Professional Documents
Culture Documents
1
VOLUME
STRATEGIC
CONSIDERATIONS
FOR PHILIPPINE
CYBER SECURITY
OCCASIONAL
PAPER
January 2016
02
STRATEGIC
CONSIDERATIONS
FOR PHILIPPINE
CYBER SECURITY
CYBER CRIME
Despite the relatively controlled threat posed by cyber crime, the Philippine
government has adopted a more active posture towards countering illegal domestic
cyber activities in contrast to countering external threats to national security.
C 2016 ADRiNSTITUTE for Strategic and International Studies. All rights reserved.
* The views and opinions expressed in this Paper are those of the author and do not necessarily reflect those of the Institute.
03
C 2016 ADRiNSTITUTE for Strategic and International Studies. All rights reserved.
www.stratbase.com.ph
04
C 2016 ADRiNSTITUTE for Strategic and International Studies. All rights reserved.
www.stratbase.com.ph
05
www.stratbase.com.ph
06
C 2016 ADRiNSTITUTE for Strategic and International Studies. All rights reserved.
www.stratbase.com.ph
07
C 2016 ADRiNSTITUTE for Strategic and International Studies. All rights reserved.
www.stratbase.com.ph
08
09
C 2016 ADRiNSTITUTE for Strategic and International Studies. All rights reserved.
www.stratbase.com.ph
10
C 2016 ADRiNSTITUTE for Strategic and International Studies. All rights reserved.
Domestic
The response of the Government of the Philippines
In reviewing the regional responses to cyber threats, towards cyber security has generally been limited
it is apparent that some barriers have been slowing
despite a significant cyber incident that transpired
the growth of cyber security efforts in the region. The in 2000. The I LOVE YOU virus, created by an
first barrier is the uneven distribution of resources
undergraduate Filipino computer science student,
and capabilities among states. States such as
infected around 55 million computers and
Japan, South Korea, and Singapore are clearly more generated around $10 billion worth of damage
technologically superior compared to other states
globally.60 Government prosecutors filed cases
like China, Indonesia, Malaysia, the Philippines, and against the perpetrator Onel de Guzman, but the
Thailand; but even these are considerably more
indictment was dismissed even at the first stage
advanced than states such as Brunei, Cambodia,
because there was no law punishing
Laos, Myanmar or Vietnam. Even though this
computer criminals at that time.61
digital divide is predominantly expressed in terms
of infrastructure development and broadband
A significant initiative towards a national cyber
penetration, the economic inequalities and low
security blueprint was the creation of the National
socio-political capacity levels present substantial
Cyber Security Plan in 2004. The plan was
challenges to these states as well.59 The second
comprehensive and reflected the governments
barrier relates to the level of cooperation that states cyber security policy, which centers on
are willing to extend in the area of cyber security.
institutionalizing the necessary capabilities in the
States develop CNO capabilities to obtain different
government and the private sector to adequately
strategic security objectives; therefore, it would not
meet and respond to challenges and threats against
be in their best interest to share information about
critical cyber infrastructures.62 The plan presented
their cyber operations. In this sense, collaborative
four main strategies and corresponding programs
operations and intelligence sharing can potentially
that were part of the governments solution
diminish the strategic advantage of cyber operations to increasing threats in cyberspace.
more than other conventional military operations.
The first strategy is to understand the risks present
Furthermore, the absence of global norms or code
through a sustained threat assessment of national
of conduct for cyberspace operations also signifies
the uncertainty and lack of consensus about the
vulnerabilities and protective measures already
www.stratbase.com.ph
11
C 2016 ADRiNSTITUTE for Strategic and International Studies. All rights reserved.
www.stratbase.com.ph
12
C 2016 ADRiNSTITUTE for Strategic and International Studies. All rights reserved.
www.stratbase.com.ph
13
Conclusion
Cyber security is still a weak aspect of Philippine
national security. The lack of discussion regarding
the challenges and opportunities relating to
cyberspace is impeding current efforts to address
increasing cyber threats against the state. Given
these circumstances, there are three reasons
why the Philippine government should consider
cyber security as a policy priority. The first is that
the economic losses to cybercrime are escalating
and law enforcement agencies do not necessarily
have the capabilities to handle the massive volume
of incidents. The second is cyber espionage has
become a predominant method of intelligence
collection and it is not clear if the military has the
capabilities to detect and counter these operations.
