Panayam kay CICC Deputy Executive Director Asec. Mary Rose Magsaysay at Highly Technical Consultant Drexx Lagui ng CICC ukol sa rules of engagement hinggil sa cyber defense ng bansa na tinutukan ng Balikatan 2024
Panayam kay CICC Deputy Executive Director Asec. Mary Rose Magsaysay at Highly Technical Consultant Drexx Lagui ng CICC ukol sa rules of engagement hinggil sa cyber defense ng bansa na tinutukan ng Balikatan 2024
Category
🗞
NewsTranscript
00:00 Rules of engagement in the cyber defense of the country that is being discussed in Balikatan 2024.
00:06 We will discuss this with Assistant Secretary Mary Rose Magsaysay,
00:11 Deputy Executive Director of Cybercrime Investigation and Coordinating Center or CICC,
00:16 and Sir Drex Lagy,
00:18 Highly Technical Consultant of CICC and Chairman of Scientific Working Group on Digital Evidence.
00:24 Good afternoon, Asif Magsaysay and Sir Drex. Welcome to Bagong Pilipinas.
00:29 Good afternoon.
00:31 For our viewers,
00:35 one of the topics that was discussed after the Balikatan exercise this year is the cyber defense of the country.
00:44 What were the topics discussed here?
00:46 When we were invited to be observers here in Balikatan,
00:56 CICC was involved and seven people attended CICC.
01:00 We saw that their concern is the rules of engagement.
01:05 This means that they want to know when they will retaliate, when they will engage.
01:13 It's not clear how this will happen.
01:15 The Philippines and America shared what is allowed and what is not.
01:21 We based this on the laws that we have now.
01:24 We know that the Philippines acceded to the Budapest Convention,
01:29 so we have guidelines.
01:31 We shared this with them because they don't use the Budapest Convention.
01:38 Sir Drex has the questions here because he lectured on that part.
01:42 Sir Drex?
01:43 Actually, there are many things discussed there.
01:47 For example, our constitution prohibits war.
01:52 We cannot go ahead and hack to destroy our targets.
01:59 We can only do that in a self-defensive manner.
02:03 There are many things that cannot be done,
02:06 such as pretending to be a journalist or a medical worker on the internet.
02:14 That is prohibited.
02:16 If you are on the internet and you conduct operations,
02:21 you must be like an equivalent of a person in uniform who is in the military
02:26 so that they will know who is a combatant and who is not.
02:29 What are the threats in cyberspace that we need to prepare as a country?
02:35 There are so many.
02:37 The first definition of cyberwar or cyberdefense is that operations are done in the cyber domain,
02:53 meaning in the electronic space, in the internet space, within the computers, within the networks.
02:59 There are so many things that come to mind.
03:06 With regards to defense,
03:08 what we are facing is that, like what you heard,
03:12 we know who is shooting at us.
03:18 We know what the capabilities of the people shooting at us are.
03:21 We know what their motive is, what tools they can use,
03:25 and why they are doing that against us.
03:28 If we know at least their modus operandi,
03:31 and we know what they want to do,
03:36 it will be easier for us to know what resources we have to defend what we need to protect.
03:47 What I'm saying is a bit confusing because cyberdefense is really wide.
03:55 A few weeks ago, a target of disinformation,
04:01 which is a part of a cyberwar campaign against our national security,
04:05 was a deepfake against our president.
04:09 There was a deepfake, including video and audio.
04:12 They want to separate our unity.
04:18 If we are not united, it will be easier for us to divide.
04:23 I have a follow-up.
04:25 You said cyberdefense is in general here in our country.
04:29 Can it be done individually?
04:31 For example, if you want to protect yourself from someone who has an intention to harm you,
04:38 can it be done as a group?
04:40 Absolutely.
04:42 Actually, every person should have the motivation as well as the responsibility to protect oneself
04:50 so they can also protect others.
04:52 One of the things that is emphasized by individual private and personal cybersecurity
05:01 is our Data Privacy Act.
05:04 It states that everybody is basically responsible for maintaining our privacy,
05:13 safeguarding our personal information, and those of our family as well.
05:20 That is where our cybersecurity starts.
05:25 Asic, this is probably the question of all our fellow Filipinos.
05:29 Is the Philippine government capable of defending itself against cyberattacks?
05:38 One word? Yes.
05:40 In fact, you will see that.
05:43 Our government is composed of a lot of industries.
