In one of the foreign conventions I attended in the past as resource speaker, a question was posed as to how Philippine law enforcement would react when a cyber attack is launched against critical infrastructures of government, ala Die Hard 4.0. I said: “Dreadful, first because Philippine law enforcement is not that capable yet, second, unlike JOHN McCLAIN who seems not to run out of bullets, an ordinary cop in our country is issued only 8 rounds of ammunition per year.”
This may sound funny to you but it is the truth. The movie Die Hard may be cinematic, unrealistic in some aspects, especially in Philippine setting where computers are not yet fully networked. We are just a nation that fancies social networking but that is just about it. That is why I am sure you will agree that crimes are getting more sophisticated each day as the average criminal is able to utilize the advantages of the net in committing their crimes. What more if the intent is not merely to commit ordinary crimes as we know it, but to cause damage to a great portion of the populace in order to intimidate or coerce the government or its people in furtherance of political or social objectives. Can we cope up?
In just about every international conference, law enforcement worldwide have voiced out their respective countries’ concern about the potential threats of cyber terrorism. Presenters have repeatedly espoused the need to improve every nation’s counter cyber terrorism capabilities citing the lessons learned from various critical attacks such as the Estonia incident in 2007 which served as wake-up call for jurisdictions to shape up, at least in the aspect of cyber vulnerabilities.
Meanwhile, the Federal Bureau of Investigation said that Al Qaeda, the enemy of the free world has long expressed interest in the use of cyberspace as a potential means to attack the United States. While claiming so, the FBI said that the reason why this has not happened yet is because Al Qaeda still lacks sufficient capability such that it limited its use of the internet in recruiting sympathizers and inciting supporters to raise arms against the US. The FBI also said that terrorists have likewise used the internet in networking their members and at times post videos to give crash courses on how to build bombs and other improvised explosive devices. It added that in the twenty or so attacks on US soil since 911, successful or otherwise, traditional means were utilized by Al Qaeda and not one of which involved the use of computers and/or the internet. Meanwhile, intelligence experts in the US said that if at all, only China, Russia and North Korea pose major threats to the US in terms of capabilities, but even these States have not aggressively moved forward in testing the competition. It seems a full scale war in the net is something even the superpowers are apprehensive of engaging on.
Notwithstanding, these countries, the US spearheading, have went on to pass legislations to penalize the act of terrorism in the web and have gone on to assess their vulnerabilities aimed at instituting better measures against a menace that has yet to fully evolve.
If these States are far more advanced in capabilities than third world countries such as the Philippines, why is it that they are the ones preparing for their perceived war in cyberspace? Is it because they stand to lose more if compromised, since most of the processes (e.g. banking, telecoms, health, mass media, production) in their countries have been networked to the internet? Or is it because third world countries have not yet entirely embraced the web into their system, except in the field of communication, due to the costs involved?
The sectors complaining on the non-inclusion of a cyber provision on the Anti-Terror Act have said that Congress is never known be a proactive institution as it shies away from passing legislation on matters which have not caused problems yet. They cited the case of the Love Bug, where lawmakers supposedly passed the Electronic Commerce Act in order to reduce the embarrassment it caused the Philippines worldwide. But afterwhich Congress has not really actively moved forward, a testament to the way lawmakers have downplayed, if not avoided technology-based legislation. They added that Congress too has failed to acknowledge the practicality of the notion that unlike in traditional terrorism where the attacker is required to proceed to his target to plant the bomb, at the risk of being identified or arrested, worse risking his own life and limb, a cyber terrorist does not have to do such and encounter the same difficulties. They likewise said that in the confines of his own home or a nearby internet café, a terrorist gets to do his stuff to attack the critical infrastructures he wishes, with minimal or zero risk of danger to himself. Further, he is able to extort the government of his demands while in the process maintaining his anonymity.
A very valid point.
Meanwhile, other sectors on the opposite side had good points too. They said that there is no argument that cyber terrorism poses potential problems to the Philippines as the convergence of the physical and the virtual world, vis-a-vis the commission of traditional crimes using sophisticated methods is indeed something lawmakers should be worried of. However, they were quick to retort that while it was worthy of worry- actual legislation may not be timely. These sectors claimed that in assessing whether the Philippines needs to prepare for it, it is essential that we first determine the motivation of the persons who will commit it, the gravity of the effects and whether the platform it intends to attack actually exists.
