyber Security Plan

III. MODES OF OPERATION

SOURCE : US
SOURCE DEPARTMENT
: US DEPARTMENT OF OF
STATE
STATE
Bureau of Diplomatic
Bureau Security
of Diplomatic Security
Office of Anti-Terrorism
Office Assistance
of Anti-Terrorism Assistance

The usual modes of operations are the traffic into the computer network for
following: personal or political gains.

• Hacking is defined as the • Phreaking is the unauthorized

unauthorized access to a computer entry to or hacking of a
system to gain knowledge about a telecommunication system in order to
particular computer system and how it gain access to a telephone line or make
operates. free calls. It is also a means to gain
control of a phone switch in order to add
• Cracking, on the other hand, is additional phone lines and modify
the unauthorized access to computer billing information.
systems to sabotage, steal information,
and modify data or congest information

20
 The National Cyber Security Plan

IV. POTENTIAL THREAT SOURCES

SOURCE : Microsoft Office 2003

Threats to critical cyber infrastructure collection of strategic intelligence

will increase as development of these and information warfare
infrastructures also progresses. These • Business Competitors – for
threats may come from a variety of competitive advantage through
sources which may be either internal or industrial espionage and
external to the cyber infrastructure per competitive intelligence
se. • Terrorist Organizations – for
disruption and destruction through
Threat sources include, among others: cyber terrorism among others.
• Organized Crime Groups – for
• Nations (hostile or non-hostile) – personal and organizational gain
for economic, political and security through all forms of cyber crimes
reasons • Insiders – for revenge or economic
• Foreign Intelligence Service – for gain through sabotage and theft
information superiority through

V. VIEW OF THE THREAT

Threats to critical cyber infrastructure increases. The US Department of

will rapidly increase in terms of Defense came up with a projection on
frequency and lethality as development how these threats will be in the future
and use of these infrastructures also as shown in the table below:

21
 The National Cyber Security Plan

PERPETRATOR Validated Existence Likely Beyond

Existence Likely but By 2005
Not validated 2005

Incompetent W

Hacker W

Disgruntled Employee W

Crook W

Organized Crime L W

Political Dissidents W

Terrorists Groups L W

Foreign Espionage L W

Tactical W
Countermeasures

Orchestrated Tactical IW L W

Major Strategic L
Disruption
Source: IW (Defense) by DoD, USA, 1995

Where: W – WIDESPREAD L - LIMITED

VI. MOTIVATIONS

Threat sources likewise have diverse invading privacy, spreading ideologies

individual and collective motivations or and others.
intentions. While some perpetrators do
not intend to cause large-scale damage The identification of potential threat
to cyber infrastructures, many do sources and the understanding of their
engage in these activities to realize motivations are crucial to knowing what
political and economic ends such as type of preparedness and security
achieving competitive advantage, requirements must be organized to
instituting revenge, deliberately minimize, avert or eliminate potential
exposure.

22
 The National Cyber Security Plan

VII. INCREASING RISK

SOURCE : INTEL Corporation

Despite the benefits, the increasing use Inability to perform these functions can
and rapid growth of critical cyber constitute substantial income and
infrastructures have amplified the risks opportunity losses.
in our national security environment.
4. Standardization of Technology –
Here are the major contributory factors Standardization of technology for
why such a situation occurs despite the interoperability and system efficiency
benefits that ICT provides: opens up windows of vulnerabilities
that will be common to all systems and
1. Dependency – Increasing to the knowledge of everyone.
dependence on the use of information
and communication systems for 5. Technology as a Force Multiplier
individual and corporate undertakings. – Information and communication
technology provides equal opportunity
2. Interdependency – Digital to government, military and police
infrastructures are interdependent in organizations as well as to individuals,
terms of system configurations, criminal and terrorist organizations.
connectivity and applications. The ICT provides the advantage of speed,
failure of one digital infrastructure can stealth, wide coverage in terms of
cause the failure of another distance and target, anonymity, low
infrastructure or vice versa. cost, and high success potential, among
others. It only takes a personal
3. Globalization – The globalization computer connected to a network and a
of business operations and processes computer virus to inflict tremendous
requires the need for real-time damage on a global scale. ICT is also an
information and information resources. effective medium for propaganda.

23
 The National Cyber Security Plan

PART THREE: INTERNATIONAL AND DOMESTIC

CYBER SECURITY REGIME

SOURCE : Microsoft Office 2003

The pervasiveness of threats to critical cyber infrastructure has long been

considered an international problem. This prompted the international
community to draft guidelines and implement measures to curb its
increasing potential to undermine the peaceful world order. The
Philippines, being a member of different international organizations,
recognizes and subscribes to these guidelines as essential ingredients in
its own cyber security planning and programs.

24
 The National Cyber Security Plan

I. INTERNATIONAL REGIME

A. UNITED NATIONS
the criminal misuse of information
technologies;

(d) Law enforcement personnel should

be trained and equipped to address
the criminal misuse of information
technologies;

(e) Legal systems should protect the

confidentiality, integrity and
availability of data and computer
systems from unauthorized
impairment and ensure that criminal
abuse is penalized;
The importance of dealing with
cybersecurity concerns attained
(f) Legal systems should permit the
international status and character
preservation of and quick access to
owing to its pervasiveness and electronic data pertaining to
capability to undermine the peaceful particular criminal investigations;
world order. The UN General Assembly
during its 81st Plenary Meeting on (g) Mutual assistance regimes should
December 4, 2000 adopted Resolution ensure the timely investigation of the
55/63 entitled Combating the Criminal criminal misuse of information
Misuse of Information Technologies technologies and the timely gathering
which provides, among others, that: and exchange of evidence in such
cases;
(a) States should ensure that their
laws and practices eliminate safe (h) The general public should be made
havens for those who criminally aware of the need to prevent and
misuse information technologies; combat the criminal misuse of
information technologies;
(b) Law enforcement cooperation in
the investigation and prosecution of (i) To the extent practicable,
international cases of criminal misuse information technologies should be
of information technologies should be designed to help prevent and detect
coordinated among all concerned criminal misuse, trace criminals and
States; collect evidence;

(c) Information should be exchanged (j) The fight against the criminal
between States regarding the misuse of information technologies
problems that they face in combating requires the development of solutions

25
 The National Cyber Security Plan

taking into account both the protection a manner appropriate to their

of individual freedoms and privacy individual roles. They should review
and the preservation of the capacity of their own policies, practices, measures
Governments to fight such criminal and procedures regularly, and should
misuse. assess whether these are appropriate
to their environment;
In the subsequent Resolution 56/121,
the UN moved to invite Member States, (c) Response. Participants should act
when developing national law, policy in a timely and cooperative manner to
and practice, to combat the criminal prevent, detect and respond to
misuse of information technologies, and security incidents. They should share
take into account, as appropriate, the information about threats and
work and achievements of the vulnerabilities, as appropriate, and
Commission on Crime Prevention and implement procedures for rapid and
Criminal Justice and of other effective cooperation to prevent, detect
and respond to security incidents. This
international and regional
may involve cross-border information-
organizations.
sharing and cooperation;
The most significant effort on the part (d) Ethics. Given the pervasiveness of
of the UN in the area of cybersecurity information systems and networks in
was the adoption of Resolution 57/239 modern societies, participants need to
entitled Creation of a Global Culture of respect the legitimate interests of
Cybersecurity during its 78th Plenary others and recognize that their action
Meeting on 20 December 2002. This or inaction may harm others;
resolution provided an annex wherein it
recognized nine complementary (e) Democracy. Security should be
elements in creating a global implemented in a manner consistent
cybersecurity culture and set Member- with the values recognized by
States’ individual responsibilities. For democratic societies, including the
the purposes of this Plan, extensively freedom to exchange thoughts and
quoted hereunder is the content of the ideas, the free flow of information, the
annex of Resolution 57/239 which confidentiality of information and
enumerates the said elements. communication, the appropriate
protection of personal information,
(a) Awareness. Participants should be openness and transparency;
aware of the need for security of
information systems and networks (f) Risk assessment. All participants
and what they can do to enhance should conduct periodic risk
security; assessments that identify threats and
vulnerabilities; are sufficiently broad-
(b) Responsibility. Participants are based to encompass key internal and
responsible for the security of external factors, such as technology,
information systems and networks in physical and human factors, policies

26
 The National Cyber Security Plan

and third-party services with security (h) Security management.

implications; allow determination of Participants should adopt a
the acceptable level of risk; and assist comprehensive approach to security
in the selection of appropriate controls management based on risk
to manage the risk of potential harm assessment that is dynamic,
to information systems and networks encompassing all levels of
in the light of the nature and participants’ activities and all aspects
importance of the information to be of their operations;
protected;
(i) Reassessment. Participants should
(g) Security design and periodically review and reassess the
implementation. Participants should security of information systems and
incorporate security as an essential networks and should make
element in the planning and design, appropriate modifications to security
operation and use of information policies, practices, measures and
systems and networks; procedures that include addressing
new and changing threats and
vulnerabilities.

