Cyberspace Posturing INITIATIVE Towards

Cyber RESILIENT Philippines

PART 1 : CONVENTION, LAWS AND CYBERCRIME RELATED REGULATIONS

PART 2 : CYBERCRIME TRENDS AND LANDSCAPE

PART 3 : DISASTER RISK (DR) KEY CONCEPTS

PART 4: CYBER RESILIENCY INDEX, CRI-Ph

BY COL NORMAN N ANCHETA, (ret), ECE, MBA

Chief, Cybercrime Monitoring and Coordination, CICC /
Chief, Interagency Response Center (I-ARC), DICT

IECEP MIDCON PALAWAN

JUNE 1 TO 3, 2023
 Evolution vs Innovation ?

The dream behind the Web is of a common

information space in which we communicate by
sharing information. Its universality is essential: the
fact that a hypertext link can point to anything, be it
personal, local or global, be it draft or highly polished.
Tim Berners-Lee (1998)
Cyber as a Space – physical state with nodes, systems, data,
information, people, things, etc, BUT borderless and stateless !
The Convention on Cybercrime of the Council of Europe, known as the Budapest Convention, is the only
binding international instrument on this issue. It serves as a guideline for any country developing
comprehensive national legislation against Cybercrime and as a framework for international cooperation
between State Parties to this treaty. The Budapest Convention is supplemented by a Protocol on
Xenophobia and Racism committed through computer systems.

The Budapest Convention is more than a legal document; it is a framework that permits hundreds of
practitioners from Parties to share experience and create relationships that facilitate cooperation in
specific cases, including in emergency situations, beyond the specific provisions foreseen in this
Convention.

The Budapest Convention came into force in 2004. It was drawn up by the Council of Europe in
Strasbourg, France, with the active participation of the Council of Europe's observer states Canada,
Japan, Philippines, South Africa and the United States. Sixty-five countries have ratified the convention,
while a further four countries have signed the convention but not ratified it
Cybercrime:
- refers to any of the incidences or occurrence of the criminal act or offenses as defined
under RA 10175 also known as Cybercrime Prevention Act of 2012 and under special
laws and the Revised Penal Code in relations to RA 10175.

The existing cyber-related laws in the country are the following:

a. Budapest Cybercrime Convention, 2001
b. RA 4200 – Anti-Wiretapping Law of 1965
c. RA 9995 – Anti-Photo and Video Voyeurism Act of 2009
d. RA 10844 – Creation of the DICT Act of 2016
e. RA 11313 – Safe Spaces Act of 2019
f. RA 11862 – Expanded Anti-Trafficking in Persons Act of 2022
g. RA 11930 – OSAEC Law of 2022
h. RA 11934 – SIM Card Registration Law or 2022

5
Cybercrime as defined by RA 10175

A. Offense against the confidentiality, integrity, and availability of computer data and systems:
o Illegal Access
o Illegal Interception
o Data Interference
o Misuse of Devices
o Cyber-squatting
B. Computer-related Offenses
o Computer-related Forgery
o Computer-related Fraud
o Computer-related Identity Theft
C. Content-related Offenses
o Cybersex (or known as Online Sex Exploitation and Abuse – OSAEC as per RA 11930)
o Child Pornography
o Libel
o Crimes under RPC if done through cyber.
<Why do HACKERS hack?

{://. . . }

<Why not HACKERS hack?

