A CASE STUDY ABOUT THE CYBER SECURITY OF GOVERNMENT WEBSITES

HERE IN THE PHILIPPINES

Members:

Aranzo, Ella Mae

Arguelles, Athena D.
De Leon, Paul
Franco, Kharl Gino D.
Gabriel, Angelica
Regorosa, Arnulfo Jr.
Remulla, Kerwin

BSIT-3G

I. INTRODUCTION

The Philippine government, specifically their government websites is the favorite

target of hacking given the number of attacks on their website in recent years. Following
the footsteps of the hacktivists, some people resorted to hacking or breaching their
system to voice their concerns to the government. According to various cybersecurity
reports, Philippines may not be as prepared compared to other countries in terms of
cybersecurity. According to Global Cybersecurity Index, Philippines ranked as 9th place
when it comes to cybersecurity among Asia Pacific Countries in 2014. In 2015,
Kaspersky Lab reported that Philippines took the 33rd place over 233 countries that are
prone to cybersecurity threat. In the same year, there an average of 17 ransomware
attacks per day are recorded, it is a type of virus that prevents a user from accessing
his/her system.

According to Rappler.com, “The Cybercrime Prevention Act of 2012 controversy alone

attracted numerous cyberattacks from subgroups allegedly attached to Anonymous
Philippines”. Hackers gain access to at least 20 government websites when that law
took effect in October that year. The group (Anonymous Philippines), hack more than
100 government websites to protest some issues like slow internet and the
Mamasapano encounter that both erupt in year 2015. On March 27 of 2016,
Anonymous Philippines breached the ComElec (Commission of Election) website to
push them to use the security features of the vote-counting machines for the upcoming
elections on May of that year.

This study aims to identify what are the key problems in terms of cybersecurity of the
Philippine government website and how to improve its cybersecurity. Also, conducting
this study will help future events that may happen to Philippine government website to
make a fast countermeasure when facing a system breach and to prevent data leaked,
identity theft, etc.

II. STATEMENT OF THE PROBLEM

 MAIN PROBLEM

General Problem: What is the current state of cyber security of the different
government websites of the Philippines?

SPECIFIC PROBLEM

1. What are the causes of vulnerabilities of the different government

websites of the Philippines?
2. What are the potential risks and threats of cyber-attack in the
government websites of the Philippines?
3. What are the strong cyber security measures that government
websites should be implementing to reduce the risks of data
breach?

III. OBJECTIVES
 MAIN OBJECTIVES

The goal of this study to generate a clear, concise, and declarative statements
that will help us describe the state of the government website cybersecurity here in the
Philippines. It aims to identify what are the key problems in terms of cybersecurity of the
Philippine government website and how to improve its cybersecurity.

 SPECIFIC OBJECTIVES
1. Investigate the cause of vulnerabilities from the cybersecurity of
the government website.
2. Investigate the potential risk and threats of cyberattack from the
government website.
3. Identify the causes of data breaches and cyberattack from the
government website.
4. Identify different strong cyber security measures that
government websites are implementing/should be
implementing to reduce the risk of cyber breached.

IV. AREAS OF CONSIDERATIONS (S.W.O.T.)

 STRENGTH
1. The country has a flourishing IT sector that they can potentially
use to develop better cybersecurity systems.
2. Nationwide cybersecurity awareness and training programs are
being conducted by the Cybersecurity Bureau. It aims to address
the shortage of cybersecurity-skilled professionals in the country.

 WEAKNESSES
1. The Philippine has a robust social media savvy population with few
data protection mechanisms which makes the Philippines
extremely vulnerable to cyber-attacks and incidents.
2. One the challenge is a lack of understanding of the cybersecurity
of the Philippine stakeholders.
3. One of the weaknesses of the Philippines, according to Rene
Jaspe of information security consulting company Sinag Solutions,
is the low number of practicing cybersecurity professionals.
 4. The Philippines has a number of laws addressing cyberattacks
such as the Cybercrime Prevention Act. However, these laws only
deal with the aftermath of an attack and not so much with
prevention.
5. The Philippine government's budget constraints have often led to
cybersecurity being put in the backburner.

