Office of the President of the Philippines Malacanang State of RP Cyber Security 4 th ARF Seminar on Cyber Terrorism Busan, South Korea 16-19 October 2007 1
Backgrounder DEMOGRAPHIC INFORMATION Size: 300,000 sq km land: 298,170 sq km water: 1,830 sq km 7,100 islands 82 million population 13 international gateways (airports) 30 major seaports Democratic Form of Government 16 Regions 110 provinces 60 cities REPUBLIC OF THE PHILIPPINES 2
State of RP Cyber Security Republic of the Philippines: An Overview Status of the RP Internet and Cyber Incidents Internet Threat Reports on RP Assessment of RP Cyber Defense The Role of Cyber Security Coordinator Cyber Security Roadmap 3
Legend Microwave Fiber Optic TELOF PLDT Bayantel Globe PT&T Digitel Sinat Mt. Caniaw Mt. Pila Don Mariano San Fernando Mt. Sto Thomas Binalona n Cuyapo Cabanatuan Mt. Makurukuru Mamburao o Leme r Tuban Sapat Paoa San Bontoc Sagada Mateo Mt. Data Santiag Mt. Kawal o Buaya Bayongbon g Dalton Pass R.S Kita -Kita Balagta s Backgrounder Calapan Alagao Mt. Sair Pata Sanches Mira Ballester os Apar ri Mt. Banoy Riz al Mayabobo L.Naujan Panamalaya n San Jose LE Panulian Nasiping Tuguegara o Roma Laga n Ibajay LE San Miguel Sta. Maria Iloilo Toll Cntr. Jordan L.E. Bagakay Kalibo LE Supo Caniapasan Villazar Naga City Bariw PHILIPPINE BACKBONE NETWORK Mt. Canlandog Balisong San Juan Gubat Lipata Catarman Palason L.E. Macagtas Adga Calbayog Tulibao Cebu Toll Ctr. Ormoc Toll Ctr Catbalogan Maasin Tacloba n San Roque Buscayan Borongan L.E. BoronganPassive Canceledes Naparaan Manufacturing 26% Insurance 3% Real Estate 0% RP Dependency on ICT Philippine IT Infrastructure per Sector 2005 Computer World Survey Transportation and Storage 2% Wholesale and Retail Trade 6% Agriculture, Fishery and Forestry 2% Banking 46% Camanggay Surigao LE Surigao Hill Salvacion Santiago Tibon-tibon Sipaca Butuan SugbongkogonPt. Mt. LE Mambayan Medina Gingoog Mayapay LE New Leyte Jimenez Manticao CagayanDe Oro Guihian San Andres Ozamis Ilagan Mapayapang LE Marawi Musuan San Vicente Maramag LE Peak Palpalan Asuncion Tubura Pinisikan LE LE n Nabunturan Pikit Carmen Tagum LE Cotobato LE Kabakalan MatinaLE LE DatuPian LE Davao City Isulan Tacurong LE LE LE Digos Koronada Hill l Malabakid Polonoling General Santos Pamolok LE LE Financial Intermediaries 2% Electricity, Gas, and Water 7% Construction 0% Community, Personal and Social Services 4% Communications 2% 4
Status of the Internet Number of ISPs are continuously increasing. Status of Internet Service Providers (ISPs) and Internet Exchanges (IXs( IXs) ) in 2004 # of ISPs 177 Status NTC-Registered ISPs Major ISPs Infocom Technologies (PLDT) MosCom CBCPNet Gnet (Globe Telecom) Pacific Internet 64 93 121 144 177 Major IXs Philippine Internet Exchange (PHIX) Common Routing Exchange (CORE) Manila Internet Exchange (MIX) Globe Internet Exchange (GIX) <Source: Paul Budde, 2006> 2001 2002 2003 2004 2005 Source: National Telecommunications Commission 5
Status of the Internet The number of Internet users and subscribers increases continuously Average increment of 200,000~300,000 subscribers per year 6000000 5000000 Users Subscribers 4000000 3000000 2000000 1000000 0 1996 1998 2000 2002 2004 <Source: Paul Budde, 2006> 6
Status of the Internet The number of host PCs increases The number of cyber incidents is proportional to the number of Internet subscribers, users, and host PCs Number of Host PCs 70000 60000 50000 40000 30000 20000 10000 0 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 <Source: Paul Budde, 2006> 7
Status of the Internet Number of Internet subscribers is much larger than number of broadband subscribers PCs for public use are prevalent, while the portion of individual l PCs is relatively small Public PCs are used as attack source, since it is hard to track and guarantees anonymity <Source: Paul Budde, 2006> 8
Status of the Internet Status of Philippine online game market (USD) Continuous expansion of online game market Possibility of cyber incidents (Online game cheating, identity theft, t item trading, etc.) is increasing Market size Growth rate <Source: Korea Game Development Promotion and Institute, 2005> 9