Cybercrime as defined by RA 10175
Sections CYBERCRIME OFFENSES PENALTY FINE
4.A Offenses against the confidentiality, integrity and availability of computer data and systems
1 Illegal Access Min. of PhP 200,000.00
Imprisonment
2 Illegal Interception Maximum amount
(6 to 12 years)
3 Data Interference commensurate to the
4 System Interference damage incurred or both
(12 to 20 years, if critical
5 Misuse of Devices (Min of Php 500,000.00 if
infra is involved)
6 Cyber-Squatting involving critical infra
4.B Computer-related Offenses
1 Computer-Related Forgery Min. of PhP 200,000.00
2 Computer-Related Fraud Imprisonment Maximum amount
(6 to 12 years) commensurate to the
3 Computer-Related Identity Theft
damage incurred or both
4.C Content-related Offenses
Imprisonment Min. of PhP 200,000.00
1 Cybersex
(6 to 12 years) Max. of PhP l,000,000.00
Shall be punished with the penalties as enumerated in
2 Child Pornography Republic Act No. 9775 or the "Anti-Child Pornography Act
of 2009ʺ:
4 Libel
5.0 Other Offenses
Aiding or Abetting in the Commission of
1 Imprisonment Min. of PhPl00,000.00
Cybercrime
(6 to 12 years) Max. of PhP500,000.00
2 Attempt in the Commission of Cybercrime
National Cybersecurity Plan (NCSP) 2022
Four (4) Key Imperatives :

This organizational measure is consistent with the National Cybersecurity Plan (NCSP) 2022
which is intended to shape the policy of the government on cybersecurity and the crafting of guidelines
that will be adapted down to the smallest unit of the government. It is also expected to provide a
coherent set of implementation plans, programs, and activities to be shared with all stakeholders. The
primary goals of NCSP 2022 include:

1. Assuring the continuous operation of the Philippines’ critical infostructure (CII), and public and
military networks;
2. Implementing cyber resiliency measures to enhance ability to respond to threats before,
during, and after attacks;
3. Effective coordination with law enforcement agencies; and
4. A cybersecurity-educated society.
National Cybersecurity Plan (NCSP) 2022
Four (4) Key Imperatives :
National Cybersecurity Plan (NCSP) 2022
Four (4) Key Imperatives :
Figure 1. Organization for Economic Cooperation and Development
(OECD) Framework for Digital, Social and Economic Aspects of
Cybersecurity (excerpt from the proposed NCSP2028)
The Technology strategic area in
cybersecurity shall be led by DICT,
along with DOST and other NGAs
that design, secure, maintain,
optimize, configure, and
decommission technologies used
in cybersecurity.
By law, cybercrime coordination is through the
Cybercrime Investigation and Coordinating
Center chaired by the DICT Secretary with
members from the DOJ, NBI, and PNP, among
others. The CICC Secretariat is headed by an
Executive Director who manages the daily
activities of the Center
The National Economic Development Authority (NEDA)
monitors the country’s KPIs as indicated in the PDP 2023-
2028, which includes cybersecurity-related KPIs. The
Economic and Social Prosperity strategic area is important.
Proper funding for this strategy must be approved and
coordinated through the Development Budget Coordinating
Council (DBCC).
National and International Security is the
fourth strategic area and shall be
spearheaded by the defense establishment
led by the Department of National Defense
and jointly with the Department of Foreign
Affairs (DFA). The priority of NGAs in charge
of this strategic area is to create confidence-
building measures for proper and
responsible conduct of state actors in
cyberspace.
The NCIAC [23] shall be the convergence point for all government
agencies in implementing this strategy and shall be the main forum
for information sharing, policy coordination, and harmonization of
different cybersecurity plans of different NGAs. By coordinating all
cybersecurity programs. National Cybersecurity Inter-Agency
Council (NCIAC) chaired by the Executive Secretary and co-chaired
the by DICT and the National Security Council (NSC) Director-
General.
 CYBERCRIME TRENDS AND
The Three (3) Layers where Cybercrime
LANDSCAPE happens

The first layer is content creation and data

creation for encoding.