Third is that the territorial disputes and political
conflicts in the Asia-Pacific region have spilled over
into cyberspace, therefore making the region the
most active in terms of cyber conflict.
C 2016 ADRiNSTITUTE for Strategic and International Studies. All rights reserved.
www.stratbase.com.ph
14
ENDNOTES:
Rid T. (2013). Cyberwar will Not Take Place. London: Hurst & Co. Ltd, xiv-xv.
2
United Nations Institute for Disarmament Research (2013). The Cyber Index International Security Trends and Realities Geneva, Switzerland: United Nations.
3
For a more detailed discussion on these assumptions see Lynn III, W. J. (2010)
Defending a New Domain: The Pentagons Cyberstrategy Foreign Affairs 89 (5), 97108, Nye Jr., J. S. (2011). The Future of Power New York: Public Affairs, Libicki, M.
(2009) Cyberdeterrence and Cyberwarfare Santa Monica, CA: RAND Corporation.
4
Sheldon, J. (2011). Deciphering Cyberpower: Strategic Purpose in Peace Strategic Studies Quarterly 5(2), 95-112.
5
Freedman, L. and Raghavan, S. (2008) Coercion In Paul Williams (ed.) Security
Studies: An Introduction London: Routledge, 217-218.
6
Mansbach, R. W. and Taylor, K. L. (ed.) (2011) Introduction to Global Politics 2nd
Edition London: Routledge, 297.
7
Ibid
8
Libicki, M. (2013) Brandishing Cyberattack Capabilities Santa Monica, CA:
RAND Corporation, vii-xi.
9
Lindsay, J. (2013) Stuxnet and the Limits of Cyber Warfare. Security Studies (22)
3, 385-389.
10
Gartzke, E. and Lindsay J. (2015) Weaving Tangled Webs: Offense, Defense,
and Deception in Cyberspace. Security Studies 24 (2), 346.
11
Ibid
12
Cartwright, J. E. (2010). Joint Terminology for Cyberspace Operations Washington D.C.: U.S. Department of Defense.
13
Rid, T., and McBurney, P. (2012). Cyber-Weapons. RUSI Journal 157 (1), 7.
14
Definitions adopted from Carr, J. (2010), Inside Cyber Warfare: Mapping the Cyber Underworld Sebastopol, CA OReilly Media, Reveron, D. (Ed.). (2012). Cyberspace
and National Security: Threats, Opportunities, and Power in a Virtual World Washington
D.C.: Georgetown University Press, 8, and Valeriano, B., and Maness, R. (2015). Cyber
War versus Cyber Realities. Oxford: Oxford University Press, 33-37.
15
Easton, D. (1953). The Political System: An Inquiry into the State of Political Science New York: Alfred Knopf, 5.
16
Nye, The Future of Power New, 123
17
Rid et, al., Cyber-Weapons, 7
18
Valeriano et. al., Cyber War versus Cyber Realities, 31
19
Ibid
20
Nye, The Future of Power and Lindsay, Stuxnet and the Limits of Cyber Warfare
21
Patton A., et. al., Occupying the Information High Ground: Chinese Capabilities
for Computer Network Operations and Cyber Espionage, Washington D.C.: US-China
Economic and Security Review Commission, 2012.
22
Jun, Jenny, et. al. (2014). The Organization of Cyber Operations in North Korea
Washington D.C.: Center for Strategic and International Studies.
23
International Police (2015) Cybercrime Retrieved from http://www.interpol.int/
Crime-areas/ Cybercrime/Cybercrime
24
Reveron, Cyberspace and National Security
25
Weimann, G. (2004). Cyberterrorism How Real Is the Threat? Washington D.C.:
United States Peace Institute.
