Gov’t, critical infra to be governed by DICT cybersecurity protocols

THE Department of Information and Communications Technology (DICT) said it is developing cybersecurity protocols for government agencies and entities responsible for digital infrastructure. 

“This will eventually cover both the private and public sector. The minimum baseline requirements include tools and processes that need to be implemented, such as inventory tools and backup procedures,” ICT Undersecretary for Cybersecurity Julius Gorospe told reporters on the sidelines of a cybersecurity forum on Thursday.

The minimum baseline will eventually be introduced to the private sector, Mr. Gorospe said.

“At some point, of course, when it becomes mainstream, it can be unveiled by the private sector…Actually, the private sector can implement them even without the government telling them to,” he said.

He said the guidelines will spell out required cybersecurity investments for agencies.

“While, the Cybersecurity Act is in Congress, and we hope it will become a law, for the meantime (the guidelines will) institutionalize the standards,” he said.

Cybersecurity advocates have said that the Philippines needs to pass legislation and strengthen its national cybersecurity plan to safeguard critical infrastructure networks, which remain highly vulnerable.

The Philippines does not have a cybersecurity law and relies on issuances and policies set by the DICT.

The National Association of Data Protection Officers of the Philippines said legislation must define a unified cybersecurity framework including government agencies but also critical information industries.

The proposed Philippine Cybersecurity Act seeks to establish a National Cybersecurity Agency as the central authority for safeguarding critical information infrastructure, managing cyberthreats, and strengthening cyber defenses. — Ashley Erika O. Jose