Status of Cyber Incidents US FBI recently estimated that the LOVEBUG,, made by a Philippine student in 2000, has caused a worldwide damage of approximately US$ 12Billion. NBI handled 30 various cyber crime cases as of 2005 TYPE OF CASE NBI CYBERCRIMES STATISTICS JAN - DEC 2005 1. Computer Fraud 8 2. Internet Pornography 3 3. Hacking 5 4. Computer E-mails 10 5. Violation of the E-Commerce Law 4 6. Verification 0 NO. OF CASES TOTAL 30 10
Status of Cyber Incidents In 2006, PNP monitored 446 defaced government websites mostly owned by local governments Defaced Government Websites, 2003-2007 Source: 2007 PNP-CIDG Report 400 390 350 300 250 200 * January to June data only 150 100 50 0 11 33 8 28 21 45 56 23 2003 2004 2005 2006 11 2007 Local Gov't National Govt 2003 2004 2005 2006 2007* National Govt 33 21 45 56 11 Local Gov't 11 8 28 390 23 11
Status of Cyber Incidents Data from Philippine Honeynet (www.philippinehoneynet.org) US and China are the major attack sources. More than 700 events occur by day when cyber attacks are fierce. 12
Status of Cyber Incidents Threats to nation s critical infrastructures 13
Status of Cyber Incidents Tarlac 1 cell site Bataan 1 cell site Oriental Mindoro 2 cell sites Nueva Ecija - 2 cell sites Bulacan 1 cell site Camarines Sur 3 cell sites Sorsogon 3 cell sites Masbate 1 cell site Palawan 1 cell site Bohol 1 cell site Compostela Valley 1 cell site Davao Oriental 1 cell site Davao del Norte 1 cell site 14
Status of Cyber Incidents Camarines Sur 3 cell sites Sorsogon 1 cell site Masbate 2 cell sites Surigao del Sur 1 cell site Bukidnon 1 cell site Basilan 1 cell site 15
Status of Cyber Incidents Case Study: Oplan Bojinka Oplan Bojinka was a 1995 plan by Al-Qaeda to simultaneously destroy 11 passenger aircraft over the Pacific Ocean. Reports indicate that Oplan Bojinka is the earlier version of 9/11 plot. If the operation had been successful, Al-Qaeda would have murdered thousands of airline passengers. 16
Status of Cyber Incidents Case Study: Oplan Bojinka The plot was discovered after a fire broke out in the Philippines apartment of Ramzi Yousef,, a Kuwaiti of Pakistani extraction and member of Al-Qaeda. Yousef was involved in the first World Trade Center bombing in 1993. 17
Status of Cyber Incidents Case Study: Oplan Bojinka Philippines police found bomb making material and a laptop computer in his apartment. The laptop computer contained encrypted messages that could not be read by the police or intelligence officials. 18
Status of Cyber Incidents Case Study: Oplan Bojinka Extensive analysis of the computer by law enforcement and intelligence officials eventually broke the encryption on the messages. The unencrypted messages detailed Yousef s plans to destroy the airliners and messages to his fellow co-conspirators. conspirators. Ramzi Yousef was sentenced to 240 years in prison in the United States. 19
Status of Cyber Incidents Case Study: Oplan Bojinka Plotters of the Oplan Bojinka used the Philippines as a launching pad for terrorist acts by providing training bomb making and logistical support the violent local terrorist group, Abu Sayyaf (ASO). In April 2000, the ASO demanded the release of Yousef from jail in the United States. 20
Lessons Learned Status of Cyber Incidents Case Study: Oplan Bojinka Computer forensics was critical to this investigation. The computer investigation allowed Philippine officials to analyze and decrypt the messages on the laptop. The information acquired was important in thwarting a deadly terrorist attack. 21
Status of Cyber Incidents Case Study: Oplan Bojinka Conclusion The use of the Internet by terrorist organizations will increase as these groups acquire the skills to conduct offensive operations. The interdependence of the critical infrastructure used by nation-states will allow terrorist groups these facilities with deadly results. 22
PH-CERT Assessment: Organization for RP Cyber Defense The first CERT in the Philippines Localized assistance Funding from membership fees and sponsorships No permanent staff purely voluntary Provides Email and phone based technical assistance (No on-site services) Coordination with law enforcement agencies Technical training However, the operation of PH-CERT encountered difficulty due to lack of financial support and human resources 23
