Made in China? The challenge of state-sponsored cyber intrusions in the Philippines

Apart from security challenges associated with regional geopolitical tensions, the Philippines must address its vulnerability against state-sponsored intrusions into its cyberspace.
The Philippines has to be alert to state-sponsored cyber threats. (iStock)
The Philippines has to be alert to state-sponsored cyber threats. (iStock)

Small and vulnerable states like the Philippines have been a target of cyberattacks for quite some time. In the past decade, countering cybercrimes has been the main priority of the government, since most of the cybersecurity issues in the country relate to criminal activities.

Given that there has been an appreciation of the role of cyberspace in advancing state interests, the Philippines needs to up its game and readjust its focus and efforts on state-sponsored cyber actors.

Countering cybercrimes has been the main priority of the government during the past decade since most of the cybersecurity issues in the country relate to criminal activities. In recent years, the Department of Information and Communication Technology (DICT) has managed to apprehend criminals, hacktivists and disgruntled insiders.

State-sponsored cyber operations a clear threat

However state-sponsored foreign actors tend to be more elusive and pose a more significant challenge to the cyber defences of the Philippines. The Philippines needs to prepare for state-sponsored cyber operations by reorienting its approach to cyber threats, organising itself for cyber defence, and exploring appropriate responses to state-sponsored cyber operations.

A number of its government agencies have been targeted by different threat actors during the past few years. Previous incidents involved targets such as law enforcement agencies, the health pension system and the website of the House of Representatives. More recently, China-based hackers attempted cyber intrusions on the Philippine Coast Guard.

State-sponsored cyber operations are more consequential for national security for at least two reasons.

State-sponsored cyber operations are more complex because they involve unrivalled cyber weapons, operate from different jurisdictions and are executed in different stages.

philippines
This handout photo taken on 22 February 2024 and received on 25 February 2024 from the Philippine Coast Guard shows a China Coast Guard vessel sailing near the China-controlled Scarborough Shoal in the disputed South China Sea. (Handout/Philippine Coast Guard (PCG)/AFP) 

The first reason is capability. States remain the most capable actors in cyberspace therefore they can inflict more sophisticated cyber intrusions. For instance, China operates the most systematic and extensive cyber espionage campaign in the world. Russia’s capacity for subversive operations against its adversaries is also well-documented.

The second is the level of sophistication. State-sponsored cyber operations are more complex because they involve unrivalled cyber weapons, operate from different jurisdictions and are executed in different stages. These factors make it more difficult for law enforcement agencies to investigate and effectively attribute and prosecute the actors responsible for the cyber intrusions.

An interdisciplinary approach to understanding cyber threats and developing robust strategies is necessary to counter state-sponsored cyber intrusions.

Whole-of-government approach needed

It is imperative for the government to organise the vital government agencies involved in cyber defence. The DICT is the main government agency mandated to coordinate national efforts in the area of cybersecurity, but countering cyber operations requires collaboration with other national security agencies. The inclusion of these actors in the forthcoming National Cybersecurity Plan 2024-2029 (NCSP) hints at the Marcos Jr administration’s whole-of-government cyber defence approach.

There are three urgent considerations for the government to further strengthen its capacity.

First, technical expertise alone is not sufficient for strengthening cyber defences. An interdisciplinary approach to understanding cyber threats and developing robust strategies is necessary to counter state-sponsored cyber intrusions.

Second, all government agencies involved in the national security pillar of NCSP should have a division or section focused on cyber affairs and emerging technologies.

Third, the Armed Forces of the Philippines, with the support of the Department of National Defense (DND), needs to expedite the creation of a cyber command that will be managed coequally by the three services of the military.

Cyber intrusions are part of the new normal in the geopolitical landscape of the twenty-first century. Developing appropriate responses to state-sponsored cyber operations is critical for defending the national interests of the country.

The two strategies that can address cyber conflict can be drawn from the basic tools of statecraft: defence and diplomacy.

The standard response of less-capable states is to build up cyber capabilities; however, existing research confirms that small, less-capable states will not necessarily achieve strategic outcomes from investing in cyber capabilities. The two strategies that can address cyber conflict can be drawn from the basic tools of statecraft: defence and diplomacy.

philippines
People stroll in the Chinatown section of Manila on 9 February 2024, on the eve of the Lunar New Year of the Dragon. (Jam Sta Rosa/AFP)

Focusing on cyber defence is appropriate because the Philippines cannot compete with powerful states in cyberspace. A number of defensive measures are already in place, but it is worth discussing two important initiatives.

One initiative is operational security. Sophisticated cyber intrusions such as Operation Olympic Games, where US and Israeli cyber assets sought to undermine Iranian nuclear facilities, involved advanced knowledge of the target, and this information is usually obtained through human sources that compromise operational security protocols. In this sense, the DND has started to impose more stringent protocols in the areas of cyber hygiene, counter intelligence and physical security.

Another initiative is the expansion of the DICT’s Computer Emergency Response Program. This ideally involves establishing response teams and security operations centres in all national security agencies of the government.

The government can advance cyber diplomacy by actively promoting cyber norms and by sustaining international cooperation.

Promoting global cyber norms

Cyber diplomacy is another appropriate strategy because the Philippines already has a favourable track record of using diplomacy to challenge powerful states. The government can advance cyber diplomacy by actively promoting cyber norms and by sustaining international cooperation.

The UN norms for responsible state behaviour in cyberspace is a significant global effort to mitigate cyber threats and conflicts. There are at least two ways the Philippines can actively campaign for these norms. The first is naming and shaming states that violate international norms and laws. The second is "accusation", or the process by which one or more actors allege that a state bears responsibility (in private) for a cyber operation.

Sustaining international cooperation is another important aspect of cyber diplomacy. Since cyber operations are not constrained by geographical boundaries, cooperation is necessary to manage increasingly hostile threats.

The Philippines must sustain its participation in regional and global platforms such as the UN Open-ended Working GroupSingapore International Cyber Week and the Global Forum of Cyber Expertise because these can contribute to stronger cyber cooperation between states.

This article was first published in Fulcrum, ISEAS – Yusof Ishak Institute’s blogsite.

Related: China-based hacking groups: Keeping critical infrastructure cyber-safe | Southeast Asia should confront the threat of economic espionage from China and elsewhere | Chinese in the crosshairs of ‘mushrooming’ transnational cybercrime