Download - Occasional Paper - Strategic Considerations for Philippine Cyber Security

7/25/2019 Occasional Paper - Strategic Considerations for Philippine Cyber Security

1/15

JANUA

STRATEGICCONSIDERATIONS

FOR PHILIPPINECYBER SECURITY

9.1VOLUME

PAPEROCCASIONAL


2/15

Cyberspace has become an indispensable domain

for state interaction. Governments have, therefore,

made use of cyberspace for power projection, the

protection of critical national infrastructure, and the

exertion of political inuence over other actors in the

international system. This domain, however, has also

become a prominent source of insecurity between

states because of its particularly strong potential for

espionage, sabotage, and subversion.1 While cyber

security continues to be a contentious policy issue,

the promise of a cyber revolution has inuenced

numerous states to develop capabilities for military

cyber operations. More than 40 states have now

developed military cyber organizations and policiesand nearly 70 states have crafted non-

military policies and organizations.2

CYBER CRIME

Despite the relatively controlled threat posed by cyber crime, the Philippinegovernment has adopted a more active posture towards countering illegal domesticcyber activities in contrast to countering external threats to national security.

The idea of a cyber revolution is based on three

widely held assumptions suggested by some

scholars and policymakers about cyberspace:

it enables asymmetric advantages; it is oense-

dominant; and, deterrence is not eective in

this domain.3 First, cyberspace is asymmetric

because, it allows weaker actors to use fewer

resources and capabilities to challenge the military

forces of powerful states. Second, cyberspace is

oense-dominant for several reasons, including

the instantaneous speed of attacks, the problem

of attributing attacks to a perpetrator, and the

overwhelming dependence on cyberspace

throughout modern society.4As a result, enemiescan exploit these opportunities and engage in

numerous malicious activities, including network

STRATEGIC

CONSIDERATIONSFOR PHILIPPINECYBER SECURITY

* The views and opinions expressed in this Paper are those of the author and do not necessaC 2016ADRiNSTITUTEfor Strategic and International Studies. All rights reserved.

OCCASIONAL PAPER JANUARY 2016

02


3/15

disruption and espionage against target states. Third,

deterrence is not eective in cyberspace because the

threat of retaliation is not viable if the adversaries are not

cognizant of a states cyber capabilities.

Deterrence is the use of threats to discourage adversaries

from initiating undesirable actions.5 The logic of

conventional deterrence is based on three core elements:

communication, credibility, and capability.6 For deterrence

to be eective, a deterring state must rst communicate

to its adversaries which actions are unacceptable and

the corresponding punishment once these actions are

undertaken. The state must then demonstrate that it

has the capabilities to support its threats. Lastly, the

state must establish credibility by convincing adversaries

that the communicated threats will actually be carried

out.

7

However, these elements are problematic whenapplied to cyberspace. It would be detrimental for

states to communicate and demonstrate that they have

cyber capabilities because to do so diminishes their

strategic surprise and technological superiority, the main

advantages of military cyber operations. Absent any

awareness and conrmation from their target state,

adversaries will not be persuaded that

a state has such capabilities.8

Athough the proliferation of cyber capabilities

is inevitable, the assumptions about the value

of cyberspace for military operations are mainly

overstated and need to be claried. First,

cyberspace does not provide asymmetric

advantages to weak actors. The most sophisticated

cyber attacks, Stuxnet and Flame for instance,

required an unprecedented level of expertise and

operational capabilities that weak states and non-

state actors do not necessarily have.9Second,

the idea that cyberspace is oense-dominant

is also questionable because the complexity

of weaponization makes oensive operations

more dicult for states to develop. Moreover, the

empirical evidence suggests that cyberspace is not

necessarily oense-dominant as some academics

and policymakers argue because the successand decisiveness of oensive cyber operations

are generally conditioned on attack severity,

organizational competence, and actor resolve.10

Lastly, traditional deterrence models may not be

useful in cyberspace but an alternative interpretation

of deterrence sees a cyber attack as an indication of

successful deterrence because it substitutes kinetic

or physical attacks between states.11

Given this context, this paper arg

the strategic limitations of cybers

Government of the Philippines sho

cyber security as a policy priorit y

three reasons: the economic cons

cybercrime, the security consequ

espionage and the political conse

conict in the region. The remaind

is divided into in four sections. Th

introduces central concepts rega

cyber security. The second exam

that could inuence the developm

capabilities in the Philippines. The

existing regional and domestic po

to cyber threats. Finally, the last s

some recommendations for the n

particularly focusing on integratingwithin national security policy and

Following these objectives, the pa

oer recommendations about the

law enforcement, e-governance, i

infrastructures and other related t

outside the scope of strategic inte

actors in the international system


C 2016ADRiNSTITUTEfor Strategic and International Studies. All rights reserved.

03


4/15

Concepts and Actors

Our understanding of cyber issues is dependent on

how concepts and actors are dened and framed. It

is necessary to clarify specic concepts and identify

actors to avoid confusion and exaggeration aboutstate capabilities and threats in cyberspace. The

following section therefore discusses some core

concepts and actors in area of cyber studies.

