National Security

The Philippine Cybersecurity Starter Pack

teodulfo.espero

June 21, 2025

Photo by Milan Malkomes on Unsplash

(Now With Less Bureaucracy, More Actual Defense)

So you want to protect the Philippines from cyber threats?
Nice. Us too.

But here’s the catch:
We can’t keep saying “we need better cybersecurity” and then hand over the entire IT budget to (1) antivirus software from 2009 and (2) a printer that keeps printing sideways.

It’s time we build a starter pack — something that gets us moving without a hundred meetings, a PowerPoint from a foreign consultant, or a task force with no teeth.

So here it is — The Philippine Cybersecurity Starter Pack (Beta version, proudly Pinoy-made).

Appoint Real CISOs, Not Just “IT Guy #1”

Let’s stop making the “computer dude” manage the firewall on his lunch break.

Every major agency, LGU, and GOCC needs a proper Chief Information Security Officer (CISO) — someone who actually knows cybersecurity, gets a real budget, and isn’t just dragged in when there’s a breach and everyone’s panicking.

If your “CISO” also fixes printers and resets Facebook passwords — they’re underpaid and overused. Fix that.

Fund cybersecurity training like we fund tarpaulins for ribbon cuttings

Let’s redirect just 5% of the budget from banners, giveaways, and 4-hour buffet press launches and instead:

  • Send people to real cybersecurity training
  • Fund certifications (CompTIA, GIAC, Microsoft, etc.)
  • Pay people enough to stay in the country

A secure nation starts with a skilled workforce — not just a slogan and a government-issued mouse pad.

Mandatory vulnerability scans — not just when “may nanira sa website”

Don’t wait for a hacker to make it to the news before checking your systems.

Make monthly vulnerability scans a requirement.
Better yet — make third-party penetration testing a regular thing.
And please, for the love of cybersecurity, stop using “admin/admin” as credentials on public-facing systems.

Public cyber awareness campaigns that aren’t boring

We don’t need another poster saying “Think Before You Click” in Comic Sans.

We need:

  • Tiktoks explaining phishing (hilarious + informative)
  • Barangay-level training on securing mobile phones
  • Relatable posts that actually teach people how to spot a scam text from “BIR”

Cybersecurity is everyone’s business — let’s make it understandable for everyone.

Secure critical infrastructure like it actually matters

Water systems. Power grids. Telcos. Airports. Government portals.

If your SCADA system is exposed to the internet without authentication, I have bad news:
You’re one annoyed teenager away from disaster.

Require:

  • Multi-factor authentication (MFA)
  • Regular updates and patches
  • Vendor audits
  • Incident response playbooks (that don’t involve waiting for CNN to break the story)

Build local threat intelligence — not just imported PDFs

We don’t need 300-page threat reports from someone in Switzerland telling us “cybercrime is on the rise.”

We need localized, timely, and actionable threat intelligence, written by actual Pinoy cybersecurity experts who understand the context, the language, and the threat actors.

Also: fund a national threat-sharing platform where agencies can share IOCs (Indicators of Compromise), not memes.

Make data breaches reportable — and give it teeth

Right now, many breaches never get reported. Why?
Because there’s no accountability. No policy with real consequences. Just PR spin and “We are currently investigating…” for six months.

Create a real cyber incident reporting law with:

  • Clear definitions
  • Reasonable timelines
  • Real penalties
  • Incentives for responsible disclosure

Transparency builds trust. Cover-ups just make us vulnerable.

Final Touches for the Starter Pack:

  • Strong passwords and MFA. Everywhere. No exceptions.
  • Offline backups. Yes, still important.
  • A basic security checklist for every agency.
  • A “cyber drill” that’s more than just logging out and back in.

Final Thoughts

You don’t need to spend millions or wait for a foreign consultant who thinks “Filipino time” is a timezone.

You just need:

  • Leadership that listens to its tech teams
  • Funding that prioritizes protection over politics
  • And a cybersecurity mindset that says:
    “Let’s secure this country before we trend for all the wrong reasons.”

Tags: