MANILA, Philippines – Two decades of zero agency funding that ended only three years ago highlight the government’s lagging information technology (IT) system, where more than half of the bureaucracy remains not connected and at risk to cyber attacks.
A major breach of more than 70 million data from the Commission on Elections (Comelec) last week show the need to invest on cyber security as the economy expands fast, thereby attracting increasing amount of data and information.
“Large databases will be developed by businesses and governments that will need to make investments in network security to prevent fraudulent transactions and various cybercrimes,” said Jose Ramon Albert, senior researcher at Philippine Institute for Development Studies.
From 1991 to 2012, national government agencies did not spend a single centavo from their budgets for Information Communication Technology (ICT) infrastructure, data from the Department of Budget and Management (DBM) showed.
Funding mostly came from the e-Government Fund, a separate fund pool for the entire bureaucracy for ICT projects created in 2003. For 2016, the fund was allocated P1 billion.
The Department of Science and Technology, supposed to be the government’s main research agency, did not also have a separate budget for ICT until 2014, data showed.
It was only last year the ICT office under it was allocated P2.54 billion for infrastructure. For 2016, that amount slightly grew to P2.9 billion.
“Most funding is not captured by the budget since they are project based. So they are not included under it,” said Roy Espiritu, communications head of ICT office, in a phone interview.
“So far, our funding covers all our needs,” he added.
60 percent still not connected
The ICT office leads the e-government master plan 2013-2016 that calls, among others, for the full implementation of the government web hosting service supposed to be by 2014.
The idea is to put under one server all websites and e-mail addresses of government agencies. As of this year, around 60 percent of those entities continue to rent third-party servers, including that of Comelec.
“The problem is AO 39 did not prescribe any sanction for those which will not meet the deadline so a lot of them are still using their own servers,” Espiritu said, citing AO 39 issued by President Aquino.
“Hopefully, what happened to Comelec will push other agencies to connect with our system,” he added.
This is worrisome if analysts are to be believed. According to TrendMicro, a global developer of security software, the Philippines recorded 6,207 cases of online and mobile malwares in 2014, more than four times the number in the previous year. In Southeast Asia, the country suffered the fourth highest number of attacks in the third quarter of 2015 alone.
Espiritu declined to name the agencies still disconnected from the system, although he vouched for the latter’s efficiency and security. “We are able to monitor it round the clock,” he said.
Enrique Festijo, lecturer from the Technological Institute of the Philippines, however was not impressed.
“The way the system works now is it’s reactive, more on root cause analysis. It must be proactive. The system must continually improve even without a threat,” said Festijo, whose dissertation tackled computer network security and applications.
By estimates, he said being connected to a unified server only protects data 60 percent of the time, indicating a still higher chance of getting infiltrated.
So risks increase when you are not even connected to the system. The STAR found out that at least under the Department of Transportation and Communications, e-mail addresses of higher-ups could be so generic, they are using Yahoo! or Google Mail.
For instance, Manila International Airport Authority general manager Jose Angel Honrado’s listed e-mail was “josea7paf2003@yahoo.com.” An unnamed deputy director general from Civil Aviation Authority of the Philippines, meanwhile, uses “o444dg.caap@gmail.com.”
“There is not enough network infrastructure because the market is monopolized. Network infrastructure is dependent on private companies,” Festijo said.
Hard to determine
But the government could also not be also blamed. Analysts said it was only recently that the budget deficit was put in check with more revenues becoming available to fund other needs.
“ICT is not something you easily put up on the priority list before other solid infrastructure,” an economist said.
For some, ICT is being funded by grants. The Bureau of Internal Revenue, for instance, just finished its $54.3-million Revenue Administration Reform Project (RARP) under the country’s five-year US compact.
RARP improved the government’s tax collection system “using US taxpayers’ money,” Internal Revenue commissioner Kim Henares said in her speech during the closing event last Friday.
But the amount did not include cyber security, which according to her, is budgeted every year. For Albert, this represents the challenge of estimating the government’s entire ICT needs.