They explained that if the motivation is political and the means used results to damage to persons or property, thereby generating fear in the populace, then it must be terrorism. Otherwise, any other attack using the same utilities of the internet but whose effects are easily repairable, regardless of the nuances or annoyances it created should not be considered as terrorism but simply fall under the category of cyber crimes. They cited as example the series of defacement of government websites in the first quarter of the year which caused some sectors to be pissed off. They said that since the effects were rarely felt by the people aside from the fact that repairs have been initiated upon discovery thereby entailing little costs, they can never be categorized in whatever sense as terrorism.
They likewise added that in some ways, the failure to network computers in order to fully run a government via the internet has somewhat worked to our favor. They claimed that since the platform to launch a disastrous attack does not actually exist, there is not even a medium to commit terrorism to speak of. In essence, they were suggesting that to burden ourselves with generating a solution to a perceived problem before concerning ourselves with finding the logistics to wire our world is like putting the carriage before the horse.
Well said.
Let us reconcile the two schools of thought.
There is no debate that a serious attack may be catastrophic when launched against an unprotected or weak system such as ours. But there is likewise no argument that the platform does not exist too. After all, a fully online dealing with the businesses of government is still far from being realized.
But then again, since when has it been impractical to prepare for the unforeseen? To know and prepare for the strengths and weaknesses of an enemy, existing or perceived, makes one realize its own strengths and limitations too. To cite SUN TZU’s Art of War: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
Better to prepare now, assess the available resources and determine what is lacking so that by the time the enemies (cyber terrorists) arrive, we will be armed, at least to protect if not engage in actual warfare.
And by the way, lest that we forget, even a cyber crime bill is something that Congress has not acted on for years now. They should start with that.
Sir la ng bago sa Kongreso. Gnyan tlaga sila. KUng byahe sa US para manood ng boksing pwde pa
ReplyDeleteBravo mr. mallari..galing!galing!npaka talented mo naman bukod sa matalino ka galing mo pa kumanta,msarap ka siguro kausap lalo sa personal..keep on writing..
ReplyDeletepwde kapo write ng something about "loving unconditionally..i know u can relate with this hehe.saka bakit mr. complicated kapa din?complicated pa ba?
ReplyDeleteVery good discussion on two sides of an impt issue. Thumbs up!
ReplyDeleteGOOD POST.
ReplyDeleteSir, ur back and Im back too reading. sipag nyo poh magpost ngayon ah. Ayos!
ReplyDeleteImma losin faith on govt. Fulla crap, all talk lil work
ReplyDeleteA firesale is not impossible but highly improbable due to the current condition of our country's capabilities to modernized itself, it doesn't mean it won't happen but chaos will find a way eventually.
ReplyDeleteDo hope that all the government's spending on intel and modernization is worthy.
Good Job Sir.
Good morning po. Kailan po kayo ulit mgspeak dito sa Maliig? God bless.
ReplyDeleteGaya ninyo, ako ay "ahente" din, call center nga lang. Teka dapat walang "lang". Ang call center ang isa sa aktibong bumubuhay ngayon sa bansa. Kami ang modernong Magdalena. Bading nga lang. lol.
ReplyDeleteNoong una, ang akala ko ang pulis at NBI ay isa lamang. Ngayon ko napagtanto, malayung-malayo. I dont think the police can write this good. I posted this site on my fb. The other articles are very informative while the rest show the blogger's versatility. Back to work. Bye :-)
Anything we dont see is potentially dangerous, thus, preparation is the key. Good post!
ReplyDeleteDats why d US is a superpowr. It luks 100 yrs into d future
ReplyDeleteGaling ng mga posts mo Mei., the style and depth of thought...MAbuhay ka!
ReplyDeletegaling mei...the style and depth and thought mga posts...kala ko rera na magaling magsulat. pati pala si chief hehe!
ReplyDeleteYour posts are addctive for a house bum like me hehe. Nice!
ReplyDeleteTol, what makes your blog interesting is the variation in the topics. You can easily shift from the discussion of issues to the melodramatic stories which i believe are your personal experiences. You never fail to amaze me. Keep it up bro'. With kisses hehe<
ReplyDeleteAs early as Douglas McArthur's era, he already expressed that there's no security in this freaking world - only opportunity. I'm correlating this to cyber-security as no one can make an IT infrastructure / mission critical system (even those maintained by the Feds) 100% secured. It's always the opportunity to exploit these systems that every security practitioner should always be on the lookout for. Striking a balance between the business and security is essentially what makes a security practitioner marketable nowadays. The government can't pay these "experts" well enough so it's moot and academic that no one's "capable" enough from their end to deal with such complex cases when it mutates to a more complex stint. I am sure that Chief Mallari is being wooed by a Corporate giant to head their Security Department as I write this comment so there..good luck with that!
ReplyDeleteCant wait on your new article about the PACMAN. God Bless.
ReplyDelete