PHL urged to fortify cybersecurity via legislation

THE PHILIPPINES must pass legislation and strengthen its national cybersecurity plan to safeguard critical infrastructure networks, which remain highly vulnerable, cybersecurity advocates said.

“After (open access, the next issue) is improving accessibility and security. Cybersecurity and critical information infrastructure protection should be next step,” Mary Grace Mirandilla-Santos, ICT policy analyst at Secure Connections told reporters on the sidelines of Philippine Telecommunications Summit last week. 

Ms. Mirandilla-Santos was referring to the Konektadong Pinoy Act, also known as the Open Access in Data Transmission Act, which lapsed into law last year. This  law streamlines the licensing process for new entrants, boosting competition in data transmission.

She said that as the government works to expand connectivity, it must also strengthen cybersecurity measures, since opening up connectivity can magnify threats.

“When you have more connectivity, the threat landscape becomes larger. We need to make sure that everything is secure, we need to have minimum cyber security standards across the board,” she said.

The Philippines does not have a cybersecurity law and relies on issuances and policies set by the Department of Information and Communications Technology (DICT).

Ms. Mirandilla-Santos said that while the issuances are effective because the DICT proactively addresses issues, legal barriers remain that need to be resolved.

“We need a law,  a cybersecurity law that will require both the government and the private sector, those who are operating critical infrastructure, to comply with minimum standards for cybersecurity, to make sure that they have personnel that are trained for cybersecurity,” she said. 

Samuel V. Jacoba, founding president of the National Association of Data Protection Officers of the Philippines, said legislation must define a unified cybersecurity framework including government agencies but also critical information industries.

The proposed Philippine Cybersecurity Act seeks to establish a National Cybersecurity Agency as the central authority for safeguarding critical information infrastructure, managing cyberthreats, and strengthening the country’s cyber defenses. — Ashley Erika O. Jose