
The recent hacking incidents targeting government agencies might indicate that the Department of Information and Technology should get confidential and intelligence funds, but lawmakers think otherwise
After the state's health insurer was attacked by Medusa ransomware, the Philippine Statistic Authority recently confirmed a data leak from its Community-Based Monitoring System.
Deep Web Konek—a group dedicated to posting "dark web" activities— warned that on 9 October, a "threat actor" posted on Facebook that the alleged data leak from PSA servers had prompted the agency to investigate how much personal data may have been compromised by the cyber attack.
In a television interview on Thursday, PSA data protection officer, Atty. Eliezer Ambatali, said they are still assessing the content of the downloaded data taken from the agency's database.
"The hackers have seen some vulnerabilities and we've determined that," he said.
Ambatali said the PSA's information and technology team "has already isolated this affected database. This is the network attached to the storage system of the CBMS."
Phl vulnerable to cyber hacking
Senators have expressed alarm over the series of cyber hackings against the government portals.
Senator Win Gatchalian said such incidents "only proved that the Philippines is vulnerable to cyberattacks" with the issue involving the Philippine Health Insurance Corporation 'regrettably' remains unresolved.
Gatchalian urged that the DICT and the National Privacy Commission should immediately identify the culprits responsible for the hacking that compromised the PSA's CBMS as it "contains essential personal information" of Filipinos.
"The DICT and NPC should undertake the necessary steps to ensure that the data breach will not compromise the safety and security of those covered by the CBMS," he said.
Meanwhile, Gatchalian stressed the need to reconsider providing confidential and intelligence funds to the DICT.
"This incident highlights the pressing need for the DICT to have access to confidential funds," he said.
No need for CIF
While Senator Francis Tolentino stressed that the DICT should be on top of resolving data hacking issues in the country, he believes there's no need for them to be given CIF.
"…they should be well-advanced in the procurement of upgrading of technology. Their cybersecurity measures should be two steps ahead," he said.
"The other way to counter technology is likewise to have more advanced technology, the hackers' technology might be more advanced than this," he added.
Tolentino was worried that the data breach would reach the files of the Commission on Election amid the approaching barangay and Sangguniang Kabataaan elections on 30 October.
"It would be more scary if the data breach would lead to Comelec. The DICT should focus on this," he said.
Asked if the CIF for DICT would be an answer to resolving the cyber attacks, Tolentino replied: "Hindi siguro. Kasi hindi naman lahat human intelligence 'yun. Cyber yun eh (Because it's not all human intelligence. That's cyber)."
Meanwhile, Senator Mark Villar has reiterated the need to investigate the 'concerning' data hacking against government agencies which does "not only compromise the country's transaction processes but also attacks endanger the safety and privacy of Filipinos."
Villar earlier filed Senate Resolution 811 directing the appropriate Senate Committee to conduct an inquiry into the series of hacking of the government websites.
"It is high time that we strengthen our cyberspace security as we are dealing with private and delicate information that could endanger, not just one institution, but the general Filipino public," he said.
Villar's call for a thorough investigation was backed by Gatchalian: This is crucial, as the CBMS contains essential personal information necessary for assessing poverty down to the barangay level.
DICT wants P300-M CIF back
In a previous television interview, DICT Secretary Ivan John said the removal of the agency's proposed CIF for next year would reduce their capability to address cybersecurity threats.
Amid the recent data breach, Uy lamented the need for the DICT to conduct intelligence gathering and investigation to fully fulfill its mandate of going after scammers.
"Our confidential funds to launch investigations, intelligence gathering, and threat analysis had been reduced to zero. It will really cut our capability of addressing all these cyber crimes and cyber threats," Uy said.
Meanwhile, Albay Rep. Edcel Lagman said the DICT doesn't need to acquire CIF since it can just tap security agencies to conduct its surveillance activities.
"The DICT, in the first place, has a very low absorptive capacity among the agencies we have reviewed," he said in an interview over the CNN Philippines' The Source on Thursday.
"We should maintain the zero allocation. They can avail of the expert services of agencies who are having their own confidential and intelligence funds," he added.
The DICT lost CIF allocation amounting to P300 million under the House of Representatives' proposed amendments for the 2024 national budget.