Yamsuan hopeful new Marcos Jr. EO will lead to speedy passage of pending bills aimed at securing PH from cyberattacks

Bicol Saro Partylist Representative Brian Raymund Yamsuan has called on fellow lawmakers to work on the swift approval of pending bills in Congress that aim to protect the country’s digital infrastructure from cyberattacks following a recent executive order of President Ferdinand R. Marcos Jr. adopting the government’s National Cybersecurity Plan (NCSP).

Yamsuan also welcomed reports that President Marcos Jr., Japanese Prime Minister Fumio Kishida and US President Joe Biden will firm up plans to set up a joint cyberdefense framework when the three leaders meet for a trilateral summit in Washington on April 11.

“The National Cybersecurity Plan adopted by the President, complemented by strengthening multilateral ties with our allies and passing pending bills in Congress that aim to transport our country safety into the digital era will help fortify our defenses against increasing cyberthreats and other intrusions,” Yamsuan said.

Yamsuan said one of his co-authored measures—House Bill (HB) 8199–provides the starting point for the Department of Information and Communications Technology (DICT) to effectively implement its NCSP that was adopted by the President through Executive Order (EO) 58 issued last week.

The NCSP outlines a whole-of-nation roadmap aimed at strengthening the security and resilience of the country’s cyberspace, while HB 8199 prescribes security measures to critical information infrastructure (CII) institutions to protect their digital assets from risks, threats and attacks, Yamsuan said.

Under the bill, CII institutions include banks and other financial institutions; emergency services and response agencies; broadcast media; the industries of health, energy, telecommunications, transportation, and water, to name a few.

HB 8199 designates the National Computer Emergency Response Team (NCERT) as the government’s centralized reporting mechanism for information security incidents.

The bill also requires all government agencies to assign at least one personnel with sufficient information security training and credentials as point person in ensuring compliance with NCERT’s reporting requirements and adherence to prescribed standards. The personnel is also tasked to build the information security capability of the agency where he is assigned.

“This measure complements the NCSP and is a good jump-off point in accomplishing one of the Plan’s primary objectives, which is to ensure convergence among all government agencies in protecting our country from cyberattacks,” Yamsuan said.

Yamsuan said that while several government agencies already have some sort of mechanism to boost their cybersecurity capabilities, a unified system of setting up minimum security standards, monitoring, detecting and mitigating threats needs to be established.

Other related measures of which Yamsuan is primary author, such as HB 7393 or the proposed Anti-Financial Account Scamming Act (AFASA); HB 9888 or the Financial Literary and Fraud Prevention for Workers bill; and HB 7976, which classifies phishing and other forms of online fraud as acts of economic sabotage, also support the NCSP.

“The early passage of these bills and other similar measures pending in both the House (of Representatives) and the Senate will help make the country’s digital space safe for every Filipino,” Yamsuan said.

According to the DICT, the Philippines has increasingly been vulnerable to cyberattacks.

Its NCERT monitored 57,400 cybersecurity threats, and handled 3,470 incidents from 2021 to February 28, 2023.

The top three cybersecurity incidents were malware (48.9%); data leakage (12.5 &); and compromised websites (12.4 %), according to NCERT data.

An overwhelming majority of these incidents targeted government emergency response systems, the academe, and the telecommunications sector. Even the websites of the House, Senate, Philhealth, Department of Science and Technology (DOST), Philippine Statistics Authority (PSA), among others, have been hacked.