05:49 We have transportation, we have financial, we have military, we have administrative,
05:56 and all of those branches.
05:58 The best example that we can see that we can protect ourselves is in the financial industry.
06:05 Because of the regulations of the Central Bank with regards to cybersecurity,
06:13 they are being forcefully implemented by the banks and they are being fined for it.
06:19 Because of their regulations, every Filipino feels that if there is a problem,
06:25 Filipinos become resilient against financial-level attacks.
06:31 Not all parts of the government are equally capable.
06:37 Definitely, the military has a fight against it because it is their mandate to protect us from external threats.
06:46 But for others, maybe it is the Department of Tourism because they have a different mandate,
06:54 a different mindset, a different culture, and the same goes for the educational system.
06:58 So, in a word, yes, but really the bigger explanation is that it depends on the branch of the government.
07:07 So, what is the difference between the physical and cyber domain that is also one of the things that we are focusing on
07:12 in this year's celebration of Balikatan 2024?
07:16 Before, it was easy to say that the physical is basically kinetic.
07:21 If you can fire a gun and it goes off, that is the physical domain.
07:26 But now, it is the cyber domain.
07:29 It is because of the dependence of our command and control and intelligence system on each other.
07:37 And even if your missile is good, if you cannot see where your enemy is,
07:44 your expensive missile is useless.
07:48 So, with that, you need a targeting system, you need a surveillance system, you need an intelligence system.
07:54 And those, even command and control, are very, very reliant on electronic and digital systems.
08:02 So, you have, for example, a drone that is flying and looking for a ship that wants to enter our country.
08:11 And then the drone has an electronic camera, not a normal camera.
08:18 You can see that, and then you digitalize it, transmit it via communication systems,
08:23 and send it to the ship's commander.
08:26 And then the ship's commander will radio the headquarters and ask, "Do I have permission to fire?" and so on and so forth.
08:32 So, that's the whole kill chain.
08:35 So, now, it is good and recognized that you cannot separate cyber capabilities from the physical or kinetic capabilities of the military.
08:47 Well, to Mary Rose, the forms of cyber attacks are different.
08:52 Can false or different narratives or propaganda be used,
08:57 just like what Sir Jax was saying earlier, to separate the Filipinos?
09:02 Yes, you know, they are prioritizing that.
09:05 They are dividing the culture of a country.
09:09 Even the families are crying over that.
09:12 We see the children dancing online, and we know that the parents don't like that.
09:18 The parents prefer to Google their children's hours in school and the positive things that will help them pursue a good life.
09:29 But there are many things that we should not be doing.
09:35 We are doing this because it is one of the ways to destroy the family's core, the basic unity of society.
09:45 And if we do that, it will be easier for other countries or whoever is doing that to enter the weak culture.
09:55 So, you mean, instead of the attention of the Filipino youth in education,
10:00 they will go to entertainment and social media, which will make us vulnerable eventually.
10:05 When they grow up, they will have a lack of education, and we will be less likely to enter.
10:12 Of course, when we go online, we know that we are six hours dedicated more than the usual global person online.
10:24 The Filipino is always online, and if they are busy with entertainment,
10:30 they will lose their time to focus on their family and their life later on.
10:37 So, as of now, from the cybersecurity training,
10:41 what are the challenges that the government should address in the cyber defense of the country?
10:47 Okay, what I see there is the connectivity of the Philippines, which is really targeted by the DICT,
10:54 plays a very big role in helping both countries be shoulder to shoulder in protecting the country.
11:01 Because we know that that is our biggest struggle in the Philippines,
11:07 is that because we are archipelagic, different kinds of connectivity are needed in each place.
11:13 And we saw that in Balikatan, that it plays a big role in helping each other.
11:19 Because if you cannot go online, the communication does not flow properly,
11:24 the order might be late, and all the people on the other side might have died.
11:28 So, that is what should be really addressed.
11:31 And I think that DICT is playing a big role in doing this,
11:35 because they are already connecting everything and everybody.
11:39 As of today, I think they are already on track towards finishing everything by 2025.
11:45 Well, Sir Drex, this has been part of the discussion in Balikatan 2024.
11:50 Can you explain this digital forensics to our fellow countrymen?
11:54 Yes, digital forensics, in a simple answer,
11:58 is that it is the process of discovery electronic data or electronic evidence from multiple data sources,
12:06 like from cell phones, computers, and the internet.
