Statement on the hacking of www.pna.gov.ph

We at Democracy.Net.Ph express our concerns over latest reports over the defacement of a Philippine government website. According to news reports, the website of the Philippine News Agency was hacked by the self-identified “Chinese Hacker EvilShadow Team”. This latest incident gives the impression that it originated from overseas, from a country with which the Philippines has had prominent disputes of late.

We do not wish to over-hype this incident, which after all, amounts to nothing more than a negligible act of vandalism even if tainted by looming tensions between us and China. Still, each attack on a Philippine government website, no matter its gravity, undermines the credibility of our national infrastructure as safeguarded by our national cybersecurity policy. We have recently witnessed the recent cyber-attacks on South Korea’s banking system and major broadcast networks, and shudder to think of our capabilities to defend if similar attacks are launched on government-operated ICT and critical infrastructure facilities. If the attacks are undertaken from overseas, the implications to our sovereignty are even more alarming.

Cyber-vandalism of this nature has been tagged a crime by measures such as the recently enacted Cybercrime Prevention Act. However, that measure is woefully lacking, focusing as it does on punishing the wrongdoer after the crime has been committed. The Cybercrime Prevention Act is a piece-meal reactionary measure that does not come from a holistic approach towards the development and protection of our cyber-infrastructure. It does not allocate resources towards building a national cyber-security mechanism, or the development of a rational national cyber-policy that balances rights, governance and economic development, while promoting cyber security.

Senate Bill No. 3277, otherwise known as The Magna Carta for Philippine Internet Freedom (MCPIF), was precisely crafted to address the concerns we have cited. Its provisions prepare the Armed Forces and the civilian police for the security challenges of the future without sacrificing Constitutional guarantees. The MCPIF defines the roles to be played by national government agencies and branches of the armed services in the event of an attempted cyberattack of Philippine Government Information and Communications Technology Infrastructure. The MCPIF mandates the development of cyberintelligence capacity to detect these threats before they can inflict actual damage. The responsibility to undertake national cybersecurity under the MCPIF extends not only to national government websites, but also to those maintained by local government units.

We hope that it does not take a serious incident that compromises lives or properties before we are compelled to engage in a serious discussion on a rational, comprehensive and constitutional policy towards the development and defense of our national cyber-resources.

For any questions, feel free to contact Engr. Pierre Tito Galla, PECE, at [email protected] A copy of the Magna Carta for Philippine Internet Freedom, as well as a Primer about the MCPIF, are both featured on Democracy.Net.PH.