Philippine Cyberspace.pdf
Transcript
ITE185 Philippine Cyberspace: Legal and Ethical Imperatives for Cyber Infrastructure Protection Mindanao State University - Iligan Institute of Technology College of Computer Studies Learning Objectives This section will discuss: The Philippine Cyberspace Chall...
ITE185 Philippine Cyberspace: Legal and Ethical Imperatives for Cyber Infrastructure Protection Mindanao State University - Iligan Institute of Technology College of Computer Studies Learning Objectives This section will discuss: The Philippine Cyberspace Challenges of Critical Cyber Infrastructure Protection International and Domestic Cybersecurity Regime MMOM Prelim The Philippine Cyberspace Cyberspace: It is the non-physical terrain created by computer systems. It consists of computer networks as well as the worldwide network of computer networks that use the TCP/IP network protocols to facilitate data transmission and exchange. MMOM Prelim The Philippine Cyberspace Cyberspace: It is the non-physical terrain created by computer systems. It consists of computer networks as well as the worldwide network of computer networks that use the TCP/IP network protocols to facilitate data transmission and exchange. It is differentiated from physical space wherein the latter refers to an aspect of reality visible to the naked eye, while the former refers to an ethereal reality in which information in the form of communicated messages coexist and are transmitted. It should not be confused as being imaginary; it is real and exhibits physical reality through servers, routers, cables, switches, computers and electronic messages. MMOM Prelim The Philippine Cyberspace - Definition It is the space where information is posted, exploited, manipulated, traded and accessed, created by the interaction, communication and collaboration of people and organizations via the network of information and communication system infrastructures. It is a consequence of the use of these networks of physical infrastructures. They are now called digital or cyber infrastructures. MMOM Prelim The Philippine Cyberspace -Significance of Digital Infrastructures Digital infrastructures are the platforms to the Philippine Cyberspace which are critical for key social, political, military and economic functions such as the managing and operating of the country’s power plants and dams, the electric power grid, transportation and air traffic control systems including financial institutions. MMOM Prelim The Philippine Cyberspace -Significance of Digital Infrastructures They are also vital in the day-to-day operations of business, government and non- government institutions. Business establishments, large and small, rely on them to manage communication and payroll, track inventory and sales, perform research and development functions, generate food production and many others. Digital infrastructures are keys to our nation’s capacity to carry out information- based public and private enterprises. MMOM Prelim The Philippine Cyberspace -Significance of Digital Infrastructures With the rapid increase of digital infrastructures, they are now considered as strategic resources and assets that play an important role in the nation’s economic development and competitiveness, security and well- being. Their disruption or destruction will have debilitating impacts on national security. MMOM Prelim The Philippine Cyberspace - Components The digital infrastructures that interconnect national, regional and global information and communications networks. 1.Enterprise Networks/Intranets Enterprise Networks or intranets pertain to independent networks, local area networks (LAN) and wide area networks (WAN) that are connected through telecommunication channels. Said networks cater to their organization’s business applications, including critical infrastructures. 2.Local Internet Service Providers (ISPs) These are organizations that provide gateways between packet- switching networks and Public Switching Telephone Networks (PSTN). These are networks through which most customers gain access to the Internet using telephone lines. They are sometimes referred to as second level ISPs. MMOM Prelim The Philippine Cyberspace - Components 3.Regional Network Providers (RNPs) These entities provide WANs across large geographic areas. They function as client/server systems integrator, value-added reseller, and/or provider of Internet services to a wide geographic market. 4.Internet Backbone Composed of organizations that provide major interconnection between different networks, they consist of: Network Service Providers (NSPs) – These are organizations that provide the foundation of the Internet backbone, which is largely based upon the architecture of the Internet’s precursors. Network Access Points (NAPs) – Network Access Points offer a mechanism for NSPs and ISPs to interconnect. Collectively, they operate as the Public Internet Backbone that connects to ISPs, POP and hosts. Long Distance Carriers – They supply a national network of communication channels for the Internet and long distance voice MMOM Prelim The Philippine Cyberspace - Components 5. User Services These are organizations that provide domain names, email hosting, newsgroups, telnet, FTP, and storage. 