Concepts

A core concept in the conduct of cyber security

operations is the oensive and defensive capabilities

of a state or its Computer Network Operations

(CNO). These operations are divided into three

types of functions: Computer Network Attack

(CNA), Computer Network Defense (CND), and

Computer Network Exploitation (CNE). CNA is an

oensive operation and is dened as the capabilityto use computers to disrupt, deny, degrade, or

destroy information in adversaries computers

and information systems. CND, on the other hand,

involves the protection of a states computer

networks: having the capability to detect, analyze,

and mitigate threats and vulnerabilities, and

outmaneuver adversaries. CNE is an espionage

operation and is the ability to collect i ntelligence

through the use of computer networks

to gather data about adversaries.12

These functions provide a general idea of what

states can do in cyberspace, although it is

important to note that the specic operational

instrument involved in executing cyber attacks are

weapons delivered through a computer. A cyber

weapon, in this sense, is a computer code that is

used or is designed to be used with the objective

of threatening or causing damage to objects,

networks, or living beings.13 Cyber weapons can

come in dierent forms, ranging from generic tools

that cause nuisances to high-end tools that can

bring down a states critical infrastructure. Table 1

presents the main types of cyber weapons

as well as their basic denitions.

Another fundamental concept is the projection of

power in cyberspace or cyber power. This paper

considers cyber power as an extension of poli tics,

which is, fundamentally, the authoritative allocation

of valued things.15 Since power relates to the

allocation of capabilities and resources, the paperadopts Nyes idea of cyber power: the ability to

obtain preferred outcomes through the use of

electronically interconnected information

resources of the cyber domain.16

Moving to the next concept, much debate has

been generated by the term cyber war. While

several denitions exist for this concept, this

papers proceeds with the view that notion of war is

problematic and even dangerous when applied to

cyberspace. An act of war must be instrumental,

political, and lethal, whether in cyberspace or

not.17 No stand-alone cyber operation on record

Table 1. CYBER WEAPONS DEFINED14


04



5/15

In terms of non-state actors, there are three

additional subcategories: criminals, hackers, and

terrorists. Criminal organizations exploit cyberspace

through various methods for monetary gain. The

major types of online criminal activities include theft

of data, nancial crimes, corruption, and crimesagainst children.23 Hackers on the other hand,

execute in network intrusions for dierent reasons,

ranging from experiencing the thrill of the challenge

to bragging rights. Although cracking into networks

once required a fair amount of skill or computer

knowledge, attack tools have now become

more sophisticated and easier to use, providing

hackers with more capabilities.24 For instance,

politically motivated hackers or hacktivists, such

as Anonymous and LulzSec, overload e-mail

servers and hack into websites to send a specic

political message to target audience.

While there have been no recorded incidences

of cyberterrorism, cyberspace is attractive to

terrorist organizations because it guarantees

anonymity, it enables global communication, and

it delivers a strong psychological impact.25 The

Central Intelligence Agency suggests that terrorists

will remain focused on traditional attack methods;

however, the CIA anticipates increasing cyber

threats as a more technically capable generation of

terrorists join the ranks.26 Table 2 provides some

examples of the cyber weapons that dierent

actors have utilized as well as the

incidents they were involved in.

meets these criteria, thus the concept of cyber

war will not be used for purposes of the paper. As

alternative, the paper follows the work of Valeriano

and Maness who suggest the term cyber conict as

more appropriate, as it involves hostile i nteractions

between states but is not necessarily indicativeof warfare.18 Cyber conict is dened as the use

of computational technologies in cyberspace for

malevolent and destructive purposes in order to

impact, change, or modify diplomatic as well as

military interactions between entities.19

Actors

Since the barriers and costs to entry in

cyberspace are low, a range of actors have engaged

in numerous types of disruptive activities against

dierent targets. There are two main categories

of actors in cyberspace: states and non-state

actors. States are clearly the dominant actorsin cyberspace, given their extensive resources,

expertise, and capabilities.20The development

of the most sophisticated and high-level CNO is

typically designated to states intelligence and

military services. The objectives of these services

are to collect and/or destroy intelligence by

exploiting and disrupting adversaries information

infrastructure. Some prominent examples include

the National Security Agency of the United States,

the Government Communications Headquarters of

the United Kingdom, the General Sta Department

(3rd and 4th Departments) of the Peoples Liberation

Army in China,21and the Reconnaissance General

Bureau and General Sta Department of the

Korean Peoples Army in North Korea.22

Table 2. Actors, incidents and weapons


05



6/15

In examining the role of dierent actors in

cyberspace, it is imperative to highlight the

signicant dierence between the capabilities of

states and non-state actors in cyberspace. Thereis a persistent media blitz about the threat of

massive and destructive cyber attacks by non-state

actors, but these reports are largely overstated and

empirically untested.32 It is therefore necessary

to adopt a more strategic understanding of cyber

conict where the focus of inquiry is the realistic

outcome or consequence of the attack aside from

technical and tactical considerations such as the

number of websites that are defaced or the

type of malicious code used by hackers.

Factors Affecting Cyber Security Development

States generally produce specic defense and

security capabilities in response to external

and domestic considerations. While there is no

scholarly nor policy consensus over which factors

constrain states investments in cyber capabilities,

the subsequent section oers three important

factors that could potentially inuence further cyber

capability development in the Philippines.

