Exclusive: Inside the Philippines' new cybersecurity unit
Interview with Allan Cabanlong, Executive Director of the Cybercrime Investigation and Coordination Center.
Cabanlong plans to solve this by hiring fresh graduates or people with basic cyber skills - those willing to serve their country at a lower pay - and train them from the ground up. “We're going to re-tool them, train them and get them in. That’s a very challenging job.”
He hopes that by providing them the “incentive” of proper training, they would stay on and serve the government. “You need to motivate these people”, he says, “It’s not [about] money - you know, it’s the government - salaries are very low in this field”.
His plans are to start hiring in January, once he gets approval. But “we don’t have yet those people; I am the only person in the agency”, Cabanlong admits. The team will consist of 94 people - 70 percent young staff of 21 to 28 year olds, and 30 percent senior division heads. Cabanlong will use a consultancy package to attract the private sector contractors.
Securing key infrastructure
There are four key imperatives in the country’s national cybersecurity strategy: protecting critical infrastructure; government; businesses; and individuals.
The government regards its national grid as its top critical infrastructure - as power runs other facilities. Others include banks, transportation, the oil and gas sector and the chemical industry, he states.
Cabanlong believes that attacks on critical infrastructure can be mitigated through the control of its operations centre. 20 percent of threats are external and can be prevented, he says, and “that’s where we come in”. He is keen for the industries to share data sources like threat information and traffic patterns to the operations team. “Then we can alert everybody within our system that this is the signature - block it, and we will then do the attribution”, he says.
Global partners
Setting up a new unit is tough work. “The struggle right now is budgetary constraints”, he admits. So he is gathering all the support he can get - from private firms and governments around the world. Malaysia will be the CICC’s first partner to help set up and build cyber capabilities in the country, it was announced at the Microsoft Cyber Security Summit last month.
Cabanlong is learning from the challenges that other countries first faced when they set up their cyber units; “birth pains”, as he describes it. He collected the best practices from the United States, Europe and ASEAN, and then crafted suitable policies, standards and strategy outlines that applied to the Philippines. The roadblocks “can be minimised because we collected the best practices already - and they’ve already tested these in their country”, he says.
In the cyber realm, there are no physical boundaries; the key to achieving security lies in having strong partnerships, he believes. “Cybersecurity is about collaboration and cooperation. Otherwise, it’s stalemate right? Your king will fall.”
Image by travel oriented, licensed under CC BY-SA 2.0