27
 The National Cyber Security Plan

B. APEC CYBERSECURITY STRATEGY

computers and information networks
have made it important for them to
coordinate their cyber crime and
infrastructure protection efforts more
rapidly and efficiently. Issues and
activities in the following areas namely
legal developments, information-
sharing and cooperation, security and
technical guidelines, public awareness,
training and education and wireless
security, serve as the basis for APEC’s
On October 21, 2001 the APEC Leaders efforts on cyber crime and critical
issued their Statement on Counter- infrastructure protection. Said concerns
Terrorism that condemned terrorist could also form the basis of meeting the
attacks and deemed it imperative to stated objectives of Leaders and
strengthen cooperation at all levels in Ministers.
combating terrorism in a comprehensive
manner. As part of this statement, the APEC recognizes that the fight against
leaders called for strengthening APEC cyber crime and the protection of critical
activities in the area of critical infrastructures is built upon the legal
infrastructure protection, including frameworks of every economy. In
telecommunications. On May 30, 2002, particular, cyber security depends on
the Telecommunications and every economy having (1) substantive
Information Ministers of the APEC laws that criminalize attacks on
economies issued the Shanghai networks, (2) procedural laws to ensure
Declaration that included a Statement that law enforcement officials have the
on the Security of Information and necessary authorities to investigate and
Communications Infrastructures and a prosecute offenses facilitated by
Program of Action. technology, and (3) laws and policies
that allow for international cooperation
The expansion and potential effects on with other parties in the struggle
individual member-economies of against computer-related crimes.

28
 The National Cyber Security Plan

C. ASEAN CYBER SECURITY INITIATIVE

ASEAN TELMIN), ASEAN Ministers, in
a joint statement, vowed to enhance
regional cooperation on cybersecurity.
Specifically, the ASEAN members
committed to establish National
Computer Emergency Response Teams
(CERTs) by 2005. All member countries
shall have also established, by 2004, a
common framework for sharing
cybersecurity threat and vulnerability
assessment information. Cybersecurity
expertise and information will be shared
During the Third ASEAN among member countries to help develop
Telecommunications and Information cybersecurity policies and exchange real-
Technology Ministers Meeting (3rd time information on cybersecurity issues.

29
 The National Cyber Security Plan

II. LEGAL REGIME IN THE FIELD OF CYBER SECURITY IN THE PHILIPPINES

SOURCE : US DEPARTMENT OF STATE

Bureau of Diplomatic Security
Office of Anti-Terrorism Assistance

The government has to have laws - Republic Act 8484 entitled Access
instituted to help protect companies and Devices Regulation Act of 1998 dated
consumers from abuses and to address February 11, 1998 which regulated
internet security in a global context. The the issuance and use of certain
Philippines is governed by the following access devices. It defined access
legislations pertaining to the utilization, device fraud as a criminal offense;
development and protection of the
Philippine cyberspace: - Executive Order No 467 dated March
17 1998 which set forth guidelines
- Republic Act 7935 or the Philippine that will govern the operation and
Public Telecommunications Policy use of satellite telecommunications
Act enacted on March 1, 1995 which facilities and services in the country;
regulated the telecommunications
industry in the country;

30
 The National Cyber Security Plan

- Republic Act 8747 or the Philippine

Year 2000 Readiness and Disclosure
Act which was approved on June 01,
1999, setting the necessary
guidelines to ensure the readiness of
Philippine computer systems,
products and services against the
Y2K bug;

- Executive Order 269 dated January

12 2004 which created the
SOURCE : Microsoft Office 2003

Commission on Information and

Communications Technology as the At present Congress still has to pass the
governing body in all ICT-related consolidated version of four cyber crime
activities in the country. bills (House Bill Nos. 1310, 3241, 4083
and 5560) that were filed during the
One of the most important cybersecurity Twelfth Congress. The consolidated
legislations in the Philippines at present version “AN ACT DEFINING
is Republic Act 8792 or the E-Commerce CYBERCIME, PROVIDING FOR
Act which was enacted on June 14, 2000. PREVENTION, SUPPRESSION AND
While Section 33 of RA 8792 now lays out IMPOSITION OF PENALTIES
how hacking, cracking and piracy should THEREFOR AND FOR OTHER
be punished, the government still need to PURPOSES” OR THE CYBERCRIME
pass another law on cyber crime, cyber PREVENTION ACT OF 2003 shall have
fraud and similar offenses. to be re-submitted to Congress for
enactment.

31
 The National Cyber Security Plan

PART FOUR:
CYBER SECURITY STRATEGIES AND PROGRAMS

SOURCE : Microsoft Office 2003

This National Cyber Security Plan seeks to institutionalize the

necessary capabilities in the government and the private sector to
adequately meet and respond to challenges and threats against critical
cyber infrastructures.

Programs laying the necessary foundations to provide an assurance of

continuous operation of our critical cyber infrastructures and ensure
business continuity are outlined in this section.

32
 The National Cyber Security Plan

I. CYBER INFRASTRUCTURE PROTECTION REQUIREMENTS

SOURCE: Computer Associates

The advances in technology, nature and necessary in order to meet such

characteristics of cyber threats have challenge:
made the challenge of protecting critical
cyber infrastructures more difficult for ƒ Knowledge of the threats
stakeholders. Meeting this challenge ƒ Identification of vulnerabilities
requires technological expertise, ƒ Resilient protective measures
concerted action from national and local ƒ Effective response capability
agencies, the private sector, the ƒ Recovery program
citizenry and the international ƒ Effective law enforcement
community. Thus, the following are

II. GENERAL DIRECTION AND GOALS

The general direction of the national • Effective law enforcement and

cyber security plan is focused on how to administration of justice.
achieve the following:
• Public-private sector partnership
• Coordinated and integrated response
• International cooperation
• Information assurance
• Sustainability of programs
• Continuous operation of critical
cyber infrastructures. • Cyber security conscious society.

33
 The National Cyber Security Plan

III. GUIDING FRAMEWORK

1. Promote a Secure Environment • Reduce losses and damages. It

necessitates the implementation of
• Identification and elimination of contingency plans and other actions
threats. It involves knowing the to mitigate potential losses and
threats and determination of ways in damages.
which they can be effectively
neutralized. 2. Implement a resiliency program for
business continuity.
• Assess and eliminate vulnerabilities.
It entails the identification and 3. Institute effective law enforcement
removal of weaknesses and programs and proactive legal and policy
increasing the level of resiliency. regime.

• Defeat attacks. It requires the

application of appropriate and
adequate countermeasures.

IV. CYBER SECURITY STRATEGIES

There are four (4) strategies that were Cyber security, and Institutional and
formulated which are necessary to Policy Build-Up. Every strategy has
protect critical cyber infrastructures: corresponding programs to be
Understanding the Risk, Controlling undertaken.
the Risk, Organizing and Mobilizing for

STRATEGY 1 - UNDERSTANDING THE RISK

The most fundamental strategy in cyber intelligence capability as a

protecting the nation’s critical cyber proactive measure in understanding
infrastructures is to first understand and overcoming these threats.
the nature of threats to Philippine
cyberspace. This strategy involves a
national and continuing threat A. NATIONAL ASSESSMENT
assessment. It also necessitates
assessing the vulnerabilities, current The Assessment Program will consist of
protective measures being implemented two primary programs: the national
and the significance of potential targets. cyber geography and the risk
This strategy also entails the need for a assessment.

34
 The National Cyber Security Plan

1. Philippine Cyber Geography Program addressed effectively from

operational and strategic
a. Inventory perspectives.

This program will identify and Likewise, a cyber or digital

account digital infrastructures in intelligence program will be
order to determine their extent created. It will be undertaken to
and degree of criticality to be able gain knowledge of the hacker’s
to prioritize and allocate world, its personalities,
resources for cyber security. This operations and plans.
will include accounting of
physical facilities, hardware,
software and people. b. Vulnerability Assessment

b. Cyber-Geography Vulnerability assessment

programs will be implemented on
This program will undertake a periodic basis to identify
acquisition of knowledge weaknesses in CI protective
pertaining to demographics, programs and to institute
traffic, statistics and other appropriate corrective measures.
relevant information which may This program will include the
be used to map out the Philippine following:
Cyberspace for cybersecurity
program formulation and
implementation. b.1. Formulation of a Vulnerability
Assessment Framework and
Checklist
2. Risk Assessment
This framework and checklist will
Risk assessment represents an be used to gather essential
important step in understanding the information on IT security threats
threats, vulnerabilities, and measures, critical security
countermeasures and impacts to policies and practices on
national security. It will have the networks, systems, applications,
following components: and data and its classification,
and external systems; cyber
a. National Threat Assessment attacks and glitches experiences;
and cyber attacks and glitches
A national threat assessment recovery plan.
program will be implemented to
provide basis for and continuing
understanding of the nature of
cyber threats and how they can be

35
 The National Cyber Security Plan

b.2. Security audit, survey and c. Impact Analysis

inspection
It will be implemented to
This will entail the conduct of a continuously assess the
periodic security audit, survey implications of any attacks
and inspection as a way to ensure against digital infrastructures on
implementation of security the operations of government and
programs as well as a means to the economy.
identify weaknesses.