2nd layer are the tech peripherals, platforms

and/or computer programs where data is
processed. This includes technology service
providers/Vendors/MSPs (Managed Service
Providers)

3rd layer are the Critical Information Iinfrastructure

(CII)

The de-coupling of the attack landscape provides a strategy

Layers where Cybercrime happens to manage the cyberattacks
CYBERCRIME TRENDS AND
LANDSCAPE

Inter-Agency Response Center (I-ARC) aims to be the leading resource

of cybercrime information by analyzing complaints, its pattern,
commonality, and level of threat.
CYBERCRIME TRENDS AND
LANDSCAPE

Based on the I-ARC,

CICC collected data from the
period of 27 December 2022 –
17 March 2023, complaints on
SIM registration is on the
downtrend. However,
complaints on cybercrime and
cybersecurity are on the
uptrend. Refer to Table 1.3.
CYBERCRIME TRENDS AND
LANDSCAPE

Cybercrime and cybersecurity

related concerns of the public is
on the uptrend with Estafa or
On-line fraud related complaint
totaled at 76 (58%), followed by
Data Privacy and Illegal Access
at 33 (17%) and 30 (15%)
respectively.

There is an indication of pattern

and commonality on some of
the reported incidents like the
use of social media Apps
(Facebook and Facebook
Messenger) and GCASH for the
transfer of collected money.
CYBERCRIME TRENDS AND
LANDSCAPE

Geospatial Analysis The IARC received a total of 198 reports

1958
I-ARC analysis on the impact of information and
communication security and cybercrime in
regarding Cybercrime/Cybersecurity, based
on the location provided by the
Caller/Complainant the
- First, National Capital Region is the
most known location with a total of 559
inputs.

- Second is the Region 4A with 365

559
Callers/Complainants.
365 338
139 - Third highest known location is the
56 56 41 40 39 38 32 23 19 17 15 15 Region 3 with 338 Callers/Complainants.
…

However there are 1,958 Callers or

R

Re R

BA 1

Re A
Re A

Re 3

Re 7

Re 2

Re 6

Re n 5

Re M

CA 9

8
Re 10
m

Re B
n1
NC

4
CA

G
n

n
r

RM
te

RA
n
n

n
gio

gio

gio

gio

gio

gio

gio

gio
Complainants did not disclose there location
gio

gio
gio

gio
de

Re
Un
CYBERCRIME TRENDS AND
LANDSCAPE

The data collected from

late December 2022 to
mid-March 2023 resulted
in a total of 198 Men and
Women being shown on
the graph.

According to the
aforementioned graph,
females older than the age
of 18 contacted reporting
occurrences of cybercrime
or cybersecurity.
CYBERCRIME TRENDS AND
LANDSCAPE

Analysis in Relation to Gender and Development

Voyeurism 2
2 The data collected from
Sexual Harassment 1
2 late December 2022 to
On-line Libel 7
18
I-ARC analysis on the impact of mid-March 2023
information and communication security
Illegal Access 16 and cybercrime in relation to Gender and resulted in a total of 99
10 Development (GAD)
Male Women being shown
Identity Theft 1
3 Female on the graph Estafa
Grave Threat 4
7 had the highest
Estafa 20
47
reported rate of
E-Commerce 3
cybercrime (over 47 out
2
of 99),
Data Privacy 9
9
DISASTER RISKS (DR) KEY CONCEPTS :

*UNDRR – United Nations Office for Disaster Risk-Reduction

https://www.preventionweb.net/understanding-disaster-risk/key-concepts/capacity
DISASTER RISKS (DR) KEY CONCEPTS :

q Hazard is a process, phenomenon or human activity that may cause loss of life, injury or other health
impacts, property damage, social and economic disruption or environmental degradation. Hazards may be
natural, anthropogenic or socionatural in origin - UNDRR Terminology (2017)

q Hazards can occur individually, sequentially or in combination with each other. A primary hazard can be
followed by secondary hazards, as seen with the earthquake, tsunami, and radiological hazards in the 2011
East Japan disaster.

• Timing, severity, geographic location, and frequency are important characteristics of hazards. Hazards
can have a short or long duration, and can have different impacts depending on the time of day, week or
month when they happen.