 OPPORTUNITIES
1. In 2017, the Philippine Department of Information,
Communications, and Technology launched the National
Cybersecurity Plan 2022 to increase the security and resilience of
critical data infrastructure that could avoid possible economic
losses of $3.5 billion due to cybersecurity threats.
2. The Philippine government can tap the technology sector in the
country to assess vulnerabilities, and design strong IT systems.
3. Better cybersecurity systems are being develop to counteract
different cybersecurity attacks.
4. A possible integration of a Cybersecurity curriculum for the Senior
High School is in the works as the Department of Information and
Communications Technology (DICT) is coordinating with the
Department of Education (DepEd).

 THREATS
1. There has been a rise of “cyberattacks against the Philippines"
and are accelerating at full speed.
2. The number of different hacking groups in the Philippines are
increasing, most of them are involved in cyber-attacks against
Filipino banks, and some of them are also participating in
Hacktivism campaigns against official government websites.
 3. There are a number of different attack methods that a person or
group can use against an individual or on an organization or on a
goverment and more are still being develop.

V. ALTERNATIVE COURSES OF ACTION

 FIRST OPTION

Provide a better Security System

PROS
1. The government should provide a better security system and
undergo the software update for their website
2. The government should provide a higher budget of their IT workers
to have other ways to defend computer system and personal
information of their website from the hacker

CONS

1. They need to secure the availability of their workers and lack of IT

professional
2. Correcting the mistake because of low performance and an also
they need to harden the platform of their website.

 SECOND OPTION

Awareness

PROS
1. The foundation of good security is human behavior, Human
beings, workers, can be your greatest vulnerability or they can be
 a force multiplier for security in your organization. Train your
employees on strong authentication.
2. Prioritize and be aware how to protect the website or the data from
the hacker.

CONS
1. Lack of budget for their workers and lack of awareness
2. They need to secure the availability of their workers and slow
internet in the Philippines

VI. CONCLUSION

The websites of the Philippine's government is one of the most target of hackers
or attackers. There are three possible reason why the attackers choose the
government's websites: (a) attackers want to voice their concern; (b) attackers want to
destroyed the government; (c) attackers is just having fun to know their limitations in
hacking, and their main target is the government.

Philippines is one of the countries that is prone to cyberattacks. It is due to the fact that
Philippines don't have a higher level of cybersecurity and there are more skilled cyber
hackers than I.T. experts in preventing attackers to send a malware attack. The cyber-
attacks can bring risk, not just in the government but in the whole country. Important
files and information’s could be leak if attackers will succeed in their plan, they could
use it to threat someone or used it to have authority and command instructions that
can't be opposed by the individual.

Government official should implement skilled I.T. personnel’s that are experts in the field
of cybersecurity. This is to prevent attackers to manipulate the systems that are related
to the government. Doing initial actions can save and prevent individuals being harm.
VII. RECOMMENDATION

1. Security and Hosting Protection

For local governments seeking partnership with website vendors, it's crucial to

gather information about the vendor's hosting, security, and data center. Often times,
municipalities choose to personally host their websites and combine them with their
phone, email, and financial systems all on their internal network. However, when one
item comes under cyber-attack, it becomes easier to bring down all other systems on
that same network. Having a secured hosting facility for your website ensures that your
information is protected no matter where your municipality is located.

2. Distributed Denial-of-Service (DDos) Mitigation

A DDos attack is an attempt where hackers flood a website with an immense

amount of traffic using multiple devices and IP addresses. Without DDos mitigation and
recovery plans in place, the website becomes unavailable and its data becomes lost. In
the event of an attempted breach, CivicSecurity has processes in place to identify the
attack source and type, and monitor activity for unusual levels of traffic.
CivicSecurity incorporates its defined and pressure-tested DDoS mitigation protocol into
every website it builds to identify and combat digital threats.

3. Install & Activate Software and Hardware Firewalls

Firewalls can thwart malicious hackers and stop employees from browsing
inappropriate websites. Install and update firewall systems on every employee
computer, smartphone, and networked device. Include off-site employees, even if you
use a cloud service provider (CSP) or a virtual private network (VPN). You may also
want to install an intrusion detection/prevention system (IDPS) to provide a greater level
of protection.
4. Set up Web & Email Filters

Use email and web browser filters to deter hackers and prevent spam from clogging
employee inboxes. You can also download “blacklist” services to block users from
browsing risky websites that pose malware risks. Caution your employees against
visiting sites that are frequently associated with cybersecurity threats, such as
pornographic websites or social media. This may seem like a no-brainer; but it only
takes one employee to visit the wrong website to inadvertently download malware onto
government websites.

VIII. REFERENCES