STRATEGY 2 - RISK CONTROL

Risk control requires comprehensive of law enforcement and military units in

security planning, effective resolution of the interdiction of terrorists, spies and
crisis and risk monitoring. This strategy criminals.
will address the aspects of mitigating
or reducing vulnerabilities, likelihood of
threat occurrence and potential losses This program entails the following:
or damages.
a. Creation of a Cyber Special
Operations Unit.
A. PREVENTIVE CAPABILITY PROGRAMS
b. Monthly National Intelligence
1. Cyber Intelligence Estimates (NIE) that will embody
strategic and operational
Cyber intelligence is defined as the intelligence on cyber crimes,
process of acquiring and utilizing cyber terrorism and foreign and
threat-related knowledge in the competitive intelligence
cyberspace that pertains, but not operations.
limited, to the nature and
characteristics of cyber threats, their c. Development and management of
modus operandi, plans, organizations, a Hacker’s Database
personalities and other relevant
information. d. Development and implementation
of a cyber-intelligence training
The cyber-intelligence program will be program for the AFP and PNP.
intelligence operations against sources
of cyber threats. This program will be
able to provide periodic assessments
and address information requirements

36
 The National Cyber Security Plan

2. Warnings & Advisories occurrence of an attack. This will be a

function of the RP-CERT,
This program will provide necessary Regional/Sectoral CERTs and
information on threats and security monitoring points.
alerts, as well as advisories, to all
critical infrastructure owners and
operators, and the general public. It is 3. Operations Security (OPSEC) Program
intended to prepare and update them
for any threat situation. These a. This will be a program for
warnings and advisories will include government information security.
computer attack information, trends or It will focus on systems and
modus operandi, wanted cyber procedures on the proper
criminals and terrorists and updates on handling of classified and critical
patches and protective measures among information.
others.
b. Implementation of an encryption
system for the government.
B. PROTECTIVE CAPABILITY PROGRAMS

4. Security Audit
1. Building Robust Systems
This program will require the periodic
This program is intended for critical conduct of security audit to identify
infrastructure owners and operators vulnerabilities, compliance of security
and manufacturers to build robust and standards and monitoring on the
redundant systems to withstand attacks appropriate implementation of security
or mitigate vulnerabilities. This will programs.
include systems design and engineering
and reliable back-up systems. It will
embrace the adoption of reconstitution 5. Consumer Protection Program
and rehabilitation measures to ensure
immediate recovery. This program will establish
mechanisms to address consumer
This will also incorporate the protection issues and concerns that
formulation, adoption and issuance of include the following:
security standards that will serve as a
guide to IT security managers. a. Consumer safety
b. Consumer Education
c. Remedy and redress in case of
2. Intrusion Detection fraud
d. Product information for choice
This program envisions monitoring e. Access to products
intrusions as a way to detect the f. Product evaluation and testing

37
 The National Cyber Security Plan

C. RESPONSE CAPABILITY PROGRAMS and refer the same to the law

enforcement agencies and the RP-
1. Establishment of Computer Security CERT for investigation. A website
Response Units will be developed and maintained as
the primary complaint reporting
nexus.
a. The RP-CERT

The G-CSIRT will be restructured as D. ENHANCEMENT OF L AW

a national computer emergency ENFORCEMENT CAPABILITY
response team and will be renamed
RP-CERT. Besides recovery and
reconstitution, the RP-CERT will be 1. Cyber Cops
the focal point for response to
incidents and other cyber-related This program will improve and increase
matters. the current law enforcement capability
of the PNP and NBI. It envisions
b. Regional / Sectoral CERTs training and developing 2 to 3 forensic
investigators and incident responders in
In support of the RP-CERT, this every regional and provincial office of
program entails the establishment of the PNP and NBI. It will provide local
regional or sectoral computer and international trainings on forensics
emergency response teams across and investigation, incident response,
the country which will enable faster preservation of evidence, data
and more localized response to cyber recovery/retrieval and analysis, digital
incidents. They can be any regional intelligence and other relevant courses.
or local government offices, or
private sector organizations that 2. Establishment of National Forensic
have the capability to undertake said Laboratory
program. These regional / sectoral
CERTS will serve as immediate This program aims to establish a
points of contact for government modern national forensic laboratory
agencies, local government units and that will be called the National
private sector entities. It will Computer Forensic Laboratory (NCFL),
coordinate its operation with the RP- serving as a processing laboratory and
CERT. center for computer crime evidence
repository. It will provide support to law
c. Establishment of Cyber Crime enforcement operations in addition to
Complaint Center (C4) conducting training on computer
forensics and investigation.
This program envisions providing a
mechanism to receive and develop
Internet-related criminal complaints

38
 The National Cyber Security Plan

3. Establishment of Regional Forensic 1. Establishment of Corporate Disaster

Laboratories and Recovery Plan

This program aims to establish strategic This program will require all CI’s to
regional forensic laboratories at the have a Corporate Disaster and Recovery
regional or local level that will provide Plan that will define contingency
localized support for law enforcement measures in case of attacks or disasters.
units. It will define systems and procedures
for the immediate recovery and
4. Capacity-Building for Judges and resumption of their normal operations.
Prosecutors
This plan will include:
This program will provide education
and training for judges, prosecutors and a. Redundancy and back-up systems
lawyers to help them in the effective
handling of cyber crimes and in the b. Rapid assessment of attack and
administration of justice. extent of damages, determination
of vulnerabilities exploited and
E. BUSINESS CONTINUITY / RESILIENCY conduct of rehabilitation
PROGRAM procedures to avert or deter
similar attacks previously
This program will provide measures experienced by the system
and mechanisms to mitigate
losses/damages and allow critical c. Adoption of standard operating
infrastructures to recover and procedures.
reconstitute immediately in order to
arrest further disruption of the d. Coordination with RP-CERT and
operation of critical infrastructure law enforcement units.
operations.

F. REMEDIATION PROGRAM

This program focuses on the

development of security remedies and
solutions to cyber attacks through
private sector partnership. This will be
a joint undertaking with private
organizations like software companies,
educational institutions, IT security
companies and other relevant
organizations.
SOURCE : http://www.useastusa.com

39
 The National Cyber Security Plan

STRATEGY 3 - ORGANIZATION AND MOBILIZATION FOR CYBER SECURITY

This strategy pertains to the C. PUBLIC AND PRIVATE PARTNERSHIP /

organization and mobilization of COOPERATION
human, financial, and relevant
resources for the implementation of the 1. Public-Private Partnership Forum
National Cyber Security Program.
Mobilization, as used in this section, is This program is intended to establish
the enlistment and active participation mechanisms for a strong partnership
of all stakeholders in support of all public-private sector for cyber
programs listed herein. infrastructure protection. Cooperation,
collaboration and coordination between
the government and the private sector
A. ESTABLISHMENT OF A FOCAL POINT are vital components in the
implementation of the National Cyber
A focal point should be established to Security Plan.
coordinate all policy and convergence
effort of the government. The same Public-private partnership will be in the
shall lead in the formulation and form of:
implementation of all national cyber
security programs and other related a. Capacity-Building
programs. b. Information-Sharing
c. Threat Assessment
d. Joint Management of Cyber
B. CREATION OF NATIONWIDE Security Programs
MONITORING POINTS e. Digital Intelligence
f. Counter-Intelligence
This program will establish Monitoring g. Remediation
Points that will serve as listening posts h. Utilization of the Reserve or
for intrusions. They will be deployed at Auxiliary Force
strategic points around the country. i. Incident Reporting
They will detect, gather and help j. Advocacy
analyze information with regard to
intrusions. Envisioned as a public- 2. International Partnership / Cooperation
private sector partnership, it will
support the program on threat This program aims to forge
assessment and detection. partnerships with foreign governments
and international organizations for
sharing information and best practices,
capacity building and law enforcement.

40
 The National Cyber Security Plan

D. ADVOCACY AND PUBLIC AWARENESS 1. Computer Ethics

2. Computer Security
This program will focus on 3. Incident Reporting
implementing a cyber security advocacy
program that will rally the general This program should be incorporated in
public to protect the Philippine the educational curricula of the
cyberspace. This program will Department of Education (DepEd) and
specifically focus on: Commission on Higher Education
(CHED) and Technical Education and
Skills Development Authority (TESDA).