6. Online Content These are information resources that are published in websites and stored in databases of ISPs and and organizations that own them. 7. End-Users End-users pertain to people and organizations that utilize the network for their personal and business purposes. 8. Telecommunication Services These comprise the facilities that provide connection of communication channels to ISP’, independent networks, and individual subscribers and users. MMOM Prelim CHALLENGES IN CRITICAL CYBER INFRASTRUCTURE PROTECTION Cyber threats are events, situations and conditions that tend to reduce, disrupt, degrade and destroy digital infrastructures. Cyberthreats categories: Accidents and Malfunctions This category includes operator error, hardware malfunctions, software bugs, data errors, damage to physical facilities, inadequate system performance and system malfunctions. An example of this is the infamous Y2K or millennium bug. Occurrences of these threats are attributed to disaster, calamities, and lack of knowledge, as well as lack of maintenance, factory defects and faulty designs. Hacktivism Considered as the marriage of hacking with activism, it covers operations that use hacking techniques against a target Internet site with the intent of disrupting normal operations but without causing serious damage. It also includes electronic civil disobedience, which brings methods of civil disobedience to cyberspace like virtual sit-ins and blockades, automated e-mail bombs, web hacks and computer break-ins including the use of malicious codes MMOM Prelim CHALLENGES IN CRITICAL CYBER INFRASTRUCTURE PROTECTION Cyberterrorism The exploitation of digital infrastructures for terrorist ends, it comprises of politically-motivated hacking operations designed to cause grave harm such as loss of life or severe economic damage. An example would be an intrusion into an air traffic control system and causing two planes to collide. Technoterrorism This is the intermediate step between "conventional" terrorism and "cyberterrorism." Unlike the cyberterrorist, the technoterrorist will attack those systems that exist in the physical world to disrupt cyberspace. Thus, the computer itself (hardware rather than software) is the target of the technoterrorist. The technoterrorist will use "conventional" weapons such as bombs and physical destruction to disable or destroy digital infrastructures. Information Warfare Defined as being concerned with “the defensive and offensive use of information and information systems to exploit, corrupt, or destroy an adversary’s information and information system while protecting one’s own.” Winn Schwartau, a pioneer on the topic of information warfare has developed three classes: personal information warfare which is characterized by the electronic attack against an individual’s privacy corporate information warfare where corporations use information and its associated technology to destroy or win against their competitors; and global information warfare which targets entire industries, nations and global economic forces. MMOM Prelim CHALLENGES IN CRITICAL CYBER INFRASTRUCTURE PROTECTION Foreign Intelligence The cyberspace is a potentially lucrative source of strategic and competitive intelligence that can be collected by intelligence agencies of governments and their military and police organizations. Intelligence that can be collected in the cyberspace include reports on current events, analytic political and economic assessments and plans, as well as programs and operations of government, political organizations, non-government organizations/people’s organizations (NGOs/POs) and business organizations. It encompasses monitoring, eavesdropping and interception of communications or electronic messages. Cyber Crimes Synonymously referred to as computer crimes, they are characterized by hacking or unauthorized access to computer systems or networks, or forcibly taking over a computer network to destroy and/or modify data and programs including stealing information that can cause disruption to the network. Reasons may vary from personal gains to political reasons. Cyber crimes include theft, sabotage, vandalism, cyberstalking, child pornography, copyright violations, piracy, trademark counterfeiting, Internet fraud and others. MMOM Prelim CHALLENGES IN CRITICAL CYBER INFRASTRUCTURE PROTECTION - Increasing Risk Despite the benefits, the increasing use and rapid growth of critical cyber infrastructures have amplified the risks in our national security environment. MMOM Prelim CHALLENGES IN CRITICAL CYBER INFRASTRUCTURE PROTECTION - Increasing Risk Here are the major contributory factors why such a situation occurs despite the benefits that ICT provides: 1.Dependency Increasing dependence on the use of information and communication systems for individual and corporate undertakings 2. Interdependency Digital infrastructures are interdependent in terms of system configurations, connectivity and applications. The failure of one digital infrastructure can cause the failure of another infrastructure or vice versa. 