Assessment: Organization for RP Cyber Defense National Bureau of Investigation - Anti Fraud and Cyber Crime Division Feb 1997: NBI-AFCCD created, through an Administrative Order, in order to address all computer related crimes and other offenses using technology Supported by the US-FBI to set up it Forensic Laboratory The NBI-AFCCD needs legislation in order to empower it, organizationally and financially, and make it effective in responding to cyber crime incidents 24
Assessment: Organization for RP Cyber Defense NBI Anti-Fraud and Computer Crimes Division 25
PNP - CIDG Assessment: Organization for RP Cyber Defense (Government Computer Security Incident Response Team) GCSIRT was created through TFSCI To suppress, detect and investigate computer network intrusions and other related internet or computer crimes Projected capability: digital analysis, log file analysis, forensic media analysis, etc. Issues: lack of specific legislation, overlapping roles of IT government bodies, lack of proper training of law enforcers, public awareness, etc. 26
Assessment: Organization for RP Cyber Defense The Philippine Honeynet Project It is a non-profit, all volunteer group dedicated to honeynet and security research. It is a part of a larger global security initiative called the Honeynet Research Alliance. 27
Assessment: Organization for RP Cyber Defense Honeynet s Infrastructure Study hackers tools and techniques to be able to use it against them by: Capturing new and existing attacks for research and analysis Profiling hackers / attacker behavior Analyzing attack trends and statistics Analyzing malware and hacker tools Publishing security research papers Coordinating with other security research organizations Sending out security advisories Sharing lessons learned to the community 28
Assessment: Organization for RP Cyber Defense 29
Assessment: Organization for RP Cyber Defense Other Organizations ISSSP (Information Systems Security Specialists of the Philippines) involved in the effort of creating awareness and raising the level el of information security practice security management in the Philippines PH-CISSP (Philippine Certified Information Systems Security Professionals) CISSP certified Filipinos with security professional work experience ence ISACA (Information Systems and Audit and Control) Manila Chapter sponsors local educational seminars and workshops, engages in IT research projects, conducts regular chapter meetings, and helps to further promote and elevate the visibility of the IS audit, control and security professional. 30
Assessment: Organization for RP Cyber Defense Status of CERTs in the Philippines Lack of human resource and systems to address cyber emergencies. Korea: More than 80 major CERTs CONCERT: Consortium of CERTs in Korea (http://concert.or.kr concert.or.kr) Requires national management to encourage development of CERTs and production of critical mass of cyber security professionals. 31
Assessment: Enabling Laws and Regulations e-commerce law RA 8792 Philippine E-Commerce E Law - not particular about emergency readiness but it does set the legal framework for recognition of electronic documents and transactions. Hacking and cracking Piracy or the unauthorized copying Violations of the Consumer Act or Republic Act (No. 7394) Bangko Sentral ng Pilipinas,, BSP (Central Bank of the Philippines) Circulars that apply to banks and financial institutions that dictate: Financial systems stability and service levels Connectivity security and redundancy requirements Presence of disaster recovery site and systems 32
Assessment: Enabling Laws and Regulations Pending laws including provisions for cyber security and ICT readiness HB 1246 Anti-Cyber Crime Act of 2001 HB 2251 Convergence Policy Act of the Philippines of 2004 SB 428 The Anti-Telecommunications Fraud Act of 2004 SB 2073 Data Protection Act of 2005 HB 3777 Cybercrime Prevention Act of 2005 A new Cyber-Crime Crime Prevention bill is being prepared by an Inter-Agency Cyber Law group for submission to the 14 th Congress 33