STRATEGY 4 - INSTITUTIONAL BUILD-UP

This strategy intends to institute 3. The resolution of issues and problems

reforms that are necessary to address related to Evidence Law or more
the challenges of cyber threats. specifically, the acceptability of
Regulatory and legislative changes will electronic evidence in computer
have to be undertaken to provide the crime prosecutions.
necessary legal regime and policy
environment.
C. SECURITY STANDARD
A. PASSAGE OF CYBER CRIME LAW
1. The adoption and implementation by
1. The Cyber Crime Bill should be all government agencies and GOCC's
certified as an urgent bill and to be of relevant international and local
submitted to Congress. standards like the ISO 17799 and
BS7799 as applicable, and those
2. Active lobbying by the private sector promulgated by the Bureau of
for the passage of the bill. Standards under ISO 9001:2000
quality management systems
requirements;
B. ADMINISTRATION OF JUSTICE
2. The adoption of an Information
1. Creation of a special court to handle Security Management System
cyber crimes. (ISMS) as a requirement in the
Integrated Information Systems
2. Institutionalization of relevant Plan of each government agency.
educational programs for lawyers and
judges.

41
 The National Cyber Security Plan

D. EDUCATION & TRAINING 1. Establishment of Knowledge Centres

that can provide information
1. Institutionalize training of law resources to law enforcement units,
enforcement agencies on computer CI operators, ICT security
forensics, investigation and handling managers, government personnel
of digital evidences. and others;

2. Development of cyber security 2. Establishment of linkages with

professionals. relevant international KM
organizations.

3. Establishment of partnerships with F. RESEARCH & DEVELOPMENT

foreign governments and
international organizations. This program will undertake research
and development including, but not
E. KNOWLEDGE MANAGEMENT (KM) limited to, the following areas:

This program is the adoption of 1. Cryptography

Knowledge Management as a means to 2. Information Warfare
provide knowledge to all stakeholders. 3. Intrusion Detection
Experiences, technological innovations 4. Hacking
and best practices on cyber security 5. Vulnerability Assessment
have to be acquired, re-created stored
and disseminated to improve cyber This program should be jointly
security programs. undertaken with the private sector and
relevant international organizations.

42
 The National Cyber Security Plan

PART FIVE: THE WAY AHEAD

SOURCE : Microsoft Office 2003

The threats to our critical cyber No feasible combination of domestic or

infrastructures are real. The growing international policy options can make
exploitation of information and us completely invulnerable to cyber
communication technology to improve attacks in the future. Nevertheless,
the lives of Filipinos, coupled with our enhancing security in our critical cyber
increasing dependence on these infrastructures can prepare the country
infrastructures for the operation of our for all forms of malicious activities or
economy and government, poses greater threats that lie ahead in the cyberspace.
risk given the threats that are inherent
to these opportunities. It is therefore The private sector has to assume a
imperative that the protection of these major and supportive role in organizing
infrastructures should be a strategic and mobilizing communities, business
component in national security and supportive organizations and
programs to ensure the protection of our groups towards our national goal of
national interests. securing our critical infrastructures.
We have to communicate and advocate

43
 The National Cyber Security Plan

for strong public support to this

program by educating and partnering Protecting the future is the primary
with stakeholders. responsibility of each and every Filipino
today. If the Philippines intends to join
In today’s security environment, cyber the ranks of nations that have become
threats whether individual, information-based societies, security of
organization or nation-sponsored, are the Philippine cyberspace must be
designed to cripple a nation’s capacity to pursued with urgency. It should be
carry out its information-based made a vital component of the over-all
enterprises. Threats metamorphose strategic, operational and tactical
faster than our capability to implement priorities of our national security
counter-measures. Being caught strategy.
unprepared to meet these challenges
might prove disastrous for the country.

44
 The National Cyber Security Plan

APPENDICES

APPENDIX 1 - TFSCI CYBER SECURITY WORKGROUP WORKSHOP OUTPUTS

The TFSCI-CySWG
Implementation Master Plan

A project of
The Task Force for the Security of Critical Infrastructure (TFSCI)
Cyber Security Work Group

Director General Angelo Timoteo M. Diaz de Rivera

Head, TFSCI Cyber Security Work Group

28 June 2004

45
 The National Cyber Security Plan

INTRODUCTION

Terrorism, cyber and otherwise, continues to be one of the most serious threats facing the
security of countries all over the world. No country is immune to attack or exploitation by
terrorists and no one can afford to retreat from the problem.
The Philippines is no exception. Its government, therefore, should step-up its defense
program to safeguard the nation not only from physical terrorist attack, in general, but
from cyber threats to its major, critical infrastructure nationwide.
The nation’s critical infrastructures, such as: telecommunications, banking, agriculture,
and industrial centers, and their mutual dependencies and interconnectedness as enabled
through information and communications technology (ICT) is a prime target, vulnerable at
the moment, even to the most basic of virus attacks and malicious conduct. The high
dependencies of these critical infrastructures on ICT have made them highly vulnerable to
the malevolent intention of lawless elements through cyber exploits and terrorism.
The threats of attacks to critical infrastructure have serious ramifications to the nation’s
immediate economic survival. With a new mandate from the people, the President, Her
Excellency Gloria Macapagal-Arroyo, is in the best position to take the lead in recognizing
the urgency and immediacy of providing a short, as well as, a long term solution to the
protection of critical infrastructures and tapping both the private and public sector to
collaborate in this shared national responsibility.
Through a resolution submitted during the First National Summit on Critical ICT
Protection at the EDSA Shangrila on 16 April 2004, to the office of the President, through
Executive Secretary Romulo, the joint public-private Task Force on Security for Critical
Infrastructure (TFSCI) has put forth the development and implementation of a RP
National Cyber Security Strategy (RP-NCCS) in the soonest possible time to include but
not limited to the following:

a. Formulation, fast-tracking and pro-active advocacy of related regulatory and

legislative agenda in order to provide the necessary legal regime and policy
environment.
b. Conduct of a nationwide cyber security awareness program to promote a
common understanding among stakeholders;
c. Conduct of risk and vulnerability assessment in order to identify risk areas and
effect the establishment and adoption of internationally-accepted cyber security
standards;
d. Institutionalization of cyber-security capability-building programs in order to
produce a critical mass of RP cyber-security professionals; and
e. Establishment of a National and Sectoral Computer Security and Incident
Response Team to ensure that the country is able to immediately respond to all
possible forms of cyber threats and incidents.

46
 The National Cyber Security Plan

To set the tone and initiate action, the Task Force, after a March workshop in DAP,
Tagaytay agreed to pursue subsequent planning activities through the creation of five (5)
planning teams.

THE CYSWG EFFORTS

In 13 January 2004, the NCC– CySWG crafted its preliminary Work Plan which was
submitted and approved by the COC-IS thru the TFSCI

In this preliminary work plan the CySWG identified the following priority programs/
projects:
ƒ A database of critical cyber infrastructure
ƒ Establishment of national, regional and sectoral Computer Security Incident
Response Teams (CSIRT)
ƒ A nationwide adoption of Information Security Standards
ƒ Cyber security policies and implementation plans (National Cyber Security
Strategy)

On March 28-29, 2004, a CySWG organizational workshop was conducted at DAP,

Tagaytay to decide on the final organizational setup, identify short and long- term
programs and activities, and define functions and tasks of the various CySWG committees
under the Task Force for the Security of Critical Infrastructure (TFSCI).

The following five (5) committees were formed during the DAP workshop and these were
formalized at The National Security Summit held at the Shangila EDSA Hotel last 16
April, 2004. The committees are:

1. Risk and Vulnerability Assessment Committee (R/VAC)

2. Training and Education Committee (T-TRAIN)
3. Security Awareness and Advocacy Committee (SAWAT)
4. Formulation and Implementation of Cyber Security Policies Committee (FISPOL)
5. Incident Intervention and Consequence Management Committee (I-ICON)

An Oversight Committee chaired by DG Tim De Rivera was also formed to oversee and
monitor the planning and implementation process to be followed by the CySWG Task
Force committees.

