Latest news with #WomeninSecurityAlliancePhilippines

GMA Network

Cybersecurity groups urge Marcos to ensure safeguards in Konektadong Pinoy Act

Cybersecurity stakeholders urged President Ferdinand 'Bongbong' Marcos Jr. to address the cybersecurity risks found in the Konektadong Pinoy Bill, which is now awaiting the signature of the country's chief executive to become a law. 'We understand that the Konektadong Pinoy Bill is already awaiting the signature of President Ferdinand Marcos Jr.,' Women in Security Alliance Philippines (WiSAP), Scam Watch Pilipinas, BPO Security Council, PhilDev S&T Foundation, and the Philippines CIO Association said in a joint statement on Tuesda 'However, we firmly believe that cybersecurity safeguards must still be addressed,' the cybersecurity groups said. ISPs In particular, the groups flagged a provision in the bill which 'allows new internet service providers (ISPs) to operate for up to three years without full compliance with cybersecurity and data privacy regulations.' 'This grace period, written into the law, cannot be undone or corrected by the Implementing Rules and Regulations (IRR). It opens a dangerous window that hackers, scammers, and potentially even state-sponsored actors could exploit — threatening the security of critical infrastructure and sensitive citizen data,' the groups said. With this, the cybersecurity stakeholders called on Marcos to ensure the safeguards are addressed, 'whether through a veto with recommendations, immediate amendments post-enactment, or complementary executive actions.' The groups recommended the following safeguards: Remove the three-year grace period and require that all Data Transmission Industry Participants (DTIPs) and related entities comply with stringent cybersecurity and data protection controls upon engagement, aligned with global standards and practices Mandate a comprehensive risk assessment approach that considers cybersecurity, privacy, technology architecture, geopolitical concerns, and economic viability — especially for providers with foreign ownership or control Explicitly require national security and cybersecurity vetting for all prospectiv infrastructure providers involved in building or operating critical data infrastructure Include clear penalties for negligence leading to breaches of critical infrastructure, subject to investigation by regulatory agencies 'We recognize the value of a well-crafted IRR, but rules and regulations cannot compensate for omissions in the law itself,' the groups said. 'By embedding these essential safeguards into the legislation, it will align the bill with existing Philippine cybersecurity and data privacy laws, ensuring that our nation's digital infrastructure is protected from evolving threats that could compromise our sovereignty and long-term digital future,' they added. Telcos In particular, the groups flagged a provision in the bill that 'allows new internet service providers (ISPs) to operate for up to three years without full compliance with cybersecurity and data privacy regulations.' PCTO called for a review of the ratified version of the measure, citing national security concerns and weakening of regulatory oversight among new entrants in the country's connectivity service sector. PAPTELCO, on the other hand, urged Marcos to veto the bill, also flagging national security issues, as new players would no longer be required to secure a legislative franchise. Under the measure, new data transmission players are no longer required to secure a legislative franchise or Certificate of Public Convenience and Necessity (CPCN). The cybersecurity groups, meanwhile, said they support the measure's aim of expanding internet access and modernizing the country's digital infrastructure. However, they said that 'we are concerned that certain provisions may unintentionally expose the Philippines to heightened cyber threats — unless stronger safeguards are embedded directly into the law.' 'The bill also appears to ease the entry of entities — including foreign-controlled firms —into building highly sensitive infrastructure such as international cable landing stations and satellite gateways,' the groups said. 'Without a legally mandated national security vetting process, the IRR alone cannot provide the level of scrutiny and accountability required,' they added. Data access Cybersecurity stakeholders, meanwhile, noted that such raises the risk of unauthorized data access or disruptions to national infrastructure. 'Given the strategic nature of these assets, we strongly recommend that the law explicitly mandate both national security and cybersecurity vetting for all prospective infrastructure providers, regardless of origin,' the groups said. 'This would help ensure transparency, protect national interests, and uphold the integrity of our digital infrastructure —without unnecessarily discouraging investment or international cooperation. Yes, the bill seeks to connect more Filipinos — but if cybersecurity is treated as an afterthought, it also opens the door to serious threats,' they said. Technology industry groups —Global AI Council Philippines, the Blockchain Council of the Philippines, the Cybersecurity Council of the Philippines, the Data Center Association of the Philippines, the Fintech Philippines Association, and Go Digital Philippines— threw support for the Konektadong Pinoy Act, saying it can "help close the country's connectivity gap." Department of Information and Communications Technology (DICT) Secretary Henry Aguda is also backing the passage into law of the Konektadong Pinoy Act, saying it would increase competition in the country's telecoms space and eventually lower the cost of services for the benefit of the consuming public. —VAL, GMA Integrated News