DICT downplays data compromise

DICT downplays data compromise

By Ashley Erika O. Jose, Reporter

THE DEPARTMENT of Information and Communications Technology (DICT) on Wednesday downplayed the recent data breach involving its own system, but experts raised alarms about the state’s weak cyberdefense.

“The extent of this recent breach, it is not that big,” Information and Communications Technology Assistant Secretary Renato A. Paraiso told a virtual news briefing. “There is very little information that was integrated into that system.”

On Tuesday, DICT said its Disaster Risk Reduction and Management Division (DRRM) portal and systems had been compromised.

The hacked portal was not connected to the agency’s central system, and it has since regained control of the portal, Mr. Paraiso said, adding that it was designed and built with fewer firewalls for easier access.

Ronald B. Gustilo, national campaigner for Digital Pinoys, said the data breach affecting the agency is alarming and could invite more hacking attempts.

“The recent data breach affecting no less than the DICT is alarming, and no excuse from the DICT will be acceptable,” he said in a Viber message. “This is regardless of whether the system is connected to their main system.”

The DICT said the threat actor behind the breach is “ph1ns,” the same hacker who also claimed responsibility for the data breach of the Philippine National Police (PNP) and  Maritime Industry Authority websites.

“This message is another opportunity for DICT and the Philippine government to learn and take cybersecurity seriously,” ph1ns said. “You’re my buddy, DICT. I’ll be back.”

Sam Jacoba, founding president of the National Association of Data Protection Officers of the Philippines, said the Philippines might suffer the same fate as Indonesia, which is now experiencing a government system-wide ransomware attack.

The Indonesian government has ordered an audit of data centers after ransomware cyberattacks on more than 200 public agencies after it refused to pay $8 million, Reuters reported.

“If the government does not hasten the full implementation of the National Cybersecurity Plan,” Mr. Jacoba said. “The attack on the Indonesian government should be more than a wake-up call for the DICT to ask for full support from the President.”

The National Cybersecurity Plan is the country’s blueprint to ensure a safe cyberlandscape. It provides policy direction to ensure a safe cyberspace and digital infrastructure.

“The DICT may consider the attack on its DRRM Division as minor, but big things can start from small incidents,” Mr. Jacoba said. “If they need more cybersecurity personnel, the DICT can ask for assistance from private sector organizations to augment their teams.”