DICT’s National Cybersecurity Plan: Enhancing Cyber Defense in the Philippines
Last week, I had the privilege of learning more about the Department of Information and Communications Technology’s (DICT) National Cybersecurity Plan with Secretary Ivan Uy and Assistant Secretary Jeffrey Dy. I am impressed with their initiative and commend the Philippines for taking steps to enhance its cybersecurity defenses with this new 5 year plan.
Here are some of the talking points:
Focus on the attempts too, not only on the breach:
To effectively prevent cyber breaches, a comprehensive policy approach that prioritizes prevention over damage reporting is crucial. The policy should encompass the entire Cyber kill chain to enable early detection of incidents.
Currently, the Philippine Government requires mandatory breach notifications. But this may be too late. For once the breach has happened, irreversible damage has already been done.
Rather, might the better policy be to focus on the pre-breach hacker activities? The act of monitoring could perhaps prevent the breach from happening in the first place. A helpful analogy is like having CCTV cameras in a car park, but only reviewing the footage after a crime has been committed. To prevent the crime from happening in the first place, wouldn’t it be better if someone were actually looking at the live video feeds? The commission of the crime could be thwarted by such vigilance.
Set time limits to incident response based on severity class
Some network operators do not even respond to emails alerting them to potential indicators of compromise. This harms both their clients and allows their compromised server to keep on attacking others. By setting time limits for network owners to investigate and resolve abuse reports, as the Russians have done, network operators are forced to act faster. The attacks are neutralized and attacker dwell time is reduced.
By setting Incident response time limits based on overall risk (likelihood and impact), the security teams are focused on the highest risk incidents. They will benefit and be aligned with global best practices like ISO and NISP standards as well. This is the vision of Asec. Jeffrey Dy.
To encourage faster adoption of security practices, DICT could recognize exemplary security operators through performance metrics. Instead of breach detection time, why not focus on reducing attacker dwell times? DICT can establish national, provincial, and municipal benchmarks for measuring security responsiveness. Additionally, industry awards could be given to recognize exemplary security operators.
Threat Intel, repurposed as BAD IP list
DICT could repurpose its daily threat intelligence into a CSV formatted file that is suitable for firewalls/IPS, such as an IP reputation blacklist. This blacklist can aid fellow network operators in blocking malicious actors as they enter the network.
ASEAN CERT and Digital Transformation
Finally, improving country-level collaboration among Computer Emergency Response Teams (CERTS) is crucial for enhancing cyber intelligence sharing capabilities and incident resolutions. Certain networks respond more favorably to their own country’s CERT than to another country’s CERT. DICT Secretary Ivan Uy has already broached this idea publicly at the 3rd ASEAN Digital Ministers Meeting. I hope it gains traction.
Following our exchange of ideas, I note that most of these ideas are ALREADY being deliberated upon. I do look forward to seeing the completed 5 year plan. As always, do continue the conversation on twitter or follow me @wilsonchua