47
 The National Cyber Security Plan

THE 5 TFSCI-CYSWG PLANNING COMMITTEES

The various committees are depicted as shown below

Policy
Formulation

(FISPOL)

Promote Risk
Awareness Assessment

(SAWAT) (RVAC)

Oversight
Overall

(O-OVER)

Technical Incident
Training Response

(T-TRAIN) (I-ICON)

48
 The National Cyber Security Plan

The major objective and function of each committee is shown in the following table:

Committee Major Objective

FISPOL Formulate and implement policies, regulations and rules
of conduct for CySWG members and affected parties or
industries.
RVAC Identify and assess risk and vulnerabilities of critical
infrastructures
SAWAT Promote security awareness training to ciritical
infrastructure and affected publics
T-TRAIN Develop competent security professionals to protect and
support cyber infrastructure
I-ICON Provide coordination, response and exchange of incident
information among the various in-government, private
and regional/global incident response teams on a 24x7
basis
O-OVER Oversee the planning and implementation of the various
CySWG committee efforts

SUB-COMMITTEE WORK
The organizational workshop was soon followed by the following sub-committee workshops
to finalize the individual sub-committee plans and programs:

ƒ April 15 & 16 - to kick off the TFSCI-CSWG activities, a National Cyber Security
Summit was conducted with an end view to increase awareness on the CySWG
plans and programs, and to foster public and private partnership
ƒ April 30 & May 1 – planning workshop at DAP, Tagaytay for the Risk and
Vulnerability Assessment Committee (R/VAC)
ƒ May 26 & 27 – planning workshop at Las Brisas, Antipolo for the Formulation and
Implementation of Cyber Security Policies Committee (FISPOL)
ƒ May 28 & 29 – planning workshop at Las Brisas, Antipolo for the Security
Awareness and Advocacy Committee (SAWAT)
ƒ June 15 & 16 – planning workshop at DAP, Tagaytay for the Training and
Education Committee (T-TRAIN)

49
 The National Cyber Security Plan

ƒ June 17 & 18 – planning workshop at DAP, Tagaytay for the Incident Intervention
and Consequence Management Committee (I-ICON)

In between, several other small group meetings took place among the various members of
the committees to work on after-workshop assignments and other unfinished business as
needed.

THE TFSCI-CYSWG IMPLEMENTATION PLAN

This plan therefore is a result of the planning efforts of the various committees of the
Cyber Security Work Group (CySWG) under the auspices of the Task Force on the
Security of Critical Infrastructure (TFSCI).
The plan is being presented as an initial working plan based on the perspective of the
committee members under the influence of their respective agency training, orientation
and bias. It is suggested that the plan undergo validation by the senior members of the
TFSCI and from the overall view of a composite Physical Security and Cyber Security
perspective. There were also the consideration of funding, executive preference, and other
national prioritization issues that were not taken into account during the CySWG
planning workshops.

THE CYBER SECURITY WORK GROUP (CYSWG) MISSION

To ensure that the critical infrastructure of the country is
99.9% safe and protected in cyberspace

THE CYBER SECURITY WORK GROUP FUNCTION

The information and process flow among the various CySWG functions are envisioned as
follows:

50
 The National Cyber Security Plan

CYSWG GOALS AND OBJECTIVES

The objectives, strategies and action plans submitted and recommended by the five (5)
committees under the CySWG Task Force are detailed in the Appendix of this report.
These are consolidated and summarized in table form in the following pages.

51
 The National Cyber Security Plan

CYSWG OBJECTIVES, STRATEGIES AND ACTION PLAN

Objective Strategies Action Plan
1. To develop the 1.1. Set up a National Computer 1.1.1. Formalize and finalize plan for establishment
country’s Security Incident Response of the NCSIRT center
capability to Team (NCSIRT) Coordinating 1.1.2. Establish and set up physical and
respond to Center or a National organizational office infrastructure
computer Information Security Agency 1.1.3. Establish and develop linkages with
security (NISA) as appropriate international CSIRTs and inhouse/incountry
incidents infosecurity units
1.1.4. Establish coordination with law enforcement
agencies locally and globally (NBI, PNP, FBI,
Scotland Yard)
1.2. Identify and develop capacity 1.2.1. Organize and select qualified personnel
I-ICON

building programs 1.2.2. Identify training needs

1.2.3. Acquire necessary equipment, tools and
supplies
1.2.4. Work with T-Train team to develop
courseware and training mechanisms
1.2.5. Conduct continuing training and upgrading of
personnel.
1.3. Adopt and adapt applicable 1.3.1. Define communication system and alert
Alert and Warning System procedures
1.3.2. Set up website and other communication
facilities
1.3.3. Design and establish alert procedures
1.3.4. Promote NCSIRT system and capabilities

52
 The National Cyber Security Plan

1.4. Adopt and adapt best practice 1.4.1. Identify and benchmark applicable incident
and procedures for Incident handling system to include: audit,
Handling System preservation of forensic data, investigation
and prosecution assistance subsystems
1.4.2. Adopt and adapt post-incident handling and
analysis system

53
 The National Cyber Security Plan

Objective Strategies Action Plan

2. To promote 2.1. Initially promote to primary 2.1.1. Determine target market and define
appropriate stakeholders of selected performance indicators for measuring
security sectors and eventually advocacy effectiveness
awareness broaden coverage of security 2.1.2. Identify ICT-dependent sectors
training for awareness program to other 2.1.3. Tap other industry organizations to assist
sectors whose sectors and stakeholders and support the awareness campaign (ITFP,
mission critical CIOF, ISSSP, PCCI, PMAP)
systems are
heavily ICT- 2.1.4. Train and tap pool of competent SAWAT
dependent resource persons/speakers
2.1.5. Identify appropriate ICT forums and
conferences to implement SAWAT programs
SAWAT

2.2. Use of Television, Radio, 2.2.1. Define target market (CIOs, Users) and
Internet and Print (TRIP) message content
media to create multiplier 2.2.2. Determine marketing strategy in terms of
effect content/media mix vs. target sectors/audience
2.2.3. Develop and implement promotions advocacy
campaign (plans and programs) through PIA
and/or outsourced public relations agencies.
2.3. Integrate cybersecurity 2.3.1. Consult and plan strategy with DepEd,
awareness into existing e- CHED and TESDA
government projects and in 2.3.2. Consult and dialogue with private ICT
basic ICT curriculum educational institutions
2.3.3. Issue necessary directive and guidelines to
government promotions, training and
development centers (PIA, DAP, NCC)

54
 The National Cyber Security Plan

Objective Strategies Action Plan

3. To assess the 3.1. Institutionalize the process 3.1.1. Establish RP-R/VA mechanisms, performance
cyber of reviewing and assessing measures and standards
vulnerabilities of risk and vulnerabilities of 3.1.2. Conduct regular risk assessment activities and
the Nation’s cyber critical workshops
critical infrastructures 3.1.3. Monitor compliance on a continuing basis
infrastructure as
well as those 3.2. Build up of a R/VA 3.2.1. Determine extent and complexity of database
authorities database sourcing, storage and access system.
R-VAC

responsible for 3.2.2. Source and acquire necessary equipment, tools

the business and technology
continuity of 3.2.3. Initiate build up and propagation of database
government
3.2.4. Integrate system resources with I-ICON system
3.3. Adopt and adapt 3.3.1. Source, review and benchmark existing
assessment forms and assessment forms, methodologies
methodologies for 3.3.2. Consult and adapt as applicable
immediate implementation 3.3.3. Pilot and/or implement as deemed fit.
3.3.4. Monitor effectiveness of assessment instruments
and methodology.

55
 The National Cyber Security Plan

Objective Strategies Action Plan

4. Formulate and 1.1. Adopt and adapt best 1.1.1. Conduct survey and research
implement policies, practice on policy 1.1.2. Establish communication exchange
regulations and formulation and arrangements with other countries or cyber
rules of conduct for implementation entities
TFSCI-CySWG 1.1.3. Consult and draft policy manual and guidelines
members and
affected parties 1.1.4. Benchmark/validate policies with other
and industries countries’ policy regime
FISPOL

1.2. Legislate policies and 1.2.1. Identify appropriate legislative/regulatory

regulatory requirements bodies to seek support
where necessary 1.2.2. Schedule action agenda and deliberations
1.2.3. Monitor progress to completion
1.3. Publish, monitor and 1.3.1. Collect related security policies issuances
report on policy 1.3.2. Prepare summaries, abstracts and annotations
implementation as needed
effectiveness 1.3.3. Design, print and distribute materials
1.3.4. Work with SAWAT team for integration into
promotions and advocacy program
5. To develop and 5.1. Develop responsive 5.1.1. Establish training center for cyber security
implement training programs for ICT excellence (under NCC or independent center of
T-TRAIN

responsive training security professionals excellence)

programs to 5.1.2. Develop or outsource necessary courseware and
produce a equipment, tools required
sustainable 5.1.3. Conduct and implement training programs
number of Filipino
cyber security 5.1.4. Partner with private training providers or
vendors for more comprehensive

56
 The National Cyber Security Plan

experts/professiona 5.2. Establish assessment and 5.2.1. Define competence and criteria for assessment
ls at par with their certification and certification
international program/centers for 5.2.2. Establish assessment and certification process
counterparts cybersecurity 5.2.3. Forge assessment and certification working
professionals partnerships with technology owners and
providers

57
 The National Cyber Security Plan

ORGANIZATIONAL REQUIREMENTS: HOW TO PROCEED FROM HERE

Considering that the members of the Task Force Committees consist of volunteer
government and private employees who may not be available to commit their time and
effort in a continuing, as-needed and sustained basis, the CySWG must convert itself or
seek the set up or organization of a permanent body with an official charter. This body
must, as a minimum have full-time, knowledgeable and qualified ICT professionals and
managers who will polish and fine-tune the plan and carry out its implementation based
on their (new people) respective capacities and capabilities. Where extra hands and know
how are needed, the managers and leaders of the renewed permanent body can simply tap
the talents and abilities of either the current members of the CySWG committees or
outsourced to experts in the field.

