DOST advises govt website admins to review, strengthen security

Following recent hack attacks on government websites, the Department of Science and Technology advised administrators of government websites to review and fortify their online security.

 

The DOST Information and Communications Technology Office (ICTO) also recommended that government agencies add an extra layer of security by migrating their data to secure server facilities.

 

“Government websites are potential high-profile targets for local and foreign hackers. Thus, government system administrators must take the extra effort to ensure that their servers are safe from cyber vandalism,” DOST Secretary Mario Montejo said, according to a report on state-run Philippines News Agency.  

As this developed, the Department of Environment and Natural Resources temporarily shut down its website amid threats of online vandalism, radio dzBB report said early Saturday.

 

PNA was one of the government-run agencies whose websites were hacked and defaced in past weeks, with the hackers indicating the attacks were connected to a month-long standoff between the Philippines and China over Panatag (Scarborough) Shoal.

 

Other government sites that were downed this week included that of the Philippine Atmospheric, Geophysical and Astronomical Services Administration (PAGASA), an agency under the DOST.

 

PAGASA forecasters said in an interview on dzBB this week the site was defaced with an image of a Chinese flag replacing the home page.

 

The PNA report said other Philippine sites that were defaced or attacked in past week included those of the University of the Philippines (UP) and the Department of Budget and Management.

 

ICTO executive director Louis Casambre also said the recent defacement of the PAGASA website only illustrates the patent vulnerabilities inherent on some web platforms.

 

“We would like to request system administrators of government websites to review their source code for these security flaws. A common vulnerability we have found stems from third party plug-ins used in content management systems (CMS),” he said.

 

Meanwhile, the ICTO recommended that government agencies add an extra layer of security to their websites by migrating them to secure server facilities.

 

“The PAGASA website is hosted on its own web servers as well as those of a third party provider and were not hosted on DOST’s secure servers,” said Casambre.

 

In the case of PAGASA and other DOST websites, he said the DOST had “taken definitive action” to migrate them to secure server facilities when these defacements started almost three weeks ago.

 

“It is unfortunate however that the PAGASA website was hacked so soon. In light of this new development, we are looking at accelerating our on-going effort,” said Casambre. — ELR, GMA News