• They can be sudden onset, like an avalanche, or develop slowly over time as the result of a
combination of factors.

World Health Organization. (2021). WHO guidance on research methods for health emergency and disaster risk
management. World Health Organization. https://apps.who.int/iris/handle/10665/345591. License: CC BY-NC-SA 3.0 IGO
DISASTER RISKS (DR) KEY CONCEPTS :

Exposures:

Populations and societies need to be exposed to a hazard to be affected by it. Populations

are often talked about as being directly or indirectly affected.

1. Direct effects include injury, illness, other health effects, evacuation and
displacement, financial and economic, social, cultural, and environmental
damages.

2. Indirect effects refer to additional consequences over time that cause unsafe or
unhealthy conditions from economic, infrastructure, social, or health and
psychological disruptions and changes.

World Health Organization. (2021). WHO guidance on research methods for health emergency and disaster risk management. World Health
Organization. https://apps.who.int/iris/handle/10665/345591. License: CC BY-NC-SA 3.0 IGO
DISASTER RISKS (DR) KEY CONCEPTS :

Vulnerability is highly dependent on the context of the hazard, since it is shaped by the context’s
individual factors and behaviors, history, politics, culture, geography, institutions, and natural processes.

q This can include things such as land use, public infrastructure, the burden of disease in the
population and previous exposure to hazards.

q What makes people vulnerable is complex, and vulnerability can be both a risk factor for and an
outcome of disasters
Groups that are commonly thought of as having higher levels of vulnerability are;

1. People living in poverty

2. Women, children and youth
3. Older people
4. People with disabilities
5. People with chronic illness or underlying health conditions
6. Migrants
7. Ethnic minorities and indigenous peoples
8. Sexual minorities

World Health Organization. (2021). WHO guidance on research methods for health emergency and disaster risk management. World Health
Organization. https://apps.who.int/iris/handle/10665/345591. License: CC BY-NC-SA 3.0 IGO
DISASTER RISKS (DR) KEY CONCEPTS :

Governance:

- refers to the different ways in which governments, the private sector and in general all individuals
and institutions in a society organize themselves to manage their common affairs.

Risk-Governance:

- refers to the various ways in which many individuals and institutions – public and private deal
with risks surrounded by volatility, uncertainty, complexity and/or ambiguity or VUCA !

https://www.preventionweb.net/understanding-disaster-risk/risk-drivers/weak-governance
RISK-GOVERNANCE AND CAPACITY-BUILDING

DISASTER RISK = HAZARD x VULNERABILITY x EXPOSURES

RESILIENCE OR COPING CAPACITIES

Courtesy : Making Cities Resilient – Summer Edition (UNITAR/UNDRR)

F (Cybersafe Index ) = ( 1 - 𝑪𝒚𝒃𝒆𝒓𝒄𝒓𝒊𝒎𝒆 𝑹𝒊𝒔𝒌) 𝒙 𝟏𝟎𝟎%

Where;
Cybercrime Risk = Cyberthreat x Vulnerability x Exposure x K Factor
Cyber Resiliency (Capacity/Governance)

a. Cyber Threat = Indicative Ratio on Threat Indicators

b. Vulnerability = Indicative Ratio on Vulnerability Indicators
c. Exposure = Indicative Ratio on Exposure Indicators
d. Cyber Resiliency = Indicative Ratio on Capacity Measures (Governance)
e. K Factor = Total Nr of Affected over Total Networked Population
 Cybersafe Framework
In General Public
Resilience is defined as “The ability of a system, community or
society exposed to (cybersecurity) hazards …

- to resist,
- to absorb (or to buffer),
- to accommodate to (or adapt to) and,
- to recover from

the effects of a hazard in a timely and efficient manner, including

through the preservation and restoration of its essential basic
structures and functions”. (http://www.unisdr.org/we/inform/terminology)