All the committees agreed to the formation of a permanent body to implement the TFSCI
master plan. Each member realized his role was temporary and his responsibility self-
imposed, if at all. Some members have expressed their willingness to be part of the new
body, if at all formed, depending on their assigned roles and individual working
arrangements.

Although no formal organizational structure or composition of the new permanent

organization was discussed and submitted during the various planning meetings and
workshops, the consensus was that the permanent body will have to be formed depending
on the political and financial situation at the time of formation.

Some functions though are critical and have to be manned by experts in these fields. The
two most critical functions of the new organized permanent body (New-CySWG) are:
ƒ Technical Training (T-TRAIN)
ƒ Incident Response (I-ICON)

THE TECHNICAL TRAINING (T-TRAIN) FUNCTION

The T-Train function will have to be done professionally and on a continuing, sustained
basis. At the moment, the necessary expertise and know how, in terms of course content
and delivery mechanisms are not available in one single entity or training institution. It is
suggested that the training be formalized initially under the NCC, considering that NCC
already has the training facilities and the mandate to do ICT and related training.
The NCC facility can be part of the permanent New-CySWG organization until such time
that the plans of NCC or the New-CySWG will say otherwise.

58
 The National Cyber Security Plan

NCC, as the New-T-Train can now implement and upgrade the T-Train plan which
includes tapping outside expertise on an as-needed basis. The first order of the day is for
NCC to organize a train-the-trainor program and carry out the certification process for its
newly trained ICT Security mentors and instructors.
The New-T-Train can follow the plan of action of the T-Train committee as follows:
ƒ Identify training gaps
ƒ Outsource and tap applicable programs/technologies, courseware and trainors
ƒ Implement training and delivery programs

The T-Train committee has also identified as a resulting business or output, consulting,
curriculum development and certification as among its potential product or services to
follow. Since the critical need for the immediate time frame is for training on ICT security
of government and the critical infrastructure, the auxiliary business of T-Train may have
to wait and its pursuit subject to the will and wherewithal of the permanent officers or
managers to be designated. Training, per se, is already a full-time job and a major
undertaking concern for most managers. It will take a leader with an insatiable business
sense and acumen to expand into the complex world of consultancy and courseware
development as an add-on business.
For the certification, this may be better done in cooperation with TESDA and the ICT-
Industry Working Group who are now in the process of professionalizing the certification
so these can be brought to a stage where the industry and the business community can
look at a certified ICT worker with pride and confidence rather than with doubt and
distrust.

THE INCIDENT RESPONSE (I-ICON) FUNCTION

The incident response function has to be a permanent and fully funded function of the
New-CySWG. This is and will be the heart of the cyber protection capability of the
country. If the new I-ICON fails to beat, the whole body or network of data, information
and processing of such, stops.
The I-ICON function and for that matter the task of providing response and protection to
the information community is proposed by the CySWG through the creation of a National
Computer Security Incident Response Team (NCSIRT). It is also referred to as the
Government CSIRT or G-CSIRT. If an agency, these can be referred to as the National
Information Security Agency (NISA) to encompass all forms of security issues and
concerns whether LAN-based, Cyber-based or simply a corporate misdemeanor or crime
against a standalone information system in a private or government enclave.

59
 The National Cyber Security Plan

The I-ICON function is a coordination and feeding center for the country’s input and
output of cyber nuances. Into its bowels and veins will flow the various threats and
incidents of intrusions, viruses, attacks and even simply misuse or abuse of computer use.
Contrary to the notion of border patrol and control, the I-ICON will never have direct
control or supervision over any other cybersite, whether on-country or off-country. The
major function and significance of a government incident response coordinating center,
however, is its ability and capability to warn, monitor, and inform the cybercommunity of
threats and incidents so all those within reach and coordinating with the center will be
fully warned and therefore can arm themselves accordingly.
The only reason a threat or attack can materialize and succeed is when its intended target
is uninformed, misinformed or incapable of defending itself. These inadequacies can be
overcome by proper training and preparation and a reliable, dependable, 24x7 alert
system.

THE OTHER FUNCTIONS

For the other functions, these can continue as committee work and eventually can be
absorbed by the New-CySWG, G-CSIRT or NISA to be formed. Once a new set of
permanent employees are employed, the other tasks and function may be relegated to
inhouse experts or simply outsourced on an as needed basis.
The Risk Assessment (RVAC) function can be done on a quarterly or continuing basis by
outsourced third party assessors. The New-CySWG only have to come up with standards
by which critical infrastructure and institutions are to be assessed.
The Awareness function and activities (SAWAT) can be implemented inhouse or
outsourced to a public relations agency, once the marketing advocacy plan is done.
Marketing, and especially advocacy efforts like those required for cybersecurity are better
in the hands of marketing-oriented professionals than in ICT people’s hands. Technical
people, and we will have the more technically inclined in the New-CySWG, will be the
wrong people to advocate security. They will either scare the hell out of their constituents
or droop them to sleep with their technical litanies.
Lastly, the Policies function (FISPOL) shall eventually become the responsibility of the
New-CySWG management and not an adhoc committee from the outside. Once the
business of the permanent organization is installed, any policy, guidelines, directions and
the like, will have to emanate from the management and/or their direct superiors.
The oversight function will also have to be relinquished to the New-CySWG leadership.
Theirs will be the responsibility and accountability of making this country, safely, securely
and soundly functioning in LAN or Cyber space.

SHORT-TERM PLAN
For the short-term (up to the end of the year), the various committees have put up their
action plans in terms of activities and deliverables. Details of these plans and activities

60
 The National Cyber Security Plan

are in the attachments. The attachments though reflect a first draft resulting from the
sentiments of those who were present and participated during the workshops. Only the
more implementable or doable activities were selected from the long list of recommended
actions produced by the five (5) committees during their respective planning workshops.
The individual committee worksheets with all their detailed computations and
assumptions are included in the hard copy outputs as well as in the accompanying CD for
those who may want to review them at a later date.

RECOMMENDATIONS
From a practical perspective, there are two major recommendations, and these are:

1. Form the G-CSIRT or NISA as soon as possible. From the findings of the workshop,
there is a need to formalize the creation of a “Response Team” at the least. And these
team has to have the necessary mandate and authority to work with, negotiate and
represent the national interest on matters of information security as a whole.
2. Formalize the development and implementation of a National Strategy for Information
Security as a whole (not just Cyber Security). With the passage of the E-commerce
Law in 2000 and the formation of the ITECC and the CICS, the National Strategy for
Information Security will be a boon and welcomed protective mantel to the many other
ICT plans and strategies adopted and adapted by the ICT community in the last
decade. Cyber as well as inhouse or local information security breach can damage a
business or even whole government more than it can any breach of physical security.
Some companies with headquarters in the collapsed Twin Towers as a result of the 9-
11 tragedy continue to do business simply they had backups and contingency
provisions for their data and information systems. But no business can continue once
their mass of data and their ability to process and compute is wiped out by a virus or
malicious attack.

CONCLUSION
Implementing the plans and programs herein proposed or revised as needed, will require a
different set of knowledge, attitude and skills set. It is recommended that the final
composition of staff and / or committee members who will carry out these plans and
programs be selected based on their knowledge, attitude, skills and availability to carry
out plans and programs… and not just to plan!

61
 The National Cyber Security Plan

APPENDIX 2 – SAMPLE RISK ASSESSMENT QUESTIONNAIRE

I - ORGANIZATION INFORMATION
A. Contact Information (Optional)
Respondent Name :
Email Address :
Job Function :
Name of Immediate :
Supervisor
Job Function of :
Supervisor
B. Organization Information
Company Name :
Address :

Sector : ‰ Agriculture and Food

‰ Banking and Finance
‰ Emergency Services
‰ Energy
‰ Government Services
‰ Information and Communication
‰ Manufacturing
‰ Public Health
‰ Strategic Commercial Centers
‰ Transportation
‰ Water Supply

In which geographic locations is the organization, or its products/services, present?

What is the main purpose or mission of your organization?

What are the products/services being offered by your organization?

How does your organization’s product or services affect the people, economy, and the
government?

62
 The National Cyber Security Plan

What is your organization’s gross income?

‰ Less than 10 M ‰ 100 M to 500 M

‰ 10 M to 50 M ‰ 500 M to 1,000 M
‰ 50 M to 100 M ‰ More than 1,000 M
How many employees are in your entire organization?

‰ Less than 500 ‰ 10,001 to 50,000

‰ 501 to 1,000 ‰ 50,001 to 100,000
‰ 1,001 to 2,500 ‰ More than 100,000
‰ 2,501 to 10,000
Approximately, what is your organization’s information technology budget for this year? IT
budget covers software, hardware, implementations, salaries, consultants, and other
expenses?
‰ Less than 1M ‰ 10M to 50M
‰ 1M to 5M ‰ 50M to 100M
‰ 5M to 10 M ‰ More than 100M
Who is primarily responsible for Information Security in your organization?

