Confidential funds removal to affect efforts vs. cyber threats —DICT chief

Removing the Department of Information and Communications Technology’s (DICT) proposed confidential funds for next year would reduce the agency’s capability to address cybersecurity threats, Secretary Ivan John Uy said Wednesday.

This came after the House of Representatives realigned P1.23 billion worth of confidential funds belonging to five agencies — DICT, Office of the Vice President (OVP), Department of Education (DepEd), Department of Agriculture (DA), and Department of Foreign Affairs (DFA) — under the proposed P5.768-trillion budget for 2024.

With this, DICT lost its P300 million confidential fund allocation under the House’s proposed amendments for the 2024 budget.

“Our confidential funds to launch investigations, intelligence gathering, and threat analysis had been reduced to zero. It will really cut our capability of addressing all these cyber crimes and cyber threats,” Uy said in a CNN Philippines interview.

Uy earlier said the DICT needs confidential funds to conduct intelligence gathering and investigation in order to fulfill its mandate of going after scammers.

'We plan to appeal'

Following the removal of the DICT’s confidential fund allocation, Uy said the fate of the cybersecurity of the nation is now in the hands of the lawmakers.

“We plan to appeal to the entire Congress to please consider that today, the threat is real. It’s not a potential threat. The warfare is not just physical, in fact, most of the warfare are now done online. Cyberwar is a reality. It's increasing in sophistication, and it's increasing in scale. The threats to our infrastructure [are] serious,” he said.

House Committee on Appropriations senior vice chairperson Stella Quimbo said on Tuesday that the proposed confidential funds of DICT and the other agencies have been realigned to their maintenance and other operating expenses (MOOE).

With this, P25 million has been transferred for the DICT’s MOOE.

“That’s just enough to pay for salaries,” Uy said.

Subscription renewal

Further, the DICT chief revealed that the agency needs at least P600 million to pay for the renewal of its cybersecurity and firewall system subscriptions next year, upgrading of equipment, and continuing of training for cybersecurity professionals.

“Some of our subscriptions actually need to be renewed. Meron tayong mga mage-expire na cybersecurity at mga firewall systems (we have cybersecurity and firewalls systems that are expiring) early next year,” Uy said.

He pointed out that Congress did not allocate any funds for the renewal of DICT’s cybersecurity subscriptions.

“If we don't get the budget, we’ll end up like PhilHealth. Expired ‘yun, maha-hack tayo. At ngayon, magkaka-imbestigasyon na naman kung bakit na-hack tayo,” he added.

(Those will expire and we’ll get hacked like PhilHealth. There will be another investigation as to why we’re hacked.)

PhilHealth earlier confirmed that its antivirus software had expired on April 15, and that it had not been able to renew its subscription immediately due to complicated government procurement processes.

The state health insurer’s system — including its website, Health Care Institution and member portal, and e-claims — were disabled or unplugged as part of security containment measures after being hit by a ransomware attack on September 22.

With this, Uy said Monday millions of people were affected by the data breach in PhilHealth’s system, and that the hackers may sell the leaked information to scammers and phishers considering that the perpetrators were not able to get the money they asked for.

Hackers reportedly threatened to release the data stolen from PhilHealth’s database should the agency fail to pay them $300,000 or approximately P17 million ransom.

PhilHealth stressed that it would not pay for such an amount. —KBK, GMA Integrated News