Although pushed out of the main topics of discussion in the last two weeks due to the elections, the Philippines is definitely in the midst of a war.
The $81-million cyber heist at Bangladesh Bank put the Philippines and its banking system square in the middle of the global cyber war. New information, revealed this past week from an ongoing investigation, is incredibly disturbing.
Cybersecurity firm BAE Systems—a British multinational defense, security and aerospace company—is reportedly going to release a study that shows the Bangladesh computer break-in “is linked to other cyberattacks, including the high-profile 2014 attack on Sony’s Hollywood studio” (Reuters.com). Further, “similar malware recently was used to target a Vietnamese commercial bank with fraudulent messages from the SWIFT money-transfer system, which also was used in the Bangladesh hack,” BAE said.
We have seen countless incidents of government and private web sites having been hacked and defaced in the past year here in the Philippines. On the government side, the reaction has been consistent—“No problem. Nothing to worry about. All is well.” The Commission on Elections (Comelec) web site was hacked, and personal information on 50 million Filipino voters was stolen. The Bangko Sentral ng Pilipinas reported that hackers targeted its system but it successfully defended itself because of robust security features.
None of this is acceptable in the least, and we think more must be done now.
When the world was facing a potentially critical computer problem due to operating systems and programs not being able to adjust to the year 2000, the government and the local private sector responded to the call. Republic Act 8747—the Philippine Year 2000 Disclosure and Readiness Act—was passed on June 1, 1999, requiring all public and private entities to be prepared for the “Y2K bug” and report that preparedness to the government.
The law created a congressional oversight committee on the Y2K bug and—the most important provision—the Presidential Commission on Year 2000 Compliance. The National Security Council was the coordinating agency for the commission, the Department of Science and Technology, National Computer Center, National Disaster Coordinating Council, and the Technology and Livelihood Resource Center.
The moment the Senate and the House reconvene, the creation of a similar commission should be a top priority. Imagine the disaster if communications were suddenly to shut down in the face of a natural disaster like a typhoon. Imagine the economic catastrophe if the power grid was suddenly inoperable for an extended period.
The Philippines has some of the best and brightest information-technology and computer people available, and now is the time to call on their expertise. A Cybersecurity Commission should not be a “feel good” program with well-written press releases but a very secure and even secret body to ensure the safety and defense of the Philippines. The Senate President and Speaker of the House should be on this problem immediately.