DICT suspects domestic hackers, blames ‘outdated’ systems for DoST data breach


By Ashley Erika O. Jose, Reporter

STATE officials suspect domestic hackers behind the recent breaching of the Department of Science and Technology’s (DoST) network systems, compromising about two terabytes of data.

In a media briefing on Thursday, Department of Information and Communications Technology (DICT) Assistant Secretary Renato A. Paraiso downplayed the scale of the incident, but exposed the bigger challenge of updating network systems vulnerable to such attacks.

“Security protocols were actually in place,” said Mr. Paraiso as he revealed that 20 systems of the DoST were compromised. “It is not because there is no system in place. It is just that it might be outdated — outdated in terms of capabilities and the systems employed by the threat actors.”

While authorities were still working to gain full access to its compromised network systems and studying the extent of the attacks, the DICT downplayed the impact of this latest cyberattack on a state agency.

“[The compromised data] involves research, when you say research, this involves designs of proposed inventions or maybe even inventions that were completed. Information of their scientists and their members were also compromised and their login accesses,” he said.

“In terms of size, this is recently one of the biggest but comparatively, the impact is not that big, because some designs, files in the systems were already obsolete” he added.

What is more disturbing is that the threat actors were able to penetrate the system because the DoST’s network is likely outdated and the government’s procurement process is slow amid a rapidly evolving information communications and technology landscape.

“Our government’s procurement process is kind of slow. It takes at least 60 days to procure a system and systems you employ now might be obsolete in six months’ time,” said the DICT official.

With the recent hacking incident, the government is urged to prepare for similar attacks in the future, Ronald B. Gustilo, national campaigner for Digital Pinoys, said.

“The government should prepare for more of these attacks. Their contingency measures should be in place and the quick response teams always ready,” Mr. Gustilo said in a Viber message.

He said the government should allocate a higher budget to be able to update its technology realtime and hire more experts to monitor its systems.

“More than being either quick or slow with regard to their response, we find it appealing that in a span of a few months, DoST was attacked twice. This should not have happened in the first place,” Mr. Gustilo said.

“The recent DoST incident is an indicator that there is still a lot to be done for the Critical Information Infrastructure of the Philippines,” Sam Jacoba, founding president of the National Association of Data Protection Officers of the Philippines, said in a Viber message.

Critical information infrastructure is interconnected with information systems and networks.

“The challenge now is how to bring back the operations of the DoST that have been impacted by the hack, and recover or reconstruct the digital assets within those information systems,” Mr. Jacoba said.