Made in China? The Challenge of State-Sponsored Cyber Intrusions in the Philippines

Small and vulnerable states like the Philippines have become a target of cyberattacks for quite some time. In the past decade, countering cybercrimes has been the main priority of the government, since most of the cybersecurity issues in the country relate to criminal activities. Given that there has been appreciation in the role of cyberspace to advance state interests, the Philippines need to up its game and readjust its focus and efforts on state-sponsored cyber actors.

Countering cybercrimes has been the main priority of the government during the past decade since most of the cybersecurity issues in the country relate to criminal activities.  In recent years, the Department of Information and Communication Technology (DICT) has managed to apprehend criminals, hacktivists and disgruntled insiders.

But state-sponsored foreign actors tend to be more elusive and pose a more significant challenge for the cyber defences of the Philippines.  It is crucial for the Philippines to prepare for state-sponsored cyber operations by readjusting its orientation towards cyber threats, organising for cyber defence, and exploring appropriate responses to state-sponsored cyber operations. A number of its government agencies have been targeted by different threat actors during the past few years. Previous incidents involved targets such as law enforcement agencies, the health pension system, and the website of the House of Representatives.  More recently, the attempted cyber intrusions were against the Philippine Coast Guard by China-based hackers.

State-sponsored cyber operations are more consequential for national security for at least two reasons.

The first reason is capability. States remain the most capable actors in cyberspace therefore they can inflict more sophisticated cyber intrusions. For instance, China operates the most systematic and extensive cyber espionage campaign in the world. Russia’s capacity for subversive operations against its adversaries is well-documented. The second is the level of sophistication. State-sponsored cyber operations are more complex because they involve unrivalled cyber weapons; operate from different jurisdictions; and are executed in different stages. These factors make it more difficult for law enforcement agencies to investigate and effectively attribute and prosecute the actors responsible for the cyber intrusions.

It is imperative for the government to organise the vital government agencies involved in cyber defence. The DICT is the main government agency mandated to coordinate national efforts in the area of cybersecurity, but countering cyber operations requires collaboration with other national security agencies. The inclusion of these actors in the forthcoming National Cybersecurity Plan 2024-2029 (NCSP) hints at the Marcos Jr. administration’s whole-of-government cyber defence approach.

Cyber intrusions are part of the new normal in the geopolitical landscape of the twenty-first century. Developing appropriate responses to state-sponsored cyber operations is critical for defending the national interests of the country.

There are three urgent considerations for the government to further strengthen is capacity. First, technical expertise alone is not sufficient for strengthening cyber defences. An interdisciplinary approach to understanding cyber threats and developing robust strategies is necessary to counter state-sponsored cyber intrusions. Second, all government agencies involved in the national security pillar of NCSP should have a division or section focused on cyber affairs and emerging technologies. Third, the Armed Forces of the Philippines, with the support of the Department of National Defense (DND), needs to expedite the creation of a cyber command that will be managed coequally by the three services of the military.

Cyber intrusions are part of the new normal in the geopolitical landscape of the twenty-first century. Developing appropriate responses to state-sponsored cyber operations is critical for defending the national interests of the country. The standard response of less-capable states is to build up cyber capabilities; however, existing research confirms that small, less-capable states will not necessarily achieve strategic outcomes from investing in cyber capabilities. The two strategies that can address cyber conflict can be drawn from the basic tools of statecraft: defence and diplomacy.  

Focusing on cyber defence is appropriate because the Philippines cannot compete with powerful states in cyberspace. A number of defensive measures are already in place, but it is worth discussing two important initiatives. One initiative is operational security. Sophisticated cyber intrusions such as Operation Olympic Games, where U.S. and Israeli cyber assets sought to undermine Iranian nuclear facilities, involved advanced knowledge of the target, and this information is usually obtained through human sources that compromise operational security protocols. In this sense, the DND has started to impose more stringent protocols in the areas of cyber hygiene, counter intelligence and physical security. Another initiative is the expansion of the DICT’s Computer Emergency Response Program. This ideally involves establishing response teams and security operations centers in all national security agencies of the government.

Cyber diplomacy is another appropriate strategy because the Philippines already has a favourable track record of using diplomacy to challenge powerful states. The government can advance cyber diplomacy by actively promoting cyber norms and by sustaining international cooperation. The UN norms for responsible state behaviour in cyberspace is a significant global effort to mitigate cyber threats and conflicts. There are at least two ways the Philippines can actively campaign for these norms. The first is naming and shaming states that violate international norms and laws. The second is “accusation”, or the process by which one or more actors allege that a state bears responsibility (in private) for a cyber operation.

Sustaining international cooperation is another important aspect of cyber diplomacy. Since cyber operations are not constrained by geographical boundaries, cooperation is necessary to manage increasingly hostile threats. The Philippines must sustain its participation in regional and global platforms such as the UN Open-ended Working Group, Singapore International Cyber Week and the Global Forum of Cyber Expertise because these can contribute to stronger of cyber cooperation between states.

2024/64