You are currently viewing TESDA, to offer national certification for cybersecurity – Manila Bulletin

TESDA, to offer national certification for cybersecurity – Manila Bulletin

By Jeffrey Ian Dy

(Following the measures taken by the Israeli government to protect its country from cyberattacks, the Technical Skills and Education Authority (TESDA) of the Philippines plans to offer a National Certification (NC) for Cybersecurity. Executive Director of TESDA for Information and Communications Technology Jeffry Ian Dy was recently invited to the 12th Cyberweek to learn how the Israeli government has successfully integrated cybersecurity into school curricula. Israel’s assistance in developing the Philippines’ national cybersecurity certification and reflections on the recently concluded Cyberweek — Art Samaniego, editor)

The deputy commander of Israel Defense Forces (IDF) Unit 8200 delivered his opening speech during the 12th annual Cyberweek here in Tel Aviv, Israel. Unit 8200 is an Israeli signals intelligence corps created to defend Israel’s information assets against online attacks. The unit is also responsible for signal intelligence (SIGINT) collection and code breaking.

Introduced only as “Colonel Yuri”, he repeatedly reminded the audience that this was not his real name. He spoke of his experience with an ongoing silent war on the internet. He gave more pragmatic and practical information on the same picture presented by the incumbents and former directors of the national cybersecurity directorates and the national security advisers of the major NATO powers who spoke before him. His presentation was full of examples of national government sites and critical infrastructure being attacked, not just by nation states, but by cybercriminals encouraged by the relatively profitable and easily accessible field of cybercrime. His message was that over the past two years, cybercriminals are not just targeting individuals or businesses, but are now targeting national databases. These cybercriminals use triple extortion schemes, first, where they demand a ransom to reveal weaknesses in the system. Second, get a ransom for not disclosing to the public that the system has been compromised, and third, get a ransom for not disclosing citizens’ personal information to other cyber criminals. Additionally, cybercriminals can put lives at risk, as ransomware attacks can cause massive power outages, breakdowns of hospital information systems, and the compromise of national citizen databases.

Colonel Yuri’s opening speech lasted only 15 minutes. Yet, that was enough to terrify me to such an extent that I began to wonder whether or not my country, the Philippines, was prepared to defend our information assets in cyberspace.

Note that 80% of the war against cybercriminals is done in silence. This war is being waged by professionals on both sides behind computers and keyboards. In most cases, the public is only informed by the cybercriminals themselves as part of their triple mode of extortion to scare the public and pressure governments into giving in to their demands. Take the example of Costa Rica when in 2021 President Rodrigo Chavez declared a national emergency as cyber crooks from a hacking hive named “Conti” were held hostage by ransomware, the country’s public hospital system . The same modus operandi has also happened recently in the Philippines. During the last election, a group called “XSOX” (who are amateurs compared to Conti because the latter now has a US$10 million bounty from the US State Department) tried to extort money from the Filipino election provider Smartmatic. When the company refused, XSOX released Smartmatic’s employee information to the public, which in some cases included full names and cell phone numbers. This led to a Senate investigation. Although XSOX revealed relevant election information, the Senate investigation made it clear that the election was not compromised as a result of the hack. While the security breach could not change the polls, Comelec and Smartmatic officials who denied that any breach ever took place were publicly humiliated.

Then there is the problem of attribution. As cyber warfare rages on the Internet, it is still unclear who is responsible for the crime. Is the country equipped with the appropriate tools and personnel to accurately identify perpetrators? Going back to our example on XSOX, they are now out on bail because the evidence is weak. I’m confident the PNPs Cybercrime group will reveal more evidence, but that’s what it is right now. In most cases, the perpetrators can only be determined by counter-piracy. This is a practice where law enforcement also hacks into the other group with the aim of implanting a “tracker” into cybercriminals’ computers, which helps law enforcement find the criminals and also facilitates digital forensics.

But the most critical aspect of cybersecurity is human capital. Does the Philippines have enough human resources trained in cybersecurity to defend our information assets? The Manila Bulletin published an interesting article in December 2021. The central thesis of the article is that in a survey of industries, it was clear that we lack cybersecurity professionals in the country. Consider that higher education courses in information security have only been introduced in the country in the last five years. These schools, including my alma mater, the University of the Philippines, lack proper cyber ranges and labs to give students hands-on experience in blue and red team cyber operations. Most of our nation’s cybersecurity professionals have been certified by private vendors. But the outlook is improving. The Technical Skills and Education Authority (TESDA) is trying to establish a national, vendor-neutral certification for cybersecurity. In line with TESDA’s competency-based qualifications framework, the qualification will be designed with the assistance of the private sector, companies engaged in cybersecurity, academia and government offices primarily engaged in cybersecurity (e.g. Department of information and communication technology). This is why TESDA officials were invited by Israel’s Ambassador to the Philippines, HE Ilan Fluss, to attend Cyberweek. TESDA reached out to the government of Israel, arguably the cybersecurity capital of the world, to help develop the country’s national cybersecurity certification.

While in Israel, I personally discussed this advocacy with General Rami Efrati (retired), one of the founders of Israel’s National Cybersecurity Directorate. He liked the idea so much that he said he would suggest the same to the Prime Minister of Israel. I want to think that with this we also contributed to the discussion.

The photo shows the Philippine delegation at the 12th Cyberweek in Tel Aviv, Israel. From left to right, Charie Villamor of PNP, Jeffrey Dy and Vlad Cuya of TESDA, Art Samaniego of Manila Bulletin and Jay Guillermo of PNP.

This brings us to my last point: cybersecurity needs a multidisciplinary approach that mobilizes not only technical personnel, but also psychologists, sociologists, political scientists and lawyers, among others. This is not a job for the government only. Our defenses are only as good as the weakest link. So maybe the approach to cybersecurity should be changed by assigning the task to a central government agency but creating a council where academics and private sectors from every industry can contribute. The council can share ideas and even share tools. The national cyber range purchased by the DICT can be shared with council members to improve the country’s disaster preparedness in the event of cyber attacks. Information must be shared between all units.

This is the only way to wage this war. By sending a message to cybercriminals: “If you play with one of us, you play with all of us.”


About the Author: Jeffrey Ian Dy is the Executive Director of Information and Communications Technology at the Technical Education and Skills Development Authority. He received his Masters in Information Security, with distinction, from Royal Holloway, University of London. The University awarded his thesis on Automated Election Information Security in the Philippines as the best academic thesis in 2021.



Leave a Reply