The Department of Information and Communications Technology (DICT) said it was “on top” of cybersecurity preparations ahead of the Association of Southeast Asian Nations (Asean) summit next week, assistant secretary Allan Cabanlong said in an interview.
He gave the update even as he confirmed the DICT was validating reports that key government internet infrastructure might have been compromised by North Korean hackers.
“We are conducting an investigation,” Cabanlong said, adding that a report would be ready by Monday.
Local and overseas news websites earlier reported the alleged event.
The DICT traced the information to Untied States-based technology consultancy Recorded Future, whose services include analyzing internet threat intelligence in “real time.”
Recorded Future concluded in late July that North Korean state-sponsored cyber operations were likely conducted from outside the country. This was based on the “near absence of malicious cyber activity from the North Korean mainland” from April to July this year.
“During this time frame, it appeared that some North Korean users were conducting research, or possibly even network reconnaissance, on a number of foreign laboratories and research centers,” Recorded Future said.
It cited activity “targeting” the Indian Space Research Organization’s National Remote Sensing Center, and Indian National Metallurgical Laboratory and the Philippines’s Department of Science and Technology-Advanced Science and Technology Institute (DOST-ASTI).
DOST-ASTI operates the Philippine Open Internet Exchange, whose members include broadband service providers, telecommunications companies, large companies, schools and government agencies like the Social Security System and the Department of Social Welfare and Development.
The Recorded Future report clarified that it “could not confirm malicious behavior.” It added that North Korea had a “large and active” presence in Malaysia, Indonesia, Nepal, New Zealand, Kenya, and Mozambique.
Cabanlong said they were treating the Recorded Future report as credible, thus, the ongoing investigation. He said other agencies were also asked to conduct “cyber hygiene” activities.
He noted that the government was upgrading its cybersecurity systems and protocols, a job that is spearheaded by the DICT, a relatively young agency.
The National Cybersecurity Plan 2022 was formally released in May 2017.
A key priority here was ensuring the safety of “critical” infrastructure. Steps for agencies to secure their internet facilities were outlined just last month. Cabanlong said a six-month deadline had been given.
He said government agencies linked to the Philippine Open Internet Exchange needed to have individual firewalls. But he acknowledged those security measures would need to be upgraded as threats become more sophisticated.
“It’s like an arms race,” Cabanlong said. “If the attack is not sophisticated, then we are protected.”
The Philippine government is taking extra security precautions ahead of the Asean Summit, which runs from Nov. 10 to 14. President Rodrigo Duterte will preside over the summit, where 21 world leaders are expected to attend.
This includes US president Donald Trump, who has traded public barbs with North Korean leader Kim Jong-un in recent months. Both leaders have threatened each other’s countries with varying degrees of destruction. /cbb