On DOST-ICTO, PH Government Websites Security and PDAF Piggyback Conspiracy Theory

Personal Experiences Technology

I stumbled upon some announcement via Official Gazette. It’s some sort of preso from DOST-ICTO discussing compromised government websites and the need for secure web hosting (see quoted text below). As much as possible I avoid writing about politics here at menardconnect.com. But just like with the RA 10175: Philippines Cybercrime Prevention Act, I will take some exception and write about it here as this topic got multiple intersecting interests of mine (haxing, infosec, security, and philippine politics). Quoting Official Gazette:

DOST-ICTO: Hacked government websites highlight need for secure web hosting

From the Department of Science and TechnologyInformation and Communications Technology Office
Published: August 26, 2013. Latest update: August 26, 2013.

The hacking of at least thirty government websites of supposedly local hacker groups sympathetic to today’s pork barrel protest action highlights the need for secure web hosting for government agencies and services.

DOST – Information and Communications Technology Office Executive Director Louis Casambre mentioned that: “This recent spate of website defacements goes to shows the serious need for the Government Web Hosting Service (GWHS ) especially since gov’t websites will more and more be leveraged to deliver public services.”

Administrative Order 39 (AO39) was enacted on 12 July 2013 mandating all national government agencies, government financial institutions, and government-owned and controlled corporations to have their websites hosted under the new GWHS which will be provided by the DOST ICT Office. “GWHS development is progressing and will be online as scheduled as per AO39.” Usec. Casambre Added.

The webpage defacements are deemed to be a protest action supporting the Million People March in Luneta. “No critical online services were affected and it seems that it wasn’t the intention of the community to cripple critical information dissemination websites and services of the government. We would like to request our hacking community not to target such sites.” said Casambre.

The Information and Communications Technology Office of the Department of Science and Technology is the Philippine Government’s lead agency on ICT related matters. Its primary thrusts are in the ICT Industry Development, eGovernment, ICT policy development, Internet for all and Cybersecurity

 

Read full text and links at

http://www.gov.ph/2013/08/26/dost-icto-hacked-government-websites-highlight-need-for-secure-web-hosting/

Now my personal comments and insights:
1. First, this is good news. Any move improving the security posture of the government (and government websites) is welcome news for me and a lot of Filipinos out there. I just hope that your agency continue this with concrete actions.

Now on to more serious stuff…
2. As The Black Eyed Peas song goes… “I’m so three thousand and eight, You so two thousand and late.” Yes, this announcement is so 2000 and late!!! As I tweeted earlier in twitter (“Huli man daw at magaling. LATE PA RIN“). Nuff said on the timing.

3. Trigger for this PR: Hacking of at least 30 government websites in relation to the recent pork barrel/PDAF protest actions.

Why single out the recent 30-ish defacements? Are you DOST-ICTO folks doing some piggyback on the popularity of pork barrel/PDAF protests and issue?

Piggyback and Pork BarrelAng galing pala ng word-combo ko kaya ilalagay ko sa title yung PDAF/Pork Barrel Piggyback Conspiracy Theory!!!
4. Quote and quote “We would like to request our hacking community not to target such sites“, said Casambre.
To Usec. Casambre, are you really sure you are requesting for this??? Official statement at request nyo po ba talaga ito? Baka kase misquoted lang.

5. RE: <DOST-ICTO> is the Philippine Government’s lead agency on ICT related matters. Its primary thrusts are in the ICT Industry Development, eGovernment, ICT policy development, Internet for all and Cybersecurity.
I am amazed by the keywords and buzzwords for this government office. “lead agency” + “primary thrusts” + “Cybersecurity“. But given the technical depth and logical reasoning  on this PR all I can say is “Oh my!!!”
Seriously, DOST-ICTO folks may need to rethink and re-strategize (and then synchronize the overall plan with the PR/Marketing machine). My 2 cents…

Before I end this post, some disclosure:
I work at Trend Micro. The views expressed in this blog post are my personal opinion and do not represent my employer’s positions, strategies or opinions.
To know more on what I do full-time kindly visit my linkedin page and my blogs about page.
To know more about my blog’s full disclosure policy, kindly visit my blog’s disclosure page.

Comments are closed.