3. Globalization The globalization of business operations and processes requires the need for real-time information and information resources. Inability to perform these functions can constitute substantial income and opportunity losses. MMOM Prelim CHALLENGES IN CRITICAL CYBER INFRASTRUCTURE PROTECTION - Increasing Risk 4. Standardization of Technology Standardization of technology for interoperability and system efficiency opens up windows of vulnerabilities that will be common to all systems and to the knowledge of everyone. 5. Technology as a Force Multiplier Information and communication technology provides equal opportunity to government, military and police organizations as well as to individuals, criminal and terrorist organizations. ICT provides the advantage of speed, stealth, wide coverage in terms of distance and target, anonymity, low cost, and high success potential, among others. It only takes a personal computer connected to a network and a computer virus to inflict tremendous damage on a global scale. ICT is also an effective medium for propaganda. MMOM Prelim INTERNATIONAL AND DOMESTIC CYBER SECURITY REGIME The pervasiveness of threats to critical cyber infrastructure has long been considered an international problem. This prompted the international community to draft guidelines and implement measures to curb its increasing potential to undermine the peaceful world order. The Philippines, being a member of different international organizations, recognizes and subscribes to these guidelines as essential ingredients in its own cyber security planning and programs. MMOM Prelim INTERNATIONAL CYBER SECURITY REGIME 1. UNITED NATIONS The most significant effort on the part of the UN in the area of cybersecurity was the adoption of Resolution 57/239 entitled Creation of a Global Culture of Cybersecurity during its 78th Plenary Meeting on 20 December 2002. This resolution provided an annex wherein it recognized nine complementary elements in creating a global cybersecurity culture and set MemberStates’ individual responsibilities. Awareness Risk Assessment Responsibility Security Design and Response Implementation Ethics Security Assessment Democracy Reassessment MMOM Prelim INTERNATIONAL CYBER SECURITY REGIME 2. APEC On October 21, 2001 the APEC Leaders issued their Statement on CounterTerrorism that condemned terrorist attacks and deemed it CYBERSECURITY imperative to strengthen cooperation at all levels in combating STRATEGY terrorism in a comprehensive manner. APEC recognizes that the fight against cyber crime and the protection of critical infrastructures is built upon the legal frameworks of every economy. In particular, cyber security depends on every economy having (1) substantive laws that criminalize attacks on networks, (2) procedural laws to ensure that law enforcement officials have the necessary authorities to investigate and prosecute offenses facilitated by technology, and (3) laws and policies that allow for international cooperation with other parties in the struggle against computer-related crimes. MMOM Prelim INTERNATIONAL CYBER SECURITY REGIME 3. ASEAN CYBER SECURITY The ASEAN members committed to establish National Computer Emergency Response Teams (CERTs) by 2005. INITIATIVE All member countries shall have also established, by 2004, a common framework for sharing cybersecurity threat and vulnerability assessment information. Cybersecurity expertise and information will be shared among member countries to help develop cybersecurity policies and exchange realtime information on cybersecurity issues. MMOM Prelim LEGAL REGIME IN THE FIELD OF CYBER SECURITY IN THE PHILIPPINES The government has to have laws instituted to help protect companies and consumers from abuses and to address internet security in a global context. The Philippines is governed by the following legislations pertaining to the utilization, development and protection of the Philippine cyberspace: Republic Act 7935 or the Philippine Public Telecommunications Policy Act enacted on March 1, 1995 which regulated the telecommunications industry in the country; Republic Act 8484 entitled Access Devices Regulation Act of 1998 dated February 11, 1998 which regulated the issuance and use of certain access devices. It defined access device fraud as a criminal offense; Executive Order No 467 dated March 17 1998 which set forth guidelines that will govern the operation and use of satellite telecommunications facilities and services in the country; Republic Act 8747 or the Philippine Year 2000 Readiness and Disclosure Act which was approved on June 01, 1999, setting the necessary guidelines to ensure the readiness of Philippine computer systems, products and services against the Y2K bug; Executive Order 269 dated January 12 2004 which created the Commission on Information and Communications Technology as the governing body in all ICT-related activities in the country. MMOM Prelim References Department Of Information And Communications Technology - National Cyber Security Plan MMOM Prelim