‰ Chief Executive Officer (CEO) ‰ General Counsel

‰ Chief Operating Officer (COO) ‰ Business Unit Executive/ Vice President
‰ Chief Financial Officer (CFO) ‰ Information Technology Executive
‰ Chief Information Security ‰ Information Security Executive
Officer (CISO) ‰ Network/System Administrator
‰ Chief Security Officer (CSO) ‰ Internal Audit Director
‰ Chief Privacy Officer (CPO) ‰ Other (please specify)
‰ Chief Risk Officer (CRO)

63
 The National Cyber Security Plan

II - SYSTEM-RELATED INFORMATION
A. Data and Information
1. What are the mission ‰ Customer Information
critical data or ‰ Financial Information
information of your ‰ Sales and Marketing Information
organization that will
‰ Research and Development Information
have a high or medium
level of impact if the data ‰ Products and Services
or information is ‰ Plans/Design Information
destroyed, altered, or ‰ Others: _______________________________
compromised?

2. What are the ‰ Loss of service

consequences if data or ‰ Financial costs
information is destroyed, ‰ Loss of employment
altered, or compromised?
‰ Legal implications
‰ Loss of trust
‰ Others: ________________________________

3. Does your organization Information is classified according to:

have an information ‰ Sensitivity – a classification based on the nature of
classification system? confidentiality of the information to determine its
use and disclosure
‰ Yes ‰ No ‰ Criticality - a classification based on the availability
of the information
‰ Guidelines for classifying information is documented
‰ Procedures for labeling and handling information
(storage, transmission, and destruction)according to its
classification are documented and implemented
‰ Responsibility for classifying information is clearly
defined
4. Does your company An inventory of the following assets are maintained:
maintain an inventory of ‰ Information assets, e.g.databases
assets? ‰ Software assets
‰ Hardware assets
‰ Others: _________________________________
‰ Yes ‰ No
‰ Responsibility for the maintenance of inventory records
are assigned and documented

64
 The National Cyber Security Plan

B. Application System Information

The table provided below will be used to answer the following questions:
1. What are the mission critical application systems that process your organization’s data and information?
2. What is the purpose of the system?
3. What are the functions of the system?
4. What are the features of the system?
5. Who are the user groups of the system?
6. What are the internal and external interfaces of they system?
NOTE: Internal interfaces refer to the other IT systems within the organization that the system needs to connect with. External
interfaces refer to the other IT systems outside the organization the system needs to connect with.
Application System Purpose Users Functions Features Interface/s

65
 The National Cyber Security Plan

C. System Sensitivity and Criticality

For each of the identified mission critical systems the table provided below will be used to answer the following questions :
1. What is the sensitivity and criticality level of the information processed by the system?
NOTE: Sensitivity refers to the nature of disclosure of the information being processed
Criticality refers to the availability of the information being processed
2. What is the impact of the loss of integrity, loss of availability and loss of confidentiality of the mission critical data or systems to the
security, health, safety, public welfare or economic well-being of the citizens or on the delivery of basic services of the government?
‰ What is the impact of a temporary, short-term or minor disruption, destruction or breach in operations or security of the system to
the security, health, safety, public welfare or economic well-being of the citizens or on the delivery of basic services of the
government?
‰ What is the impact of a permanent or major disruption, destruction or breach in operations or security of the system to the
security, health, safety, public welfare or economic well-being of the citizens or on the delivery of basic services of the government?
3. What are the other sectors (based on the list of sectors refer to III.B) that will be significantly affected by the system?
Application System Information Information Impact of temporary Impact of Affected Sectors
Sensitivity Level Criticality Level or short-tem permanent or major
(H- High, (H- High, disruption disruption
M- Medium, L- Low) M- Medium, L- Low) (H- High, M- (H- High,
Medium, L- Low) M- Medium, L- Low)
‰ H ‰ M ‰ L ‰ H ‰ M ‰ L ‰ H ‰ M ‰ L ‰ H ‰ M ‰ L

‰ H ‰ M ‰ L ‰ H ‰ M ‰ L ‰ H ‰ M ‰ L ‰ H ‰ M ‰ L

‰ H ‰ M ‰ L ‰ H ‰ M ‰ L ‰ H ‰ M ‰ L ‰ H ‰ M ‰ L

‰ H ‰ M ‰ L ‰ H ‰ M ‰ L ‰ H ‰ M ‰ L ‰ H ‰ M ‰ L

‰ H ‰ M ‰ L ‰ H ‰ M ‰ L ‰ H ‰ M ‰ L ‰ H ‰ M ‰ L

66
 The National Cyber Security Plan

D. Technical Infrastructure
Answering the following questions below shall attempt to establish the following:
a. Identification of different operating systems that host corporate application systems
b. Identification of hardware components that are used to support the system
c. Identification of network infrastructure media that are used to support the system
d. Identification of other facilities that the system depends on
1. What types of hardware are being used to ‰ RISC-based
support the organization’s critical ‰ Intel-based
applications? (Check all that apply) ‰ Mainframe
‰ Citrix Metaframe
‰ Others: ____________________________

2. What operating systems are used to host ‰ Solaris

the organization’s critical applications? ‰ Windows
(Check all that apply) ‰ Linux
‰ Unix
‰ MAC OS
‰ MS-DOS
‰ IBM OS
‰ Others: ____________________________

3. What network infrastructure media are ‰ LAN/WAN

used to support the Company’s application ‰ Unshielded twisted pair
systems? (Check all that apply.) ‰ Shielded twisted pair
‰ Coaxial cable
‰ Fiber Optics
‰ Wireless
‰ Others: ____________________________

4. What are the other support ‰ Please specify:

infrastructures/ facilities that the system
depends on? (ex: external
telecommunications systems, Internet,
water system, etc)

5. Generally, what security technologies are ‰ Digital Ids

utilized in your organization? ‰ Intrusion Detection
‰ PCMCIA
‰ Physical Security Controls
‰ Encrypted Login
‰ Firewalls
‰ Reusable Passwords
‰ Anti-virus Software
‰ Encrypted Files
‰ Biometrics
‰ Access Control

67
 The National Cyber Security Plan

III - SECURITY / CONTROLS ANALYSIS

A. Management Controls
6. Does your organization ‰ There is an IT security document that states the
have information security organization’s security vision, mission, and security
infrastructure? management structure
‰ Information security roles and responsibilities are
‰ Yes ‰ No defined, documented, and address separation of duties
‰ The management provides visible support for security
initiatives
‰ A committee exists to provide oversight for the security
function
‰ A security contact has been designated for the
organization
7. Does your organization ‰ A central person/group maintains, reviews, and updates
have information security information security policies (i.e. security officer,
policies? security department, security committee)
‰ Security policies are reviewed on a periodic basis:
‰ Yes ‰ No Every __________ month(s)
‰ Security policies are published and made available to
users
‰ The following areas are addressed in documented
security policies:
‰ Business Continuity Management
‰ Change Control/Management
‰ Computer and Network Management
‰ Electronic Access Control
‰ Email Usage and Protection
‰ Encryption
‰ Incident Response
‰ Information Asset Classification and Data Protection
‰ Internet Usage
‰ Password Management
‰ Personnel Security and Hiring Standards
‰ Physical Access
‰ Privacy and Confidentiality
‰ Remote Access
‰ Security Assessment and Compliance
‰ Security Awareness
‰ Systems Development and Maintenance
‰ Vendor/Third Party Management
‰ Web Application Security
‰ Virus Protection

68
 The National Cyber Security Plan

8. Does your organization ‰ ISO 17799 (Code of practice for information security
follow laws, international management)
standards, best practices, ‰ COBIT (Control Objectives for IT)
or frameworks for ‰ Common Criteria for IT Security
implementing
‰ ITU (International Telecommunication Union)
information security?
‰ NIST (National Institute of Standards and Technology)
‰ TSSIT (Technical Security Standards for IT)
‰ Yes ‰ No
‰ E-commerce Law
‰ Others: __________________________________________
9. Does your organization Standard naming conventions are utilized for:
practice standard system ‰ Servers
name conventions? ‰ Workstations
‰ Usernames accounts and groups
‰ Yes ‰ No
10. Would your organization ‰ Yes
consider hiring reformed ‰ No
hackers as consultants?
11. Does your organization Program includes:
have a program for ‰ Internal Audit
reviewing and testing ‰ External Audit
security controls?
‰ Security Consulting
‰ Others: ________________________________________
‰ Yes ‰ No ‰ Security assessments are performed at least once a year
‰ Security assessment procedures and methodologies are
documented
‰ Access to security testing tools and utilities are
restricted to authorized personnel
Security assessments include:
‰ Security specialists to perform penetration testing
‰ Vulnerability scanners
‰ Policy compliance checking tools
‰ Performance tools
‰ Independent review and audit of security policies
and controls

