WITH most, if not, all of the country’s most critical infrastructure tied to technology, the president of an advisory firm hopes the government will implement a national cyber security policy that would compel companies to properly secure their data from outside forces.
Angel Redoble, president and CEO of ARMCI Solutions and Consultancy, a Philippine corporate entity of BDO International Limited, said the creation of such a policy would give the country a standard that companies have to adhere to to ensure their systems are secure.
Redoble said a cyber crime law is not enough to prevent a catastrophe, should any of the country’s key infrastructure be compromised. Among the industries that can have a big impact on the economy should their data be compromised are banking, telecommunications, power and utilities, oil and gas, the supply chain and air and sea transport.
Cyber crime, he noted, is limited to the domestic offenses. He warned that the possibility of cyber warfare can bring down a country if someone powerful enough has access to data. He added this can even be done remotely, from any place in the world.
Standard
Currently, Redoble said the Philippines has no policy, no standard, no laws that force companies to comply with a standard and no penalties for those who cannot meet the standards.
He admitted that the defacement of some government websites that came after the tensions between China and the Philippines brought the issue of cyber security into the open. However, he said this is “only the tip of the iceberg.”
“What if 800,000-strong hackers attack our central infrastructure? Are we going to survive?” he asked.
Since it will be difficult to stop people from developing software that could potentially be dangerous, Redoble suggested being proactive by instilling a national policy to anticipate any risks before they actually occur.
He also cautioned against copying similar policies from other countries, saying the threats to the Philippines may be different from those of other nations. “This initiative should be done the right way, not hurriedly,” he told Sun.Star Cebu.
Before the government begins to draft a national cyber security policy, he believes it should first conduct a risk assessment to determine how companies are vulnerable.
This, he said, is where advisory companies like ARMCI can come in, saying the government cannot pretend to know everything about cyber security.
By accrediting advisory companies to check on the level of security compliance of companies, Redoble said the government will also be helping advisory firms grow their business.
He said checking security compliance should not be a one-time thing, but should be done periodically.
Redoble noted that those in the private sector are doing their part to secure their companies, but the absence of a national standard leaves their efforts somewhat lacking. Still, he said companies are now becoming aware of the threats and are slowly trying to work on improving their security efforts.
Decision makers
As for the government, Redoble lamented that those who make the decisions do not seem to understand how real the threat is. While the middle managers realize such a threat exists, Redoble said they cannot do much if the decision-makers do not agree with them.
Redoble is a certified ethical hacker and computer hacking forensic investigator with over 14 years of local and international experience in consultancy related to cyber security. His experience includes vulnerability assessment, penetration testing, cyber warfare, computer security incident response, enterprise security risk assessment with focus on information security threats and vulnerabilities.
He provided recommendations to clients in various industries including major banks in Spain, a Spanish nuclear power plant, a Spanish power and energy distributor, the Spanish military and the Spanish Department of Defense.
Jon Kenneth Gotiong of Blueshield Risk Management, which introduced BDO services in Cebu, said Redoble’s firm offers financial, risk and compliance, information technology and human resource advisory services.
Redoble added they can also provide a physical security assessment of locations.
