Assessing the Philippine National Cybersecurity Plan 2022 for SMEs: Challenges and Opportunities
Article Sidebar
Main Article Content
Abstract
In response to the escalating demands of the Information and Communications Technology (ICT) sector, the Philippine Department of ICT announced the National Cybersecurity Plan (NCSP) 2022 in May 2017. Amid rising cyber threats targeting the BPO and Offshore Gaming sectors, the NCSP 2022's robust framework is crucial for national economic security. The critical nature of this plan highlights its foundational role in national development, propelled by an increasing dependency on ICT solutions. This study aims to rigorously evaluate the alignment of the NCSP 2022 with the International Telecommunications Union's Global Cybersecurity Agenda (GCA) through a comprehensive benchmarking of its five pillars: legal measures, technical and procedural measures, organizational structure, capacity building, and international cooperation. Using a mixed-methods approach, this study combines quantitative data from an extensive spectrum of scholarly articles, official reports, and industry standards on cybersecurity, supplemented by qualitative insights from expert interviews. The findings reveal that while the NCSP 2022 excels in Organizational Structure and Capacity Building, it requires Legal Measures and International Cooperation improvements. Regardless, the assessment yielded an impressive cumulative compliance score of 88.5%, showing a significant adherence to the GCA standards. Despite its robust alignment with global benchmarks, the findings underscore the need for policymakers to prioritize the development of a cybersecurity legislative framework, offering professionals more straightforward guidelines for compliance.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution 4.0 International License.
References
ITU, “Measuring digital development: Facts & Figures 2019,” ITU Hub, 2020. Available: https://www.itu.int/hub/2020/05/measuring-digital-development-facts-figures-2019/
ITU, “Global Cybersecurity Index 2020,” ITU Publications, 2020. Available: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2021-PDF-E.pdf
R. Adel, “Filipinos were world’s heaviest internet users in 2018, report says,” Philstar, January 31, 2019. Available: https://www.philstar.com/business/technology/2019/01/31/1889736/filipinos-are-worlds-heaviest-internet-users-2018-report-says
DICT, "National Cybersecurity Plan 2022," Department of Information and Communications Technology, 2017. [Online]. Available: https://dict.gov.ph/national-cybersecurity-plan-2022/
Semantec, “ISTR Internet Security Threat Report,” vol. 24, Symantec Corporation, February 2019. [Online]. Available: https://www.phishingbox.com/downloads/Symantec-Security-Internet-Threat-Report-ISRT-2019.pdf
Verizon, “2019 Data Breach Investigations Report,” 2019. Available: https://www.spambrella.com/wp-content/uploads/2020/05/Verizon-2019-Data-Breach-Investigations-Report.pdf
Fortinet, “Global Threat Landscape Report: A Semiannual Report by FortiGuard Labs,” 2023. Available: https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/report-2023-threat-landscape.pdf
K. Bissel & L. Ponemon “The Cost of Cybercrime: Ninth Annual Cost of Cybercrime Study – Unlocking the Value of Improved Cybersecurity Protection,” MySecurity Marketplace. https://mysecuritymarketplace.com/reports/ninth-annual-cost-of-cybercrime-study/
DICT, "Memorandum Circular No. 003 series of 2017 – National Cybersecurity Plan 2022," Department of Information and Communications Technology, 2017. Available: https://dict.gov.ph/national-cybersecurity-plan-2022/
ITU, “Global Cybersecurity Agenda (GCA),” www.itu.int. Available: https://www.itu.int/en/action/cybersecurity/Pages/gca.aspx
A. Ntoko, “Global Cybersecurity Agenda (GCA) A framework for international cooperation.” [Online]. Available: https://www.unodc.org/documents/treaties/organized_crime/EGM_cybercrime_2011/Presentations/ITU_Cybercrime_EGMJan2011.pdf
C. Opris, "Cybercrime Evolution and Current Threats," 2022. [Online]. Available: https://www.ijisc.com/authors/cristian-opris/
D. Dave, G. Sawhney, P. Aggarwal, N. Silswal, & D. Khut, "The New Frontier of Cybersecurity: Emerging Threats and Innovations," 2023. Available: https://dx.doi.org/10.1109/ICT60153.2023.10374044.
