Recent studies by academics and policy analysts have established that cyber conflict is most prevalent in the Asia-Pacific. State aggression in cyberspace is driven by a confluence of factors that are intrinsic to the region such as territorial disputes, great power rivalry, and historical animosities. Moreover, powerful states with considerable cyber capabilities such as China, Russia, North Korea, and the United States have specific interests in the region, making cyber conflict a useful foreign policy instrument to shape preferences of other states. The Philippines therefore, is in a vulnerable position since it is directly affected by geopolitical constraints and is in the early stages of building critical information infrastructure (CII) and developing capabilities for computer network defence.
In this context, the release of an official cyber strategy is a crucial first step in strengthening the state’s cybersecurity posture. The National Cybersecurity Plan 2022 (NCSP) is significant for the Philippines because of two reasons. First, it signals that cybersecurity is a priority for government. Second, it clarifies the government’s intentions in terms of protecting the state’s national interests in cyberspace.
The NCSP is significant because it signals that cybersecurity is also important for the government. Although the national security priorities of current government are counternarcotics, counterterrorism, and maritime security, these efforts are all facilitated by information and communications and technology (ICT). While the Internet is the basic platform for business and social interaction, it also supports drug trafficking, the recruitment of violent extremists as well as satellite-based navigation systems that are crucial for maritime security operations. Capabilities for computer network operations are therefore necessary for the government to pursue its main priorities.
Furthermore, the NCSP signifies the commitment of the government to protect four areas of national interest: CII, government computer networks, supply chain of goods and services, and individuals. Since the scope of cybersecurity is extensive, these four priorities are essential to narrow the focus of the government and assess the feasibility of an ambitious plan to secure Philippines interests in cyberspace. Given these priorities, two issues standout. First, based on the NCSP, considerable capability upgrades are necessary for both law enforcement agencies and military forces. It is not clear how the current government will complete these upgrades within five years. Second, protecting CII involves close coordination between private firms and government agencies. It is unclear how much information government agencies can access given that private firms mostly own CII.
The NCSP is also important clarifies the intentions of the government in the area of cybersecurity. State interactions in cyberspace are characterised by uncertainty rather than predictability at this point in time. This is manifested by the lack of cyber norms as well as the continued development of military cyber capabilities in the region. Given this predicament, transparency through an official cyber strategy is vital in both domestic and international contexts.
In the domestic context, the NCSP is a confirmation that the government intends to make use of available resources to improve its response to cyber threats, particularly cyber-enabled crimes such as fraud and money laundering and “true” cyber crimes such as hacking and website defacement. In the international context, the NCSP provides some insights regarding the intentions of the Philippines in securing cyberspace. A certain level of transparency towards the international community is vital because it mitigates uncertainty in cyber interactions as well as contributes to confidence building measures between states in the region.
Moving forward: three big challenges
The NCSP is the first of its kind and is certainly a significant achievement for the current government but like all government strategies, there are areas of improvement. The first challenge relates to international cooperation. The NCSP briefly elaborates on the important of strategic collaboration but it focuses mostly on domestic collaboration. This is a concern because cyber conflicts are complex and multijurisdictional therefore the response to these cannot be managed the government alone. International cooperation through institutions (e.g. ASEAN and Internet Governance Forum) and relations with strategic partners is necessary for the Philippines. In this sense, the government should consider supplementing the NCSP with an implantation plan that elaborates on the role of international cooperation in the area of cybersecurity.
The second challenge relates to resources. A strategy is has limited use if is not supported with sufficient resources. The experiences of other states in the region confirm the massive amount of resources necessary to implement a national cybersecurity programme. Considering the current developmental condition of the state, it is not clear if the government has or will have the resources to fully implement the NCSP within in the next five years. For the NCSP to realise its potential, the next government must build on these initiatives beyond 2022.
The third and last challenge is policy coherence. A strategy also has limited use if is incoherent with other government policies. The problem is that the NCSP cannot relate to the current government’s core policies because these have not yet been released. The Philippines current does not have a national security policy, a clear foreign policy direction, and a defence policy, all of which are instrumental for the development and implementation of NCSP. The absence of these core policies creates a policy gap, which creates confusion and inconsistencies within government and the international community. In is therefore in the best interest of the current government to develop and declare its core policies as soon as possible.
Download this commentary in this link: The Strategic Importance of the National Cybersecurity Plan 2022 (SRI Commentary)
Francis Domingo is Assistant Professor of International Studies at De La Salle University and concurrently a doctoral researcher at the School of Politics and International Relations, University of Nottingham. He is a research fellow of Security Reform Initiative (SRI). He can be reached through firstname.lastname@example.org and @frcdlive.