Philippines’ National Cybersecurity Plan (NCSP) 2023-2028

The National Cybersecurity Plan (NCSP) 2023-2028 is a comprehensive plan that addresses the growing challenges in cybersecurity through a multi-faceted approach involving government, private sector, and international partnerships. By implementing these strategies, the Philippines aims to secure its cyberspace and foster a culture of cybersecurity awareness and resilience.

Vision and Goals

The NCSP envisions a trusted, secure, and reliable cyberspace for every Filipino. It aligns with the Philippine Development Plan (PDP) 2023-2028 and focuses on three main outcomes:

  1. Proactive Protection and Security in Cyberspace
  2. Increased Cybersecurity Workforce Capabilities
  3. Strengthened Cybersecurity Policy Framework

Key Strategies and Initiatives

1. Proactive Protection and Security

  • Secure GovNet Infrastructure: Enhance the security of the Government Network (GovNet) to protect over 3,900 national and local government agencies connected through the National Fiber Backbone (NFB). This includes implementing intrusion detection and prevention systems (IDS/IPS), secure BGP routing, and passive network elements.
  • Reorganize the Cybersecurity Bureau: Strengthen the National Computer Emergency Response Team (NCERT) and establish a National Security Operations Center (NSOC). The NCERT will handle cybersecurity incident response and investigation, while the NSOC will monitor critical information assets, perform VAPT services, and assess government agencies’ cybersecurity postures.
  • National Cybersecurity Threat Database: Develop a database to catalogue cybersecurity threats, accessible to both the public and private sectors. This database will include information on threat types, vulnerabilities, and mitigation strategies.
  • Partnerships with Private Sector Entities (PTEs): Collaborate with PTEs to detect and mitigate cybersecurity threats, secure cable landing stations, and manage CPE and network segments.

2. Increased Workforce Capabilities

  • Cybersecurity Awareness Month: October will be proclaimed Cybersecurity Awareness Month, with all government agencies conducting cyber-hygiene activities and awareness campaigns.
  • ICT Academy and Cybersecurity Center of Excellence: Re-establish the ICT Academy to develop a skilled workforce. The Cybersecurity Center of Excellence will focus on advanced cybersecurity education and research.
  • Career Path Development: Update the index of occupations to include cybersecurity roles and develop qualification standards for these positions. Create certification pathways and recognize industry certifications for career service eligibility.
  • Scholarships and Training: Provide scholarships for higher education in cybersecurity and partner with international training providers to offer relevant courses and certifications.
  • Hacking Competitions: Organize national and international hacking competitions to develop local cybersecurity talent.

3. Strengthened Policy Framework

  • National Cybersecurity Inter-Agency Committee (NCIAC): Enhance the NCIAC to coordinate cybersecurity policies and strategies across different government agencies. The NCIAC will serve as the main forum for policy coordination and conflict resolution.
  • Executive Orders and Legislative Measures: Promote an executive order for the protection of Critical Information Infrastructure (CII) and endorse new legislative measures to strengthen cybersecurity, including mandatory incident disclosure and protections for security researchers.
  • International Cooