CYBERSECURITY. Executives and top officials from the Philippine government, USAID and IBM present the National Cybersecurity Talent Workforce Assessment Report of the Philippines at its launch in Conrad Hotel, Pasay City on Wednesday (Dec. 7, 2022). A study funded by the United States Agency for International Development (USAID) proposed several solutions meant to address gaps in the country's current cybersecurity, particularly the lack of workforce in its cybersecurity ecosystem. (PNA photo by Raymond Carl Dela Cruz)

MANILA – A study funded by the United States Agency for International Development (USAID) on Wednesday proposed several solutions meant to address gaps in the country's current cybersecurity, particularly the lack of workforce in its cybersecurity ecosystem.

In a launch event at the Conrad Hotel in Pasay City, USAID's Better Access and Connectivity (BEACON) Activity presented its "National Cybersecurity Talent Workforce Assessment of the Philippines" commissioned by IBM Consulting Services and written by Caryn LeMur and Jeff Krinock.

BEACON Chief of Party John Garrity said the study found a lack of credentialed or certified and experienced cybersecurity workforce in the country, particularly in the public sector, among women, and entry to mid-level job positions in the private sector.

"There is this cybersecurity skills shortage so this is an issue for organizations, government, enterprise, and even for individuals, especially young persons who can learn about the opportunity to participate in this sector where there is excess demand for trained professionals," Garrity said.

To address such issues, the study proposed several solutions that are divided into two tracks.

The first set of recommendations, he said, are incremental solutions that are "natural evolutions" of existing cybersecurity steps and are deemed as "low risk.”

"They are designed to move the Philippines' national cybersecurity forward in successive steps,” he added.

These include encouraging cyber awareness at all levels such as in schools, workplaces and homes and ensuring that the government is staffed by competent cybersecurity personnel while cybersecurity initiatives are "sufficiently funded" to toughen the country's information and communications technology (ICT) infrastructure.

He also recommended the formal adoption of a cyber "common consistent lexicon" such as the US National Institute for Standards and Technology's (NIST) National Initiative for Cybersecurity Education Workforce Framework for Cybersecurity.

To allow regular Filipinos to resist cyberattacks themselves, the study also recommended ensuring Filipinos have to right to freeze their credit.

The second track of recommendations, he said, are "jumpstart" or adaptive solutions that are meant to move the country's cybersecurity posture by a "leap."

"The jumpstart/adaptive track recommendations are designed to 'prime the pump' for a more robust Philippines' cybersecurity ecosystem," he said.

One of these is appointing an executive agency for cybersecurity that would review and right-size current cyber laws, use tax incentives to create cyber apprentice programs and provide grants to create cybersecurity centers of excellence.

In addition, such an executive agency may provide vouchers for certification exams, provide "after-the-fact" 50 percent scholarship to computer engineering graduates that pass selected cyber- or privacy examinations as well as regulating the cost of training.

He highlighted that such agency would need to collaborate with several government agencies such as the Technical Education and Skills Development Agency (TESDA), Commission on Higher Education (CHED), the Philippine legislature and the private sector.

The second "jumpstart" recommendation is implementing a cybersecurity curriculum that reflect local and global market demand.

To ensure that the national government has its own professional cybersecurity workforce, the study also proposed making the government cyber pay scale "competitive."

He said recruitment in the cyberspace sector is difficult for many nations and suggested that the best for a country to protect itself is to retain its "best people."

To ensure legal consequences for cybercriminals, the report also recommended enhancing and implementing cybersecurity legal training for judges.

"The Philippine Supreme Court should move to facilitate cybersecurity legal training for judges appointed to hear cybersecurity cases in coordination with the executive agency for cybersecurity," he said.

Lastly, the report recommended sponsoring a national cyber consortium in the Philippines.

"The executive agency for cybersecurity should sponsor and chair a national cyber consortium to ensure the cybersecurity ecosystem is improving and adapting to the changing local and global market," he said.

The consortium, he said, should consider meeting every quarter, or every three months, to "adapt these initiatives" and report back to President Ferdinand R. Marcos Jr.

He said representatives of the consortium should include those from the Office of the President (OP), DICT, cyber organizations in the military and intelligence, cyber law enforcement agencies, CHED, TESDA, Department of Education (DepEd), Supreme Court, the academic and private sector, as well as other relevant stakeholders.

If the country fails to adopt or address these recommendations, he said the Philippines will fail to increase the size of its cyber workforce, will continue to have "great difficulty" recruiting and retaining cyber talent (especially in the public sector), and be unable to take advantage of the growing world demand for cyber expertise through the country's business process outsourcing (BPO) sector.

On the other hand, if the country is only able to adopt measures in the first track or incremental recommendations, there is a 75 percent possibility that the USD23 billion BPO sector in the country may be "jeopardized."

"Without a jumpstart for the Philippines cyber ecosystem, there is a high business risk to the Philippine economy," he said.

Another risk brought about by the continued lack in the cyber workforce, he said, would be the consequences of cyber attacks, noting that it is not a question of "if" but "when" such attacks happen.

However, if both tracks of recommendations are adopted, it will create a cybersecurity ecosystem that allows cybersecurity stakeholders to "ask questions that address issues and concerns above-and-beyond mere compliance."

The country's cyber ecosystem would also allow the use of "many positive levers" to manipulate its environment.

During the event, Garrity was joined by several government officials such as Senator Grace Poe, Senator Sherwin Gatchalian, DICT Secretary Ivan John Uy, IBM Philippines president and country general manager Aileen Jiao, IT and Business Process Association of the Philippines executive director Frankie Antolin, and other top ranking executives and officials in the government and private sector. (PNA)