DICT seeks ethical hackers’ help vs attacks

DICT seeks ethical hackers’ help vs attacks

THE DEPARTMENT of Information and Communications Technology (DICT) is seeking the help of white-hat hackers and cybersecurity experts to test e-government platforms’ vulnerabilities after a series of attacks.

“We also asked more white-hat hackers and cybersecurity experts to help us and conduct vulnerability assessment and penetration testing on our e-government platforms,” DICT Undersecretary David L. Almirol, Jr. said in a LinkedIn post on Aug. 11.

“We are not perfect, but we are doing our best and with efforts of more patriotic information technology (IT) experts, we can solidify our e-government systems.”

This came after a hacker’s group claimed that the “simple promotional static website” e.gov.ph had been hacked and defaced.

Mr. Almirol said the attackers only managed to upload files to e.gov.ph subdomain, which is used for hosting public assets such as local government unit (LGU) logos.

He said there was “no impact” because the attackers could not do anything beyond uploading a file and were not able to execute any uploaded PHP shells since the subdomain is an S3 bucket used exclusively for file storage.

“No e-LGUs or e-government systems were affected by this issue,” he said. “We have preserved and renamed the files and submitted them, along with the Docker Nginx logs to NCERT for further investigation.”.

Ronald B. Gustilo, national campaigner for Digital Pinoys, told BusinessWorld the DICT’s approach would help identify weak points of the government’s cybersecurity infrastructure so it could correct these.

But groups and people engaged by the government should be bound by law and ethical standards, he added.

Mr. Gustilo said people should be held accountable in case of any incidental or deliberate attempts to leak information that they come across.

“The government should allocate funds to create more government positions intended for cybersecurity practitioners,” he said.

“Our community of practice is supporting the call of the DICT through Undersecretary Almirol for the private sector to assist in securing the government’s e-government platforms through independent vulnerability assessment and penetration testing,” Sam V. Jacoba, founding president of the National Association of Data Protection Officers, told BusinessWorld.

He said the country could learn from other governments that have survived cybercrises such as Indonesia, and push a cyberresilience and business continuity plan for e-government systems. — Aubrey Rose A. Inosante