69
 The National Cyber Security Plan

1. Does you organization ‰ There are procedures for requesting and approving user
have a process for accounts and modifying privileges
managing user accounts? ‰ Excessive privileges are not granted; User privileges are
based on job function
‰ Yes ‰ No ‰ User access is revoked days within the user’s
termination or resignation
‰ User access is reviewed regularly
‰ User’s identity is verified prior to a password reset
2. Does your organization ‰ Vulnerabilities and exploits are monitored regularly
enforce a patch ‰ Security patches and important fixes are applied upon
management process? further testing
‰ Patch application procedures are documented
‰ Yes ‰ No
3. Is the security of critical ‰ Vulnerability and penetration testing is performed in
systems tested prior to accordance to documented system testing methodology
production deployment? ‰ System interfaces are thoroughly tested
‰ An independent external party periodically assesses the
‰ Yes ‰ No security posture of critical systems
‰ Patch application procedures are documented
4. Does your organization ‰ Unique user name and password for user authentication
have a password policy? is required
‰ Password complexity scheme is in place and is
‰ Yes ‰ No technically enforced where feasible
‰ Systems are configured to require users to change
passwords after a determined period of time
‰ Systems are configured to implement password histories
5. Are logical controls ‰ Firewalls
implemented within your ‰ Intrusion Detection/Prevention Systems (IDP)
organization’s network ‰ Network Honeypots
design?
‰ Anti-virus systems
‰ Anti-spyware and Anti-adware systems
‰ Yes ‰ No ‰ Web filtering mechanisms (i.e. websphere, etc)
‰ Others: __________________________________

6. Are the internal systems ‰ Application, server, and network performance and
secured? availability are monitored
‰ Critical systems are monitored for security violations

70
 The National Cyber Security Plan

‰ Yes ‰ No ‰ Systems are scanned for unauthorized software

installations
‰ Desktops machines, laptops, and servers are configured
according to your organization’s technical configuration
standards
‰ Password protected screensavers are used to protect the
desktop
‰ Networks are properly segmented
‰ Host based firewalls are implemented between
segregated networks
‰ Others: ____________________________________

7. Are the systems in your ‰ Publicly accessible systems are tested for vulnerabilities
Internet/DMZ and hardened prior to being deployed in production
environment secured? ‰ All essential protocols (i.e. DNS, LDAP, SMTP, FTP)
are securely configured
‰ Yes ‰ No ‰ Firewalls are configured to allow only the necessary
protocols directed to necessary destinations from trusted
sources
‰ All traffic entry and exit points are filtered by the
firewall
‰ The DMZ architecture is multi-tiered
‰ Others: ____________________________________

8. Are there security There are security baselines for the following:
configuration baselines ‰ Operating systems
documented and ‰ Routers, switches
implemented for systems
‰ Firewall
in your organization?
‰ Remote access and authentication servers
‰ Others: ____________________________________
‰ Yes ‰ No
‰ Security baselines are reviewed every year
9. Does your organization Virus protection/detection software exist at the following
have virus protection levels:
software in place? ‰ Firewall level
‰ Desktop level
‰ Yes ‰ No ‰ Server level
‰ Mail server level
‰ Web server level
‰ Internet gateway level
‰ Network segment level
‰ Mobile (including PDA) level
‰ Formal virus prevention and outbreak contingency plans
and procedures in place
‰ Virus definition files are updated on levels where anti-
virus solutions are installed
‰ Others: __________________________________________

71
 The National Cyber Security Plan

10. Is data encryption being Types of encryption implemented are:

used in your organization ‰ File level encryption
for sensitive systems? ‰ Traffic level encryption
‰ Database level encryption
‰ Yes ‰ No ‰ Password encryption
11. What type of network ‰ Internal Systems
connection is viewed or ‰ Remote Dial-in
cited as a frequent point ‰ Internet
of attack?
12. Are controls in place to ‰ External networks are limited and secured by a firewall
secure network access? ‰ There are documented procedures to activate new
network connections
‰ External networks are monitored for security violations
‰ Yes ‰ No ‰ Connections to legacy systems are secured
13. Are remote access ‰ Remote access connections are authenticated
connections secured? ‰ Remote access are connected via VPN
‰ Remote access is limited to only the needed applications
and systems
‰ There are procedures in place for approving and
processing vendor requests for remote access in the
network

IV - THREAT AND VULNERABILITY

1. What are the possible Human Threat Sources: Low Medium High
threat actions or events Hacking/cracking ‰ ‰ ‰
that may be conducted by
threat sources? What is Social engineering ‰ ‰ ‰
the likelihood (High, Physical Assault ‰ ‰ ‰
Medium, Low) of Fraud ‰ ‰ ‰
occurrence for the
possible threat actions? Theft ‰ ‰ ‰
Unauthorized access to ‰ ‰ ‰
systems and information
Information sale or ‰ ‰ ‰
disclosure
Abuse of computer resource ‰ ‰ ‰
System sabotage ‰ ‰ ‰
Input of malicious codes ‰ ‰ ‰
(virus, worms, trojans)
Accidental input of ‰ ‰ ‰
erroneous data or
information
Others: ‰ ‰ ‰
Natural Threat Sources:
Earthquake ‰ ‰ ‰
Typhoon/Flood ‰ ‰ ‰

72
 The National Cyber Security Plan

Lightning Strike ‰ ‰ ‰
Others: ‰ ‰ ‰
IT Related/Physical/
Environmental Threat
Sources
Software Bugs ‰ ‰ ‰
Computer/Hardware Failure ‰ ‰ ‰
Network Failure ‰ ‰ ‰
Electrical Failure (blackout, ‰ ‰ ‰
brownout, etc)
Fire ‰ ‰ ‰
Others: ‰ ‰ ‰
2. What are the possible ‰ Ego/Challenge
motivations for attack by ‰ Revenge
the human threat ‰ Destruction
sources?
‰ Exploitation
‰ Monetary gain
‰ Competitive advantage/Intelligence
‰ Unintentional errors and omissions (e.g. data entry
errors)
‰ Others: ___________________________________________
3. What are likely sources of ‰ Disgruntled Employees
attack? ‰ Industry/Market Competitors
‰ Independent Hackers
‰ Foreign Corporations
‰ Foreign Government
4. What are the types of ‰ Denial of Service
attack or misuse detected ‰ Laptop
in the last 12 months? ‰ Active Wiretap
‰ Telecom Fraud
‰ Unauthorized Access by Insiders
‰ Virus
‰ Financial Fraud
‰ Insider abuse of internet access
‰ System penetration
‰ Telecom eavesdropping
‰ Sabotage
‰ Theft of proprietary information

73
 The National Cyber Security Plan

5. How much cost did your ‰ Denial of Service ______________

organization incur due to ‰ Laptop ______________
the types of attack or ‰ Active Wiretap ______________
misuse detected in the
‰ Telecom Fraud ______________
last 12 months?
‰ Unauthorized Access by Insiders ______________
‰ Virus ______________
‰ Financial Fraud ______________
‰ Insider abuse of internet access ______________
‰ System penetration ______________
‰ Telecom eavesdropping ______________
‰ Sabotage ______________
‰ Theft of proprietary information ______________
6. Has your organization’s ‰ Yes (If yes, how many incidents? __________)
web site been attacked or ‰ No
misused within the last ‰ Don’t know
12 months?
7. If your organization’s web ‰ Inside
site had been attacked, ‰ Outside
where did the attacks ‰ Both
originate?
‰ Don’t know
8. What types of attacks ‰ Vandalism
had been detected on ‰ Financial Fraud
your organization’s web ‰ Denial of Service
site?
‰ Theft of Transaction information
‰ Others

74
 The National Cyber Security Plan

9. What are the possible Lack of or inadequate management and personnel security
vulnerabilities that may controls
be exploited by the ‰ Lack of information security policies
identified threat sources? ‰ Lack of security orientation and awareness for
personnel
‰ Lack of or insufficient training of personnel on
proper use of equipment
‰ Lack of or insufficient training of personnel on job-
related activities
‰ Poor employer-employee relationship
‰ Lenient hiring and screening procedures
‰ Others: ________________________________________
Lack of or inadequate physical and procedural security
controls
‰ Lack of or inadequate monitoring of data centers
‰ Lenient implementation of ID policy
‰ Inadequate protection of computer processing
facilities from damage against fire, water, electrical
failure
‰ Inadequate incident reporting and response
procedures
‰ Lack of backup and recovery procedures
‰ Lack of or inadequate operating procedures for
systems
‰ Lack of business continuity or disaster recovery
planning
‰ Poor user access management procedures
‰ Others: ________________________________________
Lack of or inadequate technical and logical security controls
‰ Lack of or inadequate access control management
‰ Use of weak passwords
‰ Lack of or inadequate virus protection controls
‰ Lack of system updates and patches
‰ Poor network design

75