Community / Sector / Society

 Cybersafe Resiliency Scorecard
(Version 1, 2022 Series)

Roles and Responsibilities, Indicators

Core Cybercrime Strategies and Level 1 Level 2 Level 3 Level 4

Essentials Objectives
Individual / Institutions Critical National /
Household / (Commercial / Infostructure Global
Residential Industries / Public (CIIs) Partnerships
Capacity Measures and Cyber
1.0
Governance
Cybercrime Threat Management
2.0
Process
Risk- Exposure and Management
3.0
Process
Vulnerability, Recovery and Risk-
4.0
Transfers
Cybersafe Resiliency Index, Scorecard
(Version 1, Series 2022)
Cybersafe Resiliency Index, Scorecard
(Version 1, Series 2022)
Cybersafe Resiliency Index, Scorecard
(Version 1, Series 2022)
Cybersafe Resiliency Index, Scorecard
(Version 1, Series 2022)
Cybersafe Resiliency Index, Scorecard
(Version 1, Series 2022)
Exam : Single Response

1. In 1990, Berners-Lee developed Hypertext Transfer Protocol (HTTP) and designed the Universal Resource
Identifier (URI) system. Berners-Lee also created a piece of software that could present HTML
documents in an easy-to-read format. He called this ‘browser’ the ‘WorldWideWeb’.

a. True b. False

2. Budapest Convention and its Protocols is the only guideline for any country developing comprehensive
national legislation against Cybercrime and as a framework for international cooperation between State
Parties to this treaty.

a. True b. False

3. Philippine cybercrime refers to any of the incidences or occurrence of the criminal act or offenses as
defined under RA 10175 also known as Cybercrime Prevention Act of 2012 and under special laws and
the Revised Penal Code in relations to RA 10175, that includes the following general categories;

a. Offenses against confidentiality, integrity and availability

b. Computer-related Offenses
c. Content-related Offenses
d. All of the above
Exam : Single Response

4. Data Interference is punishable by imprisonment for 6 to 12 years and a minimum fine of not less that P
200,000.00, pursuant to what Law;

a. RA 10175 also known as Cybercrime Prevention Act of 2012

b. RA 10173 also known as Data Privacy Act of 2012
c. RA 11313 also known as Safe Spaces Act of 2019
d. RA 11930 also known as OSAEC Law of 2022

5. The primary goals of National Cybersecurity Plan (NCSP) 2022 (NCSP 2022) include the
following;

a. Continuous operation of the Philippines’ critical infostructure (CII), and public and military
networks;
b. Implementing cyber resiliency measures to enhance ability to respond to threats
before, during, and after attacks;
c. Effective coordination with law enforcement agencies; and
d. A cybersecurity-educated society.
e. All of the above
Exam : Single Response

6. Resilience is defined as “The ability of a system, community or society exposed to

(cybersecurity) hazards …in order to;

a. to resist,
b. to absorb (or to buffer),
c. to accommodate to (or adapt to) and,
d. to recover from
e. All of the above

7. Inter-Agency Response Center (I-ARC) of the DICT aims to be the leading resource of
cybercrime information by analyzing complaints, its pattern, commonality, and level of threat.

a. True b. False

8. As per later report of IARC, DICT there is an indication of pattern and commonality on some of
the reported incidents like the use of social media Apps (Facebook and Facebook Messenger) and
GCASH for the transfer of collected money.

a. True b. False
Exam : Single Response

9. The IARC, DICT received a total of 198 reports regarding Cybercrime/Cybersecurity, based on
the location provided by the Caller/Complainant during the 1st Qtr, 2023 data. National Capital
Region is the most known location with a total of 49 inputs equivalent to 24.75%,

a. True b. False

10 The data collected IARC, DICT from late December 2022 to mid-March 2023 resulted in a total
of 99 where Estafa had the highest reported rate of cybercrime (over 47 out of 99).

a. True b. False