26
Ibid
27
Healey, Jason (ed.) (2013) A Fierce Domain in Cyberspace, 1986-2012 Virginia:
Cyber Conflict Studies Association, 141-142; Berghel, H. (2001) The Code Red Worm
Communications of the ACM (44) 12, 15-19.
28
Stiennon, R. (2015) A Short Histroy of Cyber Warfare In James Green (ed.)
Cyber Warfare: A Multidisciplinary Analysis London: Routledge, 9-10.
29
Blank, S. (2008) Web War I: Is Europes First Information War a New Kind of
War? Comparative Strategy (27) 3, 227-247.
30
Lindsay, Stuxnet and the Limits of Cyber Warfare; Falliere, N. (2011) W32.Stuxnet Dossier. Mountain View, CA: Symantec Corporation, 1-3.
31
Valeriano et. al., Cyber War versus Cyber Realities, 173-175;
32
Exaggerations of war in cyberspace are discussed in Sutherland, B. (2011) The
1
C 2016 ADRiNSTITUTE for Strategic and International Studies. All rights reserved.
Economist: Modern Warfare, Intelligence and Deterrence: The technologies that are
transforming London: Economist Books, Arquilla, J., (27 February 2012) Cyberwar Is
Already Upon Us [Web log post]. Retrieved from http://foreignpolicy.com/2012/02/27/
cyberwar-is-already-upon-us/ and Palette, D. et. al. (12 October 2015) Cyberwar Ignites a New Arms Race. Wall Street Journal. Retrieved from http://www.wsj.com/articles/cyberwar-ignites-a-new-arms-race-1444611128
33
Lewis, J. (2014). Net Losses: Estimating the Global Cost of Cybercrime Washington D.C.: Center for Strategic and International Studies.
34
Guillermo, J. (2015). Local Cybercrime Landscape [PowerPoint slides] Retrieved
from http://aseanfic.org/2015/wp-content/uploads/2015/02/Philippine-CybercrimeLandscape-ASEANFIC.pdf
35
Bartolome, J. (2014, November 1) Nearly P400M lost to ATM fraud from 2012
to 2013, says lawmaker [Web log post.] Retrieved from http://www.gmanetwork.com/
news/story/ 386207/ money/economy/nearly-p400m-lost-to-atm-fraud-from-2012-to2013-says-lawmaker
36
Sy, Geronimo L. (2015). Philippines 2014-2015 Cybercrime Report The Rule of
Law in Cyberspace Manila: Department of Justice.
37
Ibid
38
Seagal, A., (2013) From Titan Rain to Byzantine Hades In Jason Healey (ed.) A
Fierce Domain in Cyberspace, 1986-2012 Virginia: Cyber Conflict Studies Association,
165-167.
39
Kujawa, A. (2015). APT30 and the Mechanics of a Long-Running Cyber Espionage Operation Milpitas, CA: FireEye.
40
Domingo, F. (2015, 27 February). Intelligence as the Philippines First Line of Defense [Web log post]. Retrieved from, http://nottspolitics.org/2015/02/27/intelligenceas-the-philippines-first-line-of-defense/
41
Kujawa, APT30 and the Mechanics and Donohue, B. (19 May 2015). Naikon
APT steals geopolitical data from the South China Sea [Web log post]. Retrieved from
https://blog.kaspersky.com/ naikon-apt-south-china-sea/8696/
42
International Telecommunications Union (2015). Global Cybersecurity Index Geneva, Switzerland: ITU and Feakin, T., et. al. (2015) Cyber Maturity in the Asia-Pacific
Region Canberra: Australian Strategic Policy Institute.
43
Betts, R. K. (1994). Wealth Power, and Instability-East-Asia and the United
States After the Cold War International Security 18(3), 34-77 and Christensen, T. J.
(1999). China, the US-Japan Alliance, and the Security Dilemma in East Asia. International Security 23(4), 49-80
44
Valeriano et. al., Cyber War versus Cyber Realities, 128
45
Ibid
46
Wicherski et. al. (2011) Ten Days of Rain Santa Clara, CA: McAfee; Booz Allen
Hamilton (2001) Cyber Power Index: Findings and Methodology Virginia: author; Valeriano et. al., Cyber War versus Cyber Realities
47
Valeriano et. al., Cyber War versus Cyber Realities, 84-90
48
Gompert, D., and Libicki, M. (2014). Cyber Warfare and Sino-American Crisis
Instability. Survival, 56(4), 7-22.
