GMA Brandtalk
Tracking
Archives
DICT finds over 30,000 vulnerabilities in govt digital assets
The Department of Information and Communications Technology (DICT) said on Tuesday it detected over 30,000 vulnerabilities in 2,002 government digital assets.
DICT Undersecretary Jeffrey Ian Dy made the disclosure during the House information and communications panel probe on recent incidents of hacking government websites.
|
Dy, who serves as the DICT Undersecretary for Infostructure Management, Cybersecurity and Upskilling Authorized Representative for National Single Window, and revenue generating national government agencies, said the discovery was made between December 2023 to March 2024.
The vulnerabilities were discovered via Project SONAR (Secure Online Network Assessment and Response System): Automated Vulnerability Assessment, which DICT implemented in December 2023 as a response to multiple hacking incidents of government websites.
“(The scanning of the government agencies' digital assets) were done with or without permission. Once we are done doing it at night, we inform them in the morning that it is us, not hackers, who accessed (their digital assets),” Dy said.
The DICT official said 30,682 vulnerabilities were found in 388 government agencies.
Of these, 2,250 vulnerabilities were deemed critical, while 1,958 were classified as high. A total of 8,744 were regarded as medium, while 17,728 were deemed of low severity.
“The state of our government agencies’ (digital assets) are not good, but please understand that this is something we can resolve overnight,” Dy said.
“At least, information is now in (the government agencies’) hands, including the type of vulnerabilities found, so that if they need to procure something to defend themselves, then they can do so,” Dy pointed out.
Dy, however, said only 55 of the 388 government agencies that were notified of the vulnerabilities responded to the DICT report.
“This is way lower than we expected,” Dy said.
Going forward, Dy said the DICT has asked government agencies to assign a focal person who will help deal with the DICT findings on their department’s digital vulnerabilities.
Likewise, Dy said DICT has reached out to the Department of Budget and Management to include the government agencies’ performance in resolving digital assets’ vulnerabilities in evaluating the agency’s competence scorecard.—RF, GMA Integrated News
