Recto: Recruit 'bored' Pinoy hackers as cyber-commandos

Senate President Pro Tempore Ralph Recto today called on the executive department to expedite the formulation of the country's National Cybersecurity Plan and hire, the soonest time possible, "bored" Filipino experts on information technology as "cyber-commandos."

Recto issued the appeal after a 23-year-old information technology fresh graduate who was arrested for hacking the website of the Commission on Elections (Comelec) reportedly admitted to the crime and claimed he did it out of boredom.

"Instead of wasting their talents, these talented Filipino internet experts should be employed by the executive department as white hat hackers to protect us from real cyber-criminals," said Recto, principal sponsor of the Congress-approved bill creating the Department of Information and Communications Technology (DICT).

A white hat hacker, according to Techopedia, is a computer security specialist who breaks into protected systems and networks to test and asses their security.

White hat hackers use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hat hackers) can detect and exploit them.

Although the methods used are similar, if not identical, to those employed by malicious hackers, white hat hackers have permission to employ them against the organization that has hired them.

"Sayang ang mga kabataang ito kung makukulong lang. Magagamit natin ang kanilang talento sa kabutihan kung mabibigyan sila ng trabaho ng gobyerno bilang mga white hat hackers o cyber-commandos," Recto said.

Recto said government can start organizing hack-fests, a competition to probe government websites for weaknesses.

In addition to auditing the security features of these portals, these hack-fests can serve as recruiting fairs for would be government IT workers.

"An idle mind is the Devil's workshop and idle hands his tool. Let us put the mind and the hands of the Filipino hackers to good use through the DICT," the senator added.

The DICT law, Recto explained, mandates the creation of a "Cybercrime Investigation and Coordination Center."

The DICT will also be tasked to formulate the "National Cybersecurity Plan" and form the "National Computer Emergency Response Team," which, Recto said, will serve as "our IT Special Action Forces or cyber-commandos."

"This should be our priority, the formulation of a National Cybersecurity Plan. Hacking is now a serious security threat, not only in the Philippines but also in the global arena," Recto said.

"What we have is a Balkanized system. Personnel investigating cybercrimes are so few and, worse, dispersed among government offices despite the increasing volume of transactions in all kinds of commerce being done online," Recto said.

He cited the case of the Philippine National Police-Anti-Cybercrime Group (PNP-ACG), which has a personnel complement of 110, "and this in a country where 70 million have social media presence."

The National Bureau of Investigation (NBI), he said, is another "frontline office" which needs more "ICT investigators and equipment to flag cybercrimes and tag those behind them."

Saying that the DICT should be part of the national security plan, Recto said "we now live in an era when terrorists don't have to blast bank doors to do mayhem; but simply unleash a virus that could shred or suck out financial data.

"An enemy with a missile is as dangerous as one with malware," he said. "Countries we are not so friendly with may target us and criminals will always want to hack their way to our financial system," Recto said.

He said the hack-attack on Bangladesh Bank shows that the threat is real and counter-measures against cybercrimes urgent.

"The poor man's ATM is vulnerable to hacking too. There are identity thefts victimizing ordinary people," Recto said, citing "2014-2015 Cybercrime Report" prepared by the Department of Justice (DOJ) which ranked the Philippines 39th among countries with Internet threat activities.

The PNP-ACG recorded an increase of 113% in cybercrime statistics from 288 incidents in 2013 to 614 incidents in 2014.

According to the senator, the Bangko Sentral ng Pilipinas (BSP) reported 2,872 cases of ATM fraud during that period.

The growing menace of cybercrime, "and the jobs that the ICT sector can bring," Recto said, should prod congressional and executive leaders to work for the immediate enactment of the DICT bill and thereafter implement it without delay.

"Ito na ang tamang panahon," he said.

Both houses of Congress passed their own version of the DICT bill last year, with minor differences. To avoid convening a bicameral conference, the Senate, before it adjourned for the campaign season last February, conveyed to the House its decision to accept the House version.

Recto said that to gain Malacañang support, the DICT bill Congress had approved provides for a lean bureaucracy with a small but smart workforce.

Despite its "small budget footprint", the proposed DICT will be a "powerful main server" which would spur ICT development, institutionalize e-government, and manage the country's ICT environment," Recto said.

"ICT is also the third biggest source of dollars after electronics and OFW remittances. It is a growth driver. Every 10 percentage points increase in broadband penetration is said to boost the Gross Domestic Product (GDP) by 1 percent," he said.

Among the powers and functions of the DICT is the "identification and prioritization of all e-government systems and applications."

The DICT will also formulate policies and initiatives to develop and promote ICT in education and promote consumer rights to reliable broadband service.