From Firecrackers to Firewalls: A Cautionary Tale of Philippine Internet Security
..or why we should hold ISPs Accountable for internet security
In the heart of a mythical barangay, we witness a group of unruly children playing recklessly with firecrackers. They hurl these explosive devices indiscriminately, heedless of the potential consequences. Fearing that this dangerous act might ignite a devastating blaze, we take it upon ourselves to locate the guardians of these children.
We make the responsible choice to inform these guardians about the perilous practice their wards are engaged in. Most often, the parents are mortified by their children’s actions and readily extend their apologies. They ensure that their offspring understand the gravity of their actions and cease their misbehavior. After our intervention, the children no longer pose a threat.
However, in some instances, (and) to our profound astonishment, the guardians choose to turn a blind eye to the issue. They do nothing to rectify the situation, allowing their children to continue their hazardous activities with impunity. Predictably, a few days later, the inevitable transpires — the children’s firecrackers ignite a fire that engulfs one house, then later the entire barangay. Not a single house is spared from the inferno.
The question arises: should we hold the guardians accountable for the damages wrought by their children’s actions? My unequivocal answer is yes.
This allegory poignantly mirrors the predicament we face in our quest to secure the Philippine internet. More often than not, we detect malicious cyberattacks emanating from certain Philippine internet service providers. With a sense of duty and responsibility, we promptly alert these providers to the malicious behavior taking place within their networks. However, our optimism is soon replaced by incredulity as we discover that these internet service providers are apathetic to our notifications.
Sir Christian tells me that in the hacker world, these ISPs are termed “BulletProof”. No matter what shenanigans you do inside their network, their admins do not seemingly care. Nothing is ever done about it. In fact, i am told, there is a list of such ‘bulletproof’ ISPs circulating on the dark web.
The “bulletProof” ISPs allow our notifications to languish, even permitting their abuse emails to bounce due to a “mailbox full” status. This lackadaisical approach to addressing cyber threats is nothing short of a grave dereliction of duty. What they fail to realize is that they are ‘harboring’ criminals within their networks by failing to act.
In stark contrast, we can learn a valuable lesson from the Russian approach to internet security. Russian internet service providers are compelled by their regulators (I do hope Senator Gatchalian can read this) to assess the severity of each reported incident and promptly take action. They are held accountable, with a strict 72-hour deadline for resolving the most critical issues. This proactive approach not only safeguards their networks but also serves as a model for responsible internet service provision.
Our Philippine internet environment should aspire to these standards of responsibility, vigilance, and swift action. It is high time for our internet service providers to acknowledge the critical role they play in safeguarding our digital landscape. We must hold them accountable for their actions, or lack thereof, as their negligence can have catastrophic consequences for our nation’s cybersecurity. The NTC is the logical authority to implement such mandate, since they are also behind the blacklisting of gambling sites.
In the world of the internet, as in our mythical barangay, the choices we make as guardians matter. The analogy between firecrackers and cybersecurity may seem unusual, but it underscores a crucial point: when we neglect our responsibility to secure our digital lives, the consequences can be as devastating as a raging fire. It’s time to ask ourselves how we want to be remembered — as vigilant protectors of our digital homes, or as indifferent bystanders who let the flames of negligence consume what we hold dear. Let this be a call to action, a plea for a safer, more secure online world. Share this message, ignite conversations, and be a guardian of the internet. The responsibility is ours, and the time to act is now.
Full disclosure: I also run and manage an ISP and datacenter.