R. Ramakrishnan, M. Leethial, & S. Monisha, "The Future of Cybersecurity and Its Potential Threats," International Journal for Research in Applied Science & Engineering Technology, vol. 11, issue 7, 2023. Available: https://dx.doi.org/10.22214/ijraset.2023.54603.
S. Pandey & M. Kumar, "Cybersecurity Trends and Challenges," 2023. [Online]. Available: https://dx.doi.org/10.55041/ijsrem25323.
A. Tsvetanova & M. Stefanova, "Key Cybersecurity Threats," Mathematics, Computer Science, and Education, vol. 5, issue 1, 2022. [Online]. Available: http://journals.uni-vt.bg/mcse/eng/vol5/iss1/art4.
P. Kobetc, "Cyberterrorism as the most important threat to the national security of the Russian Federation and its main warnings," National Security and Strategic Planning, vol. 1, no. 37, 2022. [Online]. Available: https://futurepubl.ru/en/nauka/article/50622/view
T.R. Shejin & K.T. Sudheer, "A Review on Major Cyber Threats and Recommended Counter Measures," 2023. [Online]. Available: https://doi.org/10.22214/ijraset.2023.49764
A.S. Salsabila, M.D. Fikri, M.S. Andika, & N.A. Harahap, "Potential and Threat Analysis Towards Cybersecurity in South East Asia," Journal of ASEAN Dynamics and Beyond, vol. 1, no. 1, 2020. [Online]. Available: https://jurnal.uns.ac.id/adab/article/view/46794
E. Tanriverdiyev, "The State of the Cyber Environment and National Cybersecurity Strategy in Developed Countries," Studia Bezpieczenstwa Narodowego National Security Studies, vol. 23, no. 1, 2022. [Online]. Available: https://dx.doi.org/10.37055/sbn/149510.
H. Elkhannoubi & M. Belaïssaoui, "A framework for an effective cybersecurity strategy implementation: Fundamental pillars identification," in IEEE International Symposium on Dependable, Autonomic and Secure Computing, 2015. [Online]. Available: https://dx.doi.org/10.1109/ISDA.2015.7489156.
S. Ghernouti-Hélie, "A National Strategy for an Effective Cybersecurity Approach and Culture," in 5th International Conference on Availability, Reliability, and Security, 2010. [Online]. Available: https://dx.doi.org/10.1109/ARES.2010.119.
D. S. Smith, "Securing Cyberspace: Approaches to Developing an Effective Cyber-Security Strategy," 2011. [Online]. Available: https://apps.dtic.mil/sti/tr/pdf/ADA565052.pdf
S. J. Shackelford, "Protecting Intellectual Property and Privacy in the Digital Age: The Use of National Cybersecurity Strategies to Mitigate Cyber Risk," 2015. [Online]. Available: https://digitalcommons.chapman.edu/cgi/viewcontent.cgi?article=1376&context=chapman-law-review
O. Poliakov, "Activation of international cooperation in the field of cybersecurity: the ways of improvement in today’s realities," 2021. [Online]. Available: https://dx.doi.org/10.37750/2616-6798.2021.2(37).238348.
D. Štitilis, P. Pakutinskas, & I. Malinauskaite, "EU and NATO cybersecurity strategies and national cyber security strategies: a comparative analysis," Journal of Information Technology & Politics, 2017. [Online]. Available: https://dx.doi.org/10.1057/s41284-016-0083-9.
A. Pamela, H. Fabe, & E. Zarcilla-Genecela, "The Philippines’ Cybersecurity Strategy: Strengthening partnerships to enhance cybersecurity capability," Routledge Companion to Global Cyber-Security Strategy, 2021. [Online]. Available: https://www.taylorfrancis.com/chapters/edit/10.4324/9780429399718-29/philippines-cybersecurity-strategy-amparo-pamela-fabe-ella-zarcilla-genecela.