Economic: Cyber Crime

The rst factor is the growing industry of cyber

crime. The low barriers to entry, the assurance

of anonymity, and the high speed of t ransactions

oered by cyberspace provide criminals with

unparalleled opportunities for prot generation. A

report by the Center for Strategic and InternationalStudies and McAfee estimates that the global

economy loses $375 billion to $575 billion annually

due to cyber crimes. Even the most conservative

estimate of economic losses to these criminal

activities is more than the national income of most

states and companies, signifying the level of

risk states face from cyber crime and

how rapidly the risk can evolve.33

n the context of the Philippines, cyber crime is

an existing problem but is not as threatening

compared to other organized criminal activities

such as robbery, kidnapping and drug tracking.

For instance, the Philippine National Police Anti-

Crime Group reports that there were 3,368 recorded

cases of cyber crime from 2003 to 2014.34 Of these

cases, the most common forms of cyber crimes

were identied as website defacements, personal

account inltrations, and Internet fraud. The data

to systematically quantify the economic impact of

crime that make use of cyberspace is incomplete;

however, the most substantial reports of losses have

been from the Bangko Sentral ng Pilipinas, which

estimates that PhP175 million was lost due to ATM

fraud in 2012 and PhP220 million in 2013.35

Despite the relatively controlled threat posed by

cyber crime, the Philippine government has adopted

a more active posture towards countering illegal

domestic cyber activities in contrast to counteringexternal threats to national security. In terms of

crime prosecution, there are currently six laws that

relate to cyberspace: the Cybercrime Prevention

Act of 2012, the Anti-Photo and Voyeurism Act

of 2009, the Anti-Child Pornography Act of 2009,

the E-Commerce Act of 2000, the Access Devices

Regulation Act of 1998, and the Anti-Wiretapping

Law of 1965. Moreover, the enforcement of

these laws is assigned to four key government

agencies: the Cybercrime Investigation and

Coordination Center (Department of Science and

Technology), the Oce of Cybercrime (Department

of Justice), Cybercrime Division (National Bureau of

Investigation), and the An

Group (Philippine Nationa

Building on these eorts, the government is encour

develop the capacity to ad

domestic enforcement ag

National Bureau of Invest

National Police, still lack th

and resources to eective

Given the rapidly rising nu

it is impossible for the gov

millions of internet users w

surveillance systems and

Second, the mechanisms

cooperation are underdev

strengthened. Since cybe


06



7/15

Image Credit: post-gazette.com

hand, it can also facilitate network inltration by

adversaries.

In the case of the Philippines, investing in cyber

espionage or CNE capabilities would enhancethe intelligence collection of security and military

services. The minimum credible defense

strategy, which the government is developing, is

fundamentally dependent on understanding an

adversarys intentions and capabilities.40 Given

this situation, government security and military

forces can leverage the advantages of cyberspace

to collect vital intelligence regarding adversaries

intentions about critical issues, such as the ongoing

territorial disputes or the arms dynamic in the region.

The governments current focus is to improve

conventional capabilities of the military; it would be

reasonable to supplement these capabilities and

invest in military computer network operations.

The paradox of cyberspace is that it also allows

other states to steal information from computer

networks in the Philippines. There have been several

reports by companies like FireEye and Kaspersky

Lab of network inltrations against the Philippine

government, but it is unclear if security and milit ary

services have CND capabilities to defend the states

networks against these hostile operations.41 This

uncertainty is reected in existing cyber security

assessments, which indicate that the Philippines isdecient in military capabilities for cyber operations,

public cybersecurity assistance networks (Computer

persistent, it is crucial for the government to create

a cohesive strategy that denes the responsibilities

of each agency and sets out a clear implementation

plan that accurately integrates their functions.

National Security: Cyber Espionage

The second factor is the growing prominence of

cyberspace as area for espionage. Several cases

of cyber conict relate to espionage operations

between states. For example, in 2005, the United

States government discovered Chinese computer

network operations Titan Rain, which successfully

inltrated numerous secure systems, including

the Department of Defense, Department of State,

Department of Homeland Security, National

Aeronautics and Space Administration, and even the

British Foreign Commonwealth Oce.38

More recently, computer security company FireEye

revealed the extensive cyber espionage operation

of a group called APT30 against several states

in Southeast Asia and beyond. This incident is

disconcerting because of APT30s suspected

association with the Chinese government as well as

the groups consistent focus on collecting specic

information about political, military, and economic

issues in the region, and about media organizations

and journalists who write on topics about the

Chinese governments legitimacy.39 Considering

these examples, espionage through cyberspacebecomes paradoxical; on one hand, it enables

the ecient collection of intelligence, on the other


07



8/15

despite the strategiclimitations of

cyberspace, theGovernment of the

Philippines should considercyber security

as a policy priority

Emergency Response Teams), and inter-agency and

intergovernmental cooperation among other areas.42

In this sense, it would be in the strategic interests

of the government to develop CND capabilities,

considering the advantages of cyberspace forintelligence collection and the necessity for defense

against the persistent and pervasive threat of cyber

espionage by adversaries within region.