49
For more on the debate about cyber norms see Stevens, T. (2012). A Cyberwar
of Ideas? Deterrence and Norms in Cyberspace Contemporary Security Policy 33 (1),
148-170 and Farell, H. (2015). Promoting norms for Cyberspace Cyber Brief New York:
Council on Foreign Relations.
50
Thomas, N. (2009). Cyber Security in East Asia: Governing Anarchy Asian Security 5 (1), 19-20.
51
Richardson, J. (2002) APEC Cybersecurity Strategy Singapore: Asia-Pacific
Economic Cooperation
52
Asia-Pacific Economic Cooperation (2004) APEC Strategy to Ensure Trusted,
Secure and Sustainable Online Environment Retrieved from http://www.apec.org/~/
media/Files/ Groups/TEL/05_TEL_APECStrategy.pdf
53
Asia-Pacific Economic Cooperation (2015) APEC TEL Strategic Action
Plan 2016-2020. Retrieved from http://www.apec.org/~/media/Files/Groups/
TEL/20150331_APEC%20TEL% 20Strategic%20Action%20Plan%202016-2020.pdf
54
Association of Southeast Asian Nations (2002) Work Programme to Implement
the ASEAN Plan of Action to Combat Transnational Crime. Retrieved from http://www.
asean.org/ communities/asean-political-security-community/item/work-programmeto-implement-the-asean-plan-of-action-to-combat-transnational-crime-kuala-lumpur17-may-2002
55
Association of Southeast Asian Nations (2003) 3rd Meeting of the ASEAN Telecommunications and IT Ministers. Retrieved from http://www.asean.org/communities/
asean-economic-community/category/asean-telecommunications-and-it-ministersmeeting-telmin
56
ASEAN Regional Forum (2012) ARF Statement on Cooperation in Ensuring Cyber Security. Retrieved from https://ccdcoe.org/sites/default/files/documents/ASEAN120712-ARFStatementCS.pdf
57
ASEAN Regional Forum (2006) ARF Statement on Cooperation in Fighting Cyber
Attack and Terrorist Misuse of Cyber Space. Retrieved from http://www.mofa.go.jp/
region/asia-paci/asean/conference/arf/state0607-3.html
58
Association of Southeast Asian Nations (2011) ASEAN ICT Masterplan 2015.
Retried from http://www.asean.org/resources/publications/asean-publications/item/
asean-ict-masterplan-2015
59
Thomas, Cyber Security in East Asia, 4-5
60
Poulsen, K. (2010, May 3) May 4, 2000: Tainted Love Infects Computers Retrieved from http://www.wired.com/2010/05/0504i-love-you-virus/
61
Sosa, g. (2009). Country Report on Cybercrime: The Philippines In M. Sasaki,
Resource Material No. 79 Paper Presented at International Training Course: The Criminal Justice Response to Cybercrime, Tokyo, Japan: United Nations Asia and Far East
Institute, 80-87.
62
Milallos, M. and Romero, S. (2004). National Cyber Security Plan Manila: Office
of the President, Task Force for the Security of Critical Infrastructure, 32.
63
Ibid, 34-42.
64
National Cyber Security Coordination Office (2008). National Cyber-security Coordination and Implementation Strategy Quezon City: Author.
65
Executive Order No. 189 (2015)
66
Ibid
67
Kane, T. and Lonsdale, D. (2011). Understanding Contemporary Strategy London: Routledge, 13.
68
Clausewitz, Carl von (2008). On War (M. Howard and P. Paret, trans.), Oxford:
Oxford University Press, 28-29
69
Hart, B. H. Lidell (1967) Strategy: An Indirect Approach London: Faber & Faber,
335.
70
Kane et. al., Understanding Contemporary Strategy, 13
71
Ibid, 14
72
Ibid, 14
www.stratbase.com.ph
9.1
VOLUME
ABOUT
Francis Domingo