12:11 And then you use that in a judicial system to bring it to court to prove or disprove allegations or facts.
12:22 So that you can prove that the person is guilty or to even exonerate that person
12:28 if the evidence you have is inculpatory or exculpatory.
12:33 Sir, in other discussions, our fellow media person, Eugene Mangalus, has a question.
12:38 How many cyber attacks have government websites experienced every day?
12:44 Are there specific websites that are often targeted?
12:48 Okay.
12:49 Like Eugene.
12:51 What can you say about this?
12:54 I always say that, as long as it is a government, yummy.
12:58 They are really trying to make it look like their exams, the hackers.
13:05 If they hack the government, knowingly, the government is supposed to be equipped to be able to protect a nation.
13:14 So it's really like their graduation.
13:19 Yes, their graduation.
13:20 So they are really attacking us.
13:22 Day in, day out, everything.
13:24 And if it's left to right, even if it's small, LGUs.
13:29 Well, this is just an additional question.
13:32 How dangerous is artificial intelligence if it is taught to be used by those with evil intentions or those with negative or wrong intentions?
13:45 I leave that to Mr. Lagui.
13:47 Actually, what I'm trying to say is that it is not used anymore.
13:53 It is being used now.
13:55 For example, what I mentioned earlier, there was a deepfake against our president.
14:01 His audio and video is really beautiful.
14:04 And you really think that our president is the one speaking and ordering war.
14:08 So, a lot of people are using it now.
14:12 One of the things that AI, the criminals, use is to read our laws.
14:20 Because our laws are all uploaded.
14:23 All of the Republic Act is uploaded.
14:25 All of the jurisprudence of the Supreme Court is uploaded.
14:29 So AI is being used to read all of the jurisprudence, to read all of our laws.
14:34 And then it compares it to the activities they do.
14:37 Then they will guess what their legal risks are.
14:41 They will be caught.
14:42 And if they are caught, what can they do legally, tactically, so that they will not be sent to court.
14:50 That is one of the things they can do.
14:52 There are many more.
14:53 Money laundering, forgery of documents, phishing, malware.
15:01 Now, AI can say, "This is the vulnerability that Microsoft published.
15:07 This is where they patched it."
15:10 You can tell AI, "Please reverse engineer their news alert.
15:16 Create malware that can exploit it."
15:20 So, I can use it on others whose software is not yet updated.
15:24 You said earlier that anyone can do anything with AI.
15:29 You challenged us earlier on what we can do with it.
15:32 For our fellow countrymen, Sir was saying earlier that even if your gadget is off, you can monitor it.
15:45 What is your example earlier?
15:47 The most basic.
15:53 Okay. Because sometimes, the iPhone is the best example.
15:57 Because in a criminal organization, both the victim or the criminals themselves,
16:05 normally, when a person is wearing an iPhone, the perception is high-level in the organization.
16:13 Either he is the bossy or he is the financier or whatever.
16:19 Because in our culture, the iPhone is a social status.
16:24 When you have an iPhone, it is easier to forget about the cellphones that came from CD-R King.
16:31 Because the value you get from CD-R King phones is less compared to what you get from an iPhone.
16:40 The iPhone is not only beautiful, has a lot of features, but it also has a huge SSD.
16:48 One terabyte of SSD of storage space can hold a lot of audio and video.
16:55 So, it's more convenient.
16:57 Now, the iPhone, because of the way it's designed,
17:02 because it's built not for security purposes but for the convenience of the user.
17:11 The best example we can give is that even when it's in airplane mode, it still has Bluetooth on.
17:18 Its GPS is still on.
17:20 Now, when its GPS is on, you can query the iPhone's API.
17:25 You can ask where you are in the world and what are the air tags you're monitoring.
17:32 That's one.
17:33 Another is Bluetooth, GPS, all of those are on.
17:37 You can easily find out where your target is.
17:40 If your target is the iPhone, it's probably a millionaire.
17:43 You can think of a lot of crimes.
17:46 You can talk a lot.
17:49 But you should be careful.
17:52 I hope you can discuss this with your future guests in our programs here at PTT.
17:57 Again, thank you very much for your time.
17:59 Assistant Secretary Mary Rose Magsaysay, Deputy Executive Director of Cybercrime Investigation and Coordinating Center of CICC.
18:07 and Sir Drex Lagy, highly technical consultant of CICC.