Political: Cyber Confict

The third factor is the persistent cyber conict in

the Asia-Pacic. The Philippines is located in a

region characterized by major shifts in the balance

of power, uneven distributions of economic power

within and between states, and intense territorial

disputes.43 Given these dynamics, there are two

crucial reasons why geopolitics in the Asia-Pacic

is integral to inuencing the development of cybercapabilities in the Philippines. First, regional

disputes and insecurities between states have

continued on from conventional conict domains

and have manifested in cyberspace. This situation

makes the Asia-Pacic the most active

region in terms of cyber conicts between

states, mainly due to Chinese action.44

In light of the Philippines involvement in a territorial

dispute with China, it is likely that cyber conict will

become a prominent tool for power projection in the

twenty-rst century. This conict has the advantage

of can delivering a strong message sans the risksassociated in conventional attacks. In addition,

the Philippines is currently entangled between

two great powers that are also engaged in hostile

action in cyberspace. A recent ground-breaking

study conrms this observation: China needs an

outlet, and military grandstanding, with possibility

of escalation involving the Americans is something

China does not want to deal with at the moment.

China seems to be good at inltrating foreign

networks, and this seems to be the least

they can do for power projection.45

Second, other global cyber powers are alsolocated in the region. North Korea, South Korea,

and Japan all have advanced cyber capabilities

and are immersed in various political rivalries and

territorial disputes in the Asia-Pacic.46 Whereas

these rivals typically project military power and

engage in aggressive actions through the air and

maritime domains, cyber conict has also been

used as a tool to advance foreign policy interests. It

is therefore not surprising that from 2001 to 2011,

North Korea instigated fteen cyber attacks against

various states including South Korea, Japan and

the United States. South Korea was associated with

eighteen cyber incidents, mostly against Japan and

North Korea. Japan, meanwhile, had fteen cyber

disputes involving China

South Korea as adversa

The strategic consequen

trend may be crucial for uncertain whether cyber

lead to crisis instability a

low-risk cyber attacks int

attacks.48 In this case, t

the Philippines to develo

in supporting its allies to

existing cyber conicts. E

not have defense agreem

Korea, it could be entang

because of its existing de

United States. In short, th

precludes the Philippines

cyber attacks as well as security and stability of th

Policy Responses to Cy

Strategies to counter cyb

implemented by states u

through international inst

consensus that norms an

the uncertainty and host

conicting interests betw

exacerbated by the revel

make further internationa

improbable.49 Response


08



9/15

Image Credit: hoover.org

Working Group in May 2002

increased cooperation and c

areas: creating a legal frame

and cooperation, producing

guidelines, training and educ

wireless security technologie

did not provide any details r

would be implemented. The

the APEC Strategy to Ensur

Sustainable Online Environm

during the Senior Ocials M

The document highlighted t

and highlighted the need to

security measures: cohesive

and policy frameworks, incid

capabilities, partnerships amacademics, public awarene

research and development,

Much like the previous strate

does not oer any concrete

member states would realize

The APEC TEL Strategic Ac

the third and most recent do

APEC Telecommunications

Group in March 2015.53 The

therefore, been state-driven and particularly focused

on strengthening domestic law enforcement as well as

military capabilities. These responses have included

everything from recruiting potential CNO specialists to

establishing full-scale cyber commands. This section

briey surveys the policy responses of key regional

institutions in the Asia-Pacic and the eorts of the

Government of the Philippines towards cyber security.

Regional

States in the region have invested time and resources

to address cyber threats mainly through the Asia-Pacic

Economic Cooperation (APEC) and the Association

of Southeast Asian Nations (ASEAN). The creation of

regional levels of governance has created

a collaborative space where such strategicdiscussions can take place. These eorts have,

therefore, enabled states in the region to develop

transnational responses to cyber threats with shared

condence in their neighbors based on their

similarities rather than dierences.50

The cyber security eorts of APEC are captured

in three key documents. The rst is the APEC

Cybersecurity Strategy, which was formulated by

the APEC Telecommunications and Information


09



10/15

Following this discussion, cyber security gured

prominently in several subsequent meetings,

including the 3rd Meeting of the ASEAN

Telecommunications and IT Ministers in 2003,

where it was decided that an ASEAN Information

Infrastructure was needed as well as the

development and operationalisation of the national

Computer Emergency Response Teams by 2005.55

In 2006, the ASEAN Regional Forum released

two statements that stressed the importance of

cyber security. The rst was the ARF Statement

on Cooperation in Ensuring Cyber Security, which

reinforced the need for an ARF work plan on security

in the use of ICT and more dialogue on condence-

building, stability, and risk reduction measures to

address the implications of ARF participants use

of ICT.56 The second was the ARF Statement on

Cooperation in Fighting Cyber Attack and Terrorist

Misuse of Cyber Space, which recommended theimplementation of cyber crime laws in accordance

with national conditions and continued interstate

cooperation in countering cyber crime

and terrorists use of cyberspace.57

The last and most current collaboration is the

ASEAN ICT Masterplan 2015 that was adopted

during the Telecommunications and IT Ministers

Meeting in 2011. The plan prioritizes cyber security

through two broad initiatives. Building trust is the

rst initiative and it involves the promotion of secure

transactions within ASEAN and public awareness

about online security. Promoting information

ve key priorities, including a strong emphasis on

a secure, resilient, and trusted ICT (Information

and Communications Technologies) environment.

More importantly, the document presented an

implementation plan that prescribed the need

to undertake specic actions during the next

four years: research, capability-building, public

awareness, and intergovernmental cooperation.