“I think the DBM only shows the hard equipment they purchase, but ICT staff (or manpower) is not included,” Albert said. “It’s really difficult to measure how much do you need,” he added.//
A major breach of more than 70 million data from the Commission on Elections (Comelec) last week show the need to invest on cyber security as the economy expands fast, thereby attracting increasing amount of data and information.
“Large databases will be developed by businesses and governments that will need to make investments in network security to prevent fraudulent transactions and various cybercrimes,” said Jose Ramon Albert, senior researcher at Philippine Institute for Development Studies.
From 1991 to 2012, national government agencies did not spend a single centavo from their budgets for Information Communication Technology (ICT) infrastructure, data from the Department of Budget and Management (DBM) showed.
Funding mostly came from the e-Government Fund, a separate fund pool for the entire bureaucracy for ICT projects created in 2003. For 2016, the fund was allocated P1 billion.
The Department of Science and Technology, supposed to be the government’s main research agency, did not also have a separate budget for ICT until 2014, data showed.
It was only last year the ICT office under it was allocated P2.54 billion for infrastructure. For 2016, that amount slightly grew to P2.9 billion.
“Most funding is not captured by the budget since they are project based. So they are not included under it,” said Roy Espiritu, communications head of ICT office, in a phone interview.
“So far, our funding covers all our needs,” he added.
60 percent still not connected
The ICT office leads the e-government master plan 2013-2016 that calls, among others, for the full implementation of the government web hosting service supposed to be by 2014.
The idea is to put under one server all websites and e-mail addresses of government agencies. As of this year, around 60 percent of those entities continue to rent third-party servers, including that of Comelec.
“The problem is AO 39 did not prescribe any sanction for those which will not meet the deadline so a lot of them are still using their own servers,” Espiritu said, citing AO 39 issued by President Aquino.
“Hopefully, what happened to Comelec will push other agencies to connect with our system,” he added.
This is worrisome if analysts are to be believed. According to TrendMicro, a global developer of security software, the Philippines recorded 6,207 cases of online and mobile malwares in 2014, more than four times the number in the previous year. In Southeast Asia, the country suffered the fourth highest number of attacks in the third quarter of 2015 alone.
Espiritu declined to name the agencies still disconnected from the system, although he vouched for the latter’s efficiency and security. “We are able to monitor it round the clock,” he said.
Enrique Festijo, lecturer from the Technological Institute of the Philippines, however was not impressed.
“The way the system works now is it’s reactive, more on root cause analysis. It must be proactive. The system must continually improve even without a threat,” said Festijo, whose dissertation tackled computer network security and applications.
By estimates, he said being connected to a unified server only protects data 60 percent of the time, indicating a still higher chance of getting infiltrated.
So risks increase when you are not even connected to the system. The STAR found out that at least under the Department of Transportation and Communications, e-mail addresses of higher-ups could be so generic, they are using Yahoo! or Google Mail.
For instance, Manila International Airport Authority general manager Jose Angel Honrado’s listed e-mail was “josea7paf2003@yahoo.com.” An unnamed deputy director general from Civil Aviation Authority of the Philippines, meanwhile, uses “o444dg.caap@gmail.com.”
“There is not enough network infrastructure because the market is monopolized. Network infrastructure is dependent on private companies,” Festijo said.
Hard to determine
But the government could also not be also blamed. Analysts said it was only recently that the budget deficit was put in check with more revenues becoming available to fund other needs.
“ICT is not something you easily put up on the priority list before other solid infrastructure,” an economist said.
For some, ICT is being funded by grants. The Bureau of Internal Revenue, for instance, just finished its $54.3-million Revenue Administration Reform Project (RARP) under the country’s five-year US compact.
RARP improved the government’s tax collection system “using US taxpayers’ money,” Internal Revenue commissioner Kim Henares said in her speech during the closing event last Friday.
But the amount did not include cyber security, which according to her, is budgeted every year. For Albert, this represents the challenge of estimating the government’s entire ICT needs.
“I think the DBM only shows the hard equipment they purchase, but ICT staff (or manpower) is not included,” Albert said. “It’s really difficult to measure how much do you need,” he added.//