National Cybersecurity Plan

On April 4, 2024, the Office of the President issued Executive Order (EO) No. 58, s. 2024 which adopted the National Cybersecurity Plan (NCSP) 2023-2028. It will serve as the whole-of-nation roadmap for the integrated development and strategic direction of the country’s cybersecurity.

EO No. 189, s. 2015 established the National Cybersecurity Inter-Agency Committee to enhance the country’s cybersecurity. The strengthening of the country’s cyberspace is one of the key strategies under the Philippine Development Plan (PDP ) 2023-2028. The NCSP is a sub-plan of the PDP which is the national development blueprint of the country.

Pursuant to Republic Act (RA) No. 10844, or the Department of Information and Communications Technology (DICT) Act of 2015, the DICT formulated the NCSP 2023-2028. This Plan outlines the guidelines towards a secure cyberspace for every Filipino. DICT will be the lead agency in implementing said Plan.

All national government agencies and instrumentalities, including GOCCs, are encouraged to formulate and adopt their cybersecurity plans and strategies in accordance with the NCSP. On the other hand, it will be the duty of the DICT to monitor and review the NCSP. Thereafter, the DICT shall submit to the President a bi-annual report on the implementation of the NCSP.

The NCSP results framework has 3 desired outcomes to achieve its vision of a ‘Trusted, Secure, Reliable Cyberspace for every Filipino.’ These are: (1) Outcome 1: The State, and its People in cyberspace is proactively protected and secured; (2) Outcome 2: Cybersecurity workforce capabilities increased; and (3) Outcome 3: Cybersecurity policy framework strengthened.

In order to achieve these Outcomes, the NCSP lists down its plans as follows:

Outcome 1:
– Secure the Government Network (GovNet) infrastructure;
– Reorganize the Cybersecurity Bureau to strengthen the National Computer Emergency Response Team (NCERT) and establish the National Security Operations Center;
– Develop a national cybersecurity threat database;
– Partner with Public Telecommunication Entities (PTEs) for early detection and mitigation of cybersecurity threats;
– Partner with digital online platforms to combat misinformation;
– Establish the National Cybersecurity Intelligence Fusion Center and national network of Computer Emergency Response Teams (CERTs);
– Proactively monitor threats and provide baseline assessments to all government cyberspace assets;
– Secure the country’s submarine cable infrastructure; and
– Expand bilateral and multilateral international cooperation in cybersecurity.

Outcome 2:
– Proclaim month of October as Cybersecurity Awareness Month and direct all government agencies to conduct cybersecurity awareness programs;
– Re-establish the Information and Communications Technology (ICT) Academy under the DICT and institutionalize a Cybersecurity Center of Excellence;
– Revise the index of occupation services and plantilla qualifications standards in government to include cybersecurity career positions;
– Partner with local and international training providers to develop an online training and job-matching platform for cybersecurity, AI and other emerging technologies;
– Provide partial and full scholarship for higher education students in cybersecurity in accordance with RA 11927; and
– Organize national and international hacking competitions for both private and public sectors.

Outcome 3:
– Strengthen National Cybersecurity Inter-Agency Committee (NCIAC) as the convergence point for implementing cybersecurity policies and strategies;
– Promulgate an EO in Critical Information Infrastructure (CII) Protection;
– Develop policy and capability for voluntary security labelling of Internet of Things (IOT) devices;
– Promulgate guidelines and procedures for accreditation of trusted Vulnerability Assessment and Penetration Testing (VAPT) service providers;
– Establish policies, guidelines and procedures for the use of trusted and secure crypto-primitives, elements and protocol;
– Establish cybersecurity minimum standards; and
– Propose new legislative measures to strengthen cybersecurity.

The full Executive Order issuance may be accessed here.

Post a Comment