Whereas the strategic plan recommends workable

and specic measures to address cyber security,

the success of the plan is largely dependent

on the level of commitment and the

resources available to each state.

Cyber security has been a concern for ASEAN

for more than a decade, but prior to the ASEAN

ICT Masterplan 2015, no clear and concrete

regional strategy was developed by the institution

to compel its member states to address cyberthreats. The problem of cyber crime was rst

discussed during the 2nd Senior Ocials Meeting on

Transnational Crime in 2002. State representatives

agreed on the following responses: to establish a

compilation of applicable national laws, regulations

and international treaties relating to cyber crime

legislation; work towards the criminalization of

cyber crime activities; enhance law enforcement

and intelligence cooperation; develop regional

training; coordinate with ASEAN Chiefs of National

Police (ASEANAPOL) for the analysis of cyber crime

activities; and seek training assistance from ASEAN

Dialogue Partners and international institutions.54

security is the second initiative and it has to do

with developing a common framework for network

security and information security across the region.58

In reviewing the regional responses to cyber threats,

it is apparent that some barriers have been slowing

the growth of cyber security eorts in the region. The

rst barrier is the uneven distribution of resources

and capabilities among states. States such as

Japan, South Korea, and Singapore are clearly more

technologically superior compared to other states

like China, Indonesia, Malaysia, the Philippines, and

Thailand; but even these are considerably more

advanced than states such as Brunei, Cambodia,

Laos, Myanmar or Vietnam. Even though this

digital divide is predominantly expressed in terms

of infrastructure development and broadband

penetration, the economic inequalities and low

socio-political capacity levels present substantialchallenges to these states as well.59 The second

barrier relates to the level of cooperation that states

are willing to extend in the area of cyber security.

States develop CNO capabilities to obtain dierent

strategic security objectives; therefore, it would not

be in their best interest to share information about

their cyber operations. In this sense, collaborative

operations and intelligence sharing can potentially

diminish the strategic advantage of cyber operations

more than other conventional military operations.

Furthermore, the absence of global norms or code

of conduct for cyberspace operations also signies

the uncertainty and lack of consensus about the

appropriate strategy to m

Domestic

The response of the Gov

towards cyber security h

despite a signicant cybe

in 2000. The I LOVE YO

undergraduate Filipino co

infected around 55 millio

generated around $10 b

globally.60 Government p

against the perpetrator O

indictment was dismisse

because there was no la

computer criminals at th

A signicant initiative tow

security blueprint was th

Cyber Security Plan in 20comprehensive and ree

cyber security policy, wh

institutionalizing the nec

government and the priv

meet and respond to cha

critical cyber infrastructu

four main strategies and

that were part of the gov

to increasing threats i n c

The rst strategy is to un

through a sustained thre

vulnerabilities and protec


10



11/15

being implemented by the government. The second

is risk control, which requires comprehensive

security planning, eective resolution of crisis,

and risk monitoring. The third strategy relates to

the organization and mobilization of necessary

resources and relevant stakeholders, such

as specialists from the private sector and the

international community, for the implementation of

the plan. The fourth strategy focuses on instituting

regulatory and legislative reforms crucial to

addressing the challenges of cyber threats.63

Building on the cyber security policy, the National

Cybersecurity Coordination Oce prepared an

operational framework in 2008. The National

Cybersecurity Coordination Strategy and

Implementation Plan proposed a coordination

strategy that comprised on ve execution programs:

Cyber Security Legal Regime; Critical Cyber

Infrastructure Security Threat and VulnerabilityReduction; Critical Cyber Infrastructure Security

Awareness, Education and Training; Critical Cyber

Infrastructure Security Incident Response and

Consequent Management; and National and

International Coordinating Mechanisms.64

More importantly, the plan justied the urgent

need for inter-agency cooperation through the

establishment of centralized committee and the

consistent participation of dierent government

bodies and private organizations securing Philippine

cyberspace. However, while the implementation

plan was comprehensive and ambitious in theory,

as of yet there is no clear evidence or report that

discusses the status or completion of the programs

The last and most recent cyber security initiative by t

Philippines is Executive Order No. 189, which was re

17, 2015. The Executive Order was drafted in respon

threats, and in particular intended to address the the

electronic information and to assess national vulnera

commercial information systems.65 It prescribes sev

salient of which are the reestablishment of the Nation

Agency Committee, the formation of a National Cybe

Center, the creation of Computer Emergency Respon

oces, and the transfer of the new Cybercrime Inves

Coordinating Center from the Oce of the President

National Cybersecurity Inter-Agency Committee.66

The objectives of Executive Order are appropriate an

two fundamental concerns that the government seem

there was no discussion about the sustainability of th

the document. Considering that the current governm

in 2016, it is uncertain whether the plans will be contpolitical leaders. Second, the document does not pro

regarding oensive and defensive cyber operations.

secure national critical infrastructure and information

without a clear and integrated strategy for cyberspac

Thus, the governments response to cyber threats ca

acceptable but nevertheless incoherent. An evaluatio

initiatives suggests that there are no consistent links

the initiatives of the previous and the current governm

a contributing factor towards the underdevelopment

the Philippines. Nevertheless, the lack of capabilities

for the next president given the rapidly increasing de

cyberspace. The succeeding section oers some ide

integrating cyber security as a national security priori


11



12/15

Considerations for the Next President

Since previous eorts in creating a cyber strategy

were incoherent, the next president has the

opportunity to ensure strategic coherence in

addressing cyber threats. There are two initial steps

in producing a cyber strategy: assessment and

development. The rst is to assess the status and

outcome of previous government initiatives on cyber

security such as the National Cyber Security Plan

and Executive Order No. 189. The assessment

would have two objectives. The rst is to determine

if existing cyber organizations have the sucient

expertise, appropriate resources, and proper

procedures to defend the state. The second is to

evaluate if the existing i nter-agency coordination and

implementation mechanisms are in place and areactually working. This assessment is necessary to

establish continuity and avoid wasting

resources during government transitions.

The second step is to develop cyber strategy

that builds on the eorts of the previous

government. There are ve levels of strategy

where the government needs to integrate cyber

security: policy, grand, military, operational, and

tactical.67 Policy refers to the set of objectives

to be accomplished by the government.68 A national security policy typically

explains the main priorities and objectives of the president of a state. If cyber

security is to be a priority, the national security policy should explicitly explain the

relevance of cyber security and its value for the state. Grand strategy denotes the

coordination of all national assets towards the attainment of policy objectives.69

The grand strategy provides more details about the cyber strategy of the

government such as the relevant cyber organizations, the system of coordination,

management of capabilities, and cooperation with international institutions if

possible. The military strategy refers to use of military power in support of the

grand strategy.70 A national military strategy, thus, discusses the objectives,

general approaches, and the resources of the armed forces in preserving the

national security of a state. In terms of cyber security, this strategy should explain

the militarys role in cyberspace and give the public a general sense of

the type of military actions involved in securing the cyberspace.

An operational strategy has to do with the cumulative and coordinated tacticalactions undertaken to achieve a specic operational goal.71 Since goals at the

operational level are diverse, integrating cyber operations into military operations

would involve engagements ranging from disabling a command and control

system of a military base to disrupting the infrastructure protocols of a military

production facility. Lastly, a tactical strategy refers to the details of combat,

specically deployments, engagement with the enemy, and interaction between

dierent units of the military.72 Cyber operations at the tactical level would entail

detailed actions, including the development of cyber units in each military

service, the type of response against cyber attacks, and the

coordination between dierent military cyber units.


12




13/15

Conclusion

Cyber security is still a weak aspect of Philippine

national security. The lack of discussion regardingthe challenges and opportunities relating to

cyberspace is impeding current eorts to address

increasing cyber threats against the state. Given

these circumstances, there are three reasons

why the Philippine government should consider

cyber security as a policy priority. The rst is that

the economic losses to cybercrime are escalating

and law enforcement agencies do not necessarily

have the capabilities to handle the massive volume

of incidents. The second is cyber espionage has

become a predominant method of intelligence

collection and it is not clear if the military has the

capabilities to detect and counter these operations.

Third is that the territorial disputes and political

conicts in the Asia-Pacic region have spilled over

into cyberspace, therefore making the region the

most active in terms of cyber conict.

Reponses to cyber threats have mainly been

implemented by states, rather than collective actionthrough by international institutions. Whilst there is

a growing consensus that norms and cooperation

can mitigate the uncertainty and hostility in

cyberspace, conicting interests between powerful

states, aggravated by the revelations of Edward

Snowden, make international norm promotion more

dicult. States in the region have invested time

and resources to address cyber threats through

the Asia-Pacic Economic Cooperation and the

Association of Southeast Asian Nations but these

eorts are limited; although cyber security has

been a topic of concern for the last decade, more

concrete plans have only been articulated in the

last few years. Domestic responses to cyber threats

have been limited since most of the eorts have

focused on establishing legal frameworks to enable

law enforcement. There is no indication that the

previous and current gov

the investment in capaboperations in cyberspac

In this regard, the next p

opportunity to consider c

national security priority

coherence in addressing

coherence can be enhan

security measures in all l

grand, military, operation

signicantly, the next pre

the topic of cyber securi

IT crowd. An interdisci

security that draws on a

involves all government a

protect Philippine nation


13




14/15

ENDNOTES:

1 Rid T. (2013). Cyberwar will Not Take Place. London: Hurst & Co. Ltd, xiv-xv.2 United Nations Institute for Disarmament Research (2013). The Cyber Index In-ternational Security Trends and Realities Geneva, Switzerland: United Nations.3 For a more detailed discussion on these assumptions see Lynn III, W. J. (2010)Defending a New Domain: The Pentagons Cyberstrategy Foreign Aairs 89 (5), 97-

108, Nye Jr., J. S. (2011). The Future of Power New York: Public Aairs, Libicki, M.

(2009) Cyberdeterrence and Cyberwarfare Santa Monica, CA: RAND Corporation.4 Sheldon, J. (2011). Deciphering Cyberpower: Strategic Purpose in Peace Stra-tegic Studies Quarterly 5(2), 95-112.5 Freedman, L. and Raghavan, S. (2008) Coercion In Paul Williams (ed.) SecurityStudies: An Introduction London: Routledge, 217-218.6 Mansbach, R. W. and Taylor, K. L. (ed.) (2011) Introduction to Global Politics 2ndEdition London: Routledge, 297.7 Ibid8 Libicki, M. (2013) Brandishing Cyberattack Capabilities Santa Monica, CA:RAND Corporation, vii-xi.9 Lindsay, J. (2013) Stuxnet and the Limits of Cyber Warfare. Security Studies (22)3, 385-389.10 Gartzke, E. and Lindsay J. (2015) Weaving Tangled Webs: Oense, Defense,

and Deception in Cyberspace. Security Studies 24 (2), 346.11 Ibid12 Cartwright, J. E. (2010). Joint Terminology for Cyberspace Operations Washing-ton D.C.: U.S. Department of Defense.13 Rid, T., and McBurney, P. (2012). Cyber-Weapons. RUSI Journal 157 (1), 7.14 Denitions adopted from Carr, J. (2010), Inside Cyber Warfare: Mapping the Cy-ber Underworld Sebastopol, CA OReilly Media, Reveron, D. (Ed.). (2012). Cyberspaceand National Security: Threats, Opportunities, and Power in a Virtual World WashingtonD.C.: Georgetown University Press, 8, and Valeriano, B., and Maness, R. (2015). CyberWar versus Cyber Realities. Oxford: Oxford University Press, 33-37.15 Easton, D. (1953). The Political System: An Inquiry into the State of Political Sci-ence New York: Alfred Knopf, 5.16 Nye, The Future of Power New, 12317 Rid et, al., Cyber-Weapons, 718 Valeriano et. al., Cyber War versus Cyber Realities, 3119 Ibid20 Nye, The Future of Power and Lindsay, Stuxnet and the Limits of Cyber Warfare21 Patton A., et. al., Occupying the Information High Ground: Chinese Capabilitiesfor Computer Network Operations and Cyber Espionage, Washington D.C.: US-ChinaEconomic and Security Review Commission, 2012.22 Jun, Jenny, et. al. (2014). The Organization of Cyber Operations in North KoreaWashington D.C.: Center for Strategic and International Studies.23 International Police (2015) Cybercrime Retrieved from http://www.interpol.int/Crime-areas/ Cybercrime/Cybercrime24 Reveron, Cyberspace and National Security25 Weimann, G. (2004). Cyberterrorism How Real Is the Threat? Washington D.C.:United States Peace Institute.26 Ibid27 Healey, Jason (ed.) (2013) A Fierce Domain in Cyberspace, 1986-2012 Virginia:Cyber Conict Studies Association, 141-142; Berghel, H. (2001) The Code Red Worm

Communications of the ACM (44) 12, 15-19.28 Stiennon, R. (2015) A Short Histroy of Cyber Warfare In James Green (ed.)Cyber Warfare: A Multidisciplinary Analysis London: Routledge, 9-10.29 Blank, S. (2008) Web War I: Is Europes First Information War a New Kind ofWar? Comparative Strategy (27) 3, 227-247.30 Lindsay, Stuxnet and the Limits of Cyber Warfare; Falliere, N. (2011) W32.Stux-

net Dossier. Mountain View, CA: Symantec Corporation, 1-3.31 Valeriano et. al., Cyber War versus Cyber Realities, 173-175;32 Exaggerations of war in cyberspace are discussed in Sutherland, B. (2011) The

Economist: Modern Warfare, Intelligence and Deterrence: The technologies that aretransforming London: Economist Books, Arquilla, J., (27 February 2012) Cyberwar Is

Already Upon Us [Web log post]. Retrieved from http://foreignpolicy.com/2012/02/27/cyberwar-is-already-upon-us/ and Palette, D. et. al. (12 October 2015) Cyberwar Ig-nites a New Arms Race. Wall Street Journal. Retrieved from http://www.wsj.com/ar-ticles/cyberwar-ignites-a-new-arms-race-144461112833 Lewis, J. (2014). Net Losses: Estimating the Global Cost of Cybercrime Wash-ington D.C.: Center for Strategic and International Studies.34 Guillermo, J. (2015). Local Cybercrime Landscape [PowerPoint slides] Retrievedfrom http://aseanc.org/2015/wp-content/uploads/2015/02/Philippine-Cybercrime-

Landscape-ASEANFIC.pdf35 Bartolome, J. (2014, November 1) Nearly P400M lost to ATM fraud from 2012to 2013, says lawmaker [Web log post.] Retrieved from http://www.gmanetwork.com/news/story/ 386207/ money/economy/nearly-p400m-lost-to-atm-fraud-from-2012-to-2013-says-lawmaker36 Sy, Geronimo L. (2015). Philippines 2014-2015 Cybercrime Report The Rule ofLaw in Cyberspace Manila: Department of Justice.37 Ibid38 Seagal, A., (2013) From Titan Rain to Byzantine Hades In Jason Healey (ed.) AFierce Domain in Cyberspace, 1986-2012 Virginia: Cyber Conict Studies Association,

165-167.39 Kujawa, A. (2015). APT30 and the Mechanics of a Long-Running Cyber Espio-nage Operation Milpitas, CA: FireEye.40 Domingo, F. (2015, 27 February). Intelligence as the Philippines First Line of De-fense [Web log post]. Retrieved from, http://nottspolitics.org/2015/02/27/intelligence-as-the-philippines-rst-line-of-defense/41 Kujawa, APT30 and the Mechanics and Donohue, B. (19 May 2015). Naikon

APT steals geopolitical data from the South China Sea [Web log post]. Retrieved fromhttps://blog.kaspersky.com/ naikon-apt-south-china-sea/8696/42 International Telecommunications Union (2015). Global Cybersecurity Index Ge-neva, Switzerland: ITU and Feakin, T., et. al. (2015) Cyber Maturity in the Asia-Pacic

Region Canberra: Australian Strategic Policy Institute.43 Betts, R. K. (1994). Wealth Power, and Instability-East-Asia and the UnitedStates After the Cold War International Security 18(3), 34-77 and Christensen, T. J.(1999). China, the US-Japan Alliance, and the Security Dilemma in East Asia. Interna-tional Security 23(4), 49-8044 Valeriano et. al., Cyber War versus Cyber Realities, 12845 Ibid46 Wicherski et. al. (2011) Ten Days of Rain Santa Clara, CA: McAfee; Booz AllenHamilton (2001) Cyber Power Index: Findings and Methodology Virginia: author; Vale-riano et. al., Cyber War versus Cyber Realities47 Valeriano et. al., Cyber War versus Cyber Realities, 84-9048 Gompert, D., and Libicki, M. (2014). Cyber Warfare and Sino-American CrisisInstability. Survival, 56(4), 7-22.49 For more on the debate about cyber norms see Stevens, T. (2012). A Cyberwarof Ideas? Deterrence and Norms in Cyberspace Contemporary Security Policy 33 (1),148-170 and Farell, H. (2015). Promoting norms for Cyberspace Cyber Brief New York:Council on Foreign Relations.50 Thomas, N. (2009). Cyber Security in East Asia: Governing Anarchy Asian Secu-rity 5 (1), 19-20.51 Richardson, J. (2002) APEC Cybersecurity Strategy Singapore: Asia-Pacic

Economic Cooperation52 Asia-Pacic Economic Cooperation (2004) APEC Strategy to Ensure Trusted,

Secure and Sustainable Online Environment Retrieved from http://www.apec.org/~/media/Files/ Groups/TEL/05_TEL_APECStrategy.pdf53 Asia-Pacic Economic Cooperation (2015) APEC TEL Strategic Action

Plan 2016-2020. Retrieved from http://www.apec.org/~/media/Files/Groups/

TEL/20150331_APEC%20TEL% 20Strategic%20Action%20Plan%202016-2020.pdf54 Association of Southeast Asian Nations (2002) Work Programme to Implementthe ASEAN Plan of Action to Combat Transnational Crime. Retrieved from http://www.

asean.org/ communities/asean-politicato-implement-the-asean-plan-of-action-t17-may-200255 Association of Southeast Asian Ncommunications and IT Ministers. Retrievasean-economic-community/category/ameeting-telmin56 ASEAN Regional Forum (2012) ARber Security. Retrieved from https://ccdc

120712-ARFStatementCS.pdf57 ASEAN Regional Forum (2006) AR

Attack and Terrorist Misuse of Cyber Spregion/asia-paci/asean/conference/arf/st58 Association of Southeast Asian NRetried from http://www.asean.org/resasean-ict-masterplan-201559 Thomas, Cyber Security in East As60 Poulsen, K. (2010, May 3) May 4trieved from http://www.wired.com/201061 Sosa, g. (2009). Country Report oResource Material No. 79 Paper Presentenal Justice Response to Cybercrime, TokInstitute, 80-87.62 Milallos, M. and Romero, S. (2004

of the President, Task Force for the Secu63 Ibid, 34-42.64 National Cyber Security Coordinat

ordination and Implementation Strategy Q65 Executive Order No. 189 (2015)66 Ibid67 Kane, T. and Lonsdale, D. (2011)don: Routledge, 13.68 Clausewitz, Carl von (2008). On WOxford University Press, 28-2969 Hart, B. H. Lidell (1967) Strategy: 335.70 Kane et. al., Understanding Conte71 Ibid, 1472 Ibid, 14


14


9 1


15/15


is an independent international and strategic researchorganization with the principal goal of addressing theissues affecting the Philippines and East Asia

Stratbases Albert Del Rosario Institute

9F 6780 Ayala Avenue, Makati CityPhilippines 1200

V 8921751F 8921754

www.stratbase.com.ph

ABOUT

Francis Domingois Assistant Professor of International Studies at De La SalleUniversity and concurrently a doctoral researcher afliated with the Centre forConict, Security and Terrorism and the Institute of Asia and Pacic Studiesat University of Nottingham. His current research explores the strategicutility of cyber capabilities for small states. He holds an MA in IntelligenceStudies from Brunel University London (2009) and an MRes in Strategic Studies

from University of Reading (2014). His research has been published inDefense and Security Analysis, Military and Strategic Affairs,and Strategic Analysis, among other journals.

Before joining academia, he worked with the Armed Forces of thePhilippines as a research analyst with the Ofce of Strategic andSpecial Studies (OSS), where he contributed to a number ofassessments on sensitive political and security issues.

9.1VOLUME

Download - Occasional Paper - Strategic Considerations for Philippine Cyber Security

Top Related