News
Tougher law needed to protect ICT system vs. cyber attacks
MANILA – The country must implement tougher laws that will guard the information and communications technology (ICT) systems against cyber attacks.
Senate Bill No. 1701 or the Critical Information Infrastructure Protection Act (CIIPA) filed by Senator Raffy Tulfo will establish a framework for ensuring the security and reliability of the country’s digital ecosystem, which is critical to achieving the new administration’s goal of safe, seamless, and reliable digitalization and connectivity
“The CIIPA requires the adoption of minimum information security standards, reporting and responding to cybersecurity incidents, and designating personnel with cybersecurity credentials, among others,“ the bill’s explanatory note said.
The measure will help protect the country’s ICT system against vulnerabilities, stealing of information, disruption of essential services and other attacks.
Critical Information Infrastructure (CII) institutions shall subject themselves to an annual information security self-assessment using standards, such as the Center for Internet Security Controls or the National Institute of Standards and Technology.
CII institution shall adopt programs, guidelines and written procedures for the implementation of its chosen information security standard, which shall be included in their annual submissions.
CII institutions refer to a government agency or a private company that owns, operates, controls and/or maintains critical information infrastructure and whose operation is nationwide in scope and/or covers metropolitan centers, including Metro Manila, Metro Cebu and Metro Davao or as defined and updated by the National Economic Development Authority or the Philippine Statistics Authority.
Some of such institutions are banks, broadcast media, emergency services and disaster response, energy, health, telecommunications and transportation.
The Cost of Data Breaches Report 2022 ranked the Philippines fourth worldwide in terms of number of web threats and 61st out of 194 countries in the Global Cybersecurity Index.
“Continued vulnerability to data breaches could cost an average of PHP250 million, with e-commerce, banking, and health sectors the top targets for cyberattacks. Hence, it is urgent for the Philippines to have a national policy framework for the protection of digital assets, especially critical information infrastructure,” the bill states.