I. S. Simbolon, "Inisiatif Siber dalam Konteks Keamanan Siber di Filipina," 2017. [Online]. Available: https://jurnalprodi.idu.ac.id/index.php/PA/article/view/99.
C. H. Godoy, N. J. R. Diego, R. E. Tagumasi, J. C. Lerit, & J. A. Costales, "Cybersecurity Scientometric Analysis: Mapping of Scientific Articles using Scopus API for Data Mining and Webscrapping," 2022. [Online]. Available: https://dx.doi.org/10.1109/DSIT55514.2022.9943876.
H. Tecklenburg & J. da Cruz, "The Nationalization of Cybersecurity: The Potential Effects of the Cyberspace Solarium Commission Report on the Nation's Critical Infrastructure," 2023. [Online]. Available: https://www.usmcu.edu/Portals/218/JAMS%2014_1_Spring2023_da%20cruz.pdf.
J. Burton & G. Christou, "Bridging the gap between cyberwar and cyberpeace," International Affairs, vol. 97, issue 6, 2021. [Online]. Available: https://dx.doi.org/10.1093/ia/iiab172.
T. V. Benzel, "Cybersecurity research for the future," Communications of the ACM, vol. 64, no. 1, 2020. [Online]. Available: https://dx.doi.org/10.1145/3436241.
L. I. Millett, B. Fischhoff, & P. Weinberger, "Foundational Cybersecurity Research: Improving Science, Engineering, and Institutions," Consensus Study Report, 2017. [Online]. Available: https://dx.doi.org/10.17226/24676.
F. Chang, "Hacked but Don’t Know It: Confronting the Cybersecurity Challenge," Kentucky Scholarship Online, 2020. [Online]. Available: https://dx.doi.org/10.5810/KENTUCKY/9780813179001.003.0013.
W. Maconachy & D. Kinsey, "Cybersecurity Education: A Mandate to Update," The Journal of The Colloquium for Information Systems Security Education, vol. 9, no. 1, 2022. [Online]. Available: https://dx.doi.org/10.53735/cisse.v9i1.138.
D. McMarrow, “Science of Cyber-Security,” The George Washinton University, 2010. [Online]. Available: https://nsarchive2.gwu.edu/NSAEBB/NSAEBB424/docs/Cyber-039.pdf.
J.M. Chang, D.R. Kuhn, & T.R. Weil, "Cyberthreats and Security," IEEE IT Professional, vol. 20, no. 3, pp. 6-10, 2018. [Online]. Available: https://dx.doi.org/10.1109/MITP.2018.032501744.
Y. Ivanova, "A methodology for empirical research and analysis in cybersecurity," Yearbook of the Telecommunications, vol. 22, no. 9, pp. 56-64, December 2022. [Online]. Available: https://dx.doi.org/10.33919/ytelecomm.22.9.4.
S. Bordoff, Q. Chen, & Z. Yan, "Cyber Attacks, Contributing Factors, and Tackling Strategies: The Current Status of the Science of Cybersecurity," International Journal of Cyber Behavior, Psychology and Learning, vol. 7, no. 4, pp. 79-93, October 2017. [Online]. Available: https://dx.doi.org/10.4018/IJCBPL.2017100106.
S. Nasir, "Exploring the Effectiveness of Cybersecurity Training Programs: Factors, Best Practices, and Future Directions," Proceedings of the Conference on Security and Management (SAM), pp. 1-6, July 2023. [Online]. Available: https://dx.doi.org/10.22624/aims/csean-smart2023p18.
A. Hewaidy & A. Al Mutawaa, “Disclosure level and compliance with IFRSs: an empirical investigation of Kuwaiti companies,” International Business & Economics Research Journal, vol. 9, no. 5, 2010. [Online]. Available: https://clutejournals.com/index.php/IBER/article/view/566.