Role of the Cyber Security Coordinator q Learning from the 2 nd ARF Seminar on Cyber Terrorism: Our country needs a Focal Point to comprehensively address the task of coordinating domestic and foreign cyberterrorism countermeasures to spearhead publicprivate sector partnership in protecting our critical cyber infrastructures Note * As reported to Her Excellency the President 34
Role of the Cyber Security Coordinator q Task of the National Cybersecurity Coordinator: Deal with all domestic and transnational programs Oversee and provide direction to government countermeasures Coordinate operational responsibilities Note * As reported to Her Excellency the President 35
Role of the Cyber Security Coordinator q Task of the National Cybersecurity Coordinator: Integrate public and private efforts Organize and provide leadership to various CERTs Enhance national cybersecurity capability Spearhead collaboration with international organizations AUDIT REPORT PERIODIC RISK AND VULNERABILITY REPORTS 3RD PARTY ASSES SO AUDIT JOB Risk Assessment INVENTORY OF ASSETS Cyberspace Security Coordination Process RISK AND VULNERABILITY REPORTS INCIDENT REPORTS National Coordinator for Cyber Security Incident Response INCIDENT INCIDENT REPORTS INCIDENT REPORTS TRAINING COUES CONSEQUENCE MANAGEMENT ASSISTANCE POLICIES Laws & Policy INCIDENT REPORTS INCIDENT REPORTS TRAINING COUES POLICIES POLICIES LIST OF TRAINING COUES POLICIES Technical Training TRAINING COUES TRAINING COUES PRIVATE/PUBLIC CRITICAL INFORMATION INFRASTRUCTURE OPERATING UNITS REPORT ON TRIP PROGRAMS Awareness/ Advocacy TRIP CAMPAIGN AND ADVOCACY PROGRAMS Note * As reported to Her Excellency the President 36
RP Cyber Security Roadmap First step Second Step Make a complete goal for N-CERT Make a TFT (Task Force Team) for establishment of N-CERT Set-up the related Law and system Establish official N-CERT organization -Establish organization and it s function -Define the role of existing organizations -Define the coverage of N- CERT Make a National Cyber Security Framework Increase ability of Analyzing and responding to computer emergencies Technical Support Domestic and International Cooperation -gathering information on current Computer threats and vulnerabilities -Analysis and response to security incidents -supporting and consulting for Security technology (receive /cope with security incidents) Third step Build -up Computer emergency Response system Manage Information Security Education program Identify vulnerabilitiesand monitor responses to computer incidents -Collect information by using Honeynet -Collect information bye the local/domestic sensor -Detect infection of Malicious Code -Detect a hacked homepage -Fundamental course for information security administrator -Advanced course for information security administrator -Course for Establishment of CERT and Operation -As a Nation POC for computer incidents responses -Establish cooperation system with related organizations -Establish cooperation system with private CERTs 37
RP Cyber Security Roadmap IMPLEMENTING AGENCIES Military 38
Role of the Cyber Security Coordinator Office of the National Cyber Security Coordinator is the point of contact (PoC)) in nation and provides support to decrease occurrence of incidents in local systems National Coordinator Internal CERT Point of contact in nation The point of contact in the organization Technical support to cyber incident in nation The incident response in internal system and network Publication of information about prevention, detection, and recovery of vulnerabilities Detecting and patching Vulnerabilities Construction of system to analyze and respond the cyber incidents Analysis of internal cyber incidents and operation of the response system Training of security specialists and distribution of security guidelines Service protection according to the policy of the organization 39
Thank you UNDEECRETARY VIRTUS V. GIL National Coordinator for Cyber Security Office of the President, Republic of the Philippines Telephone numbers: +632 736-1364/72/78 Facsimile number: +632 736-1351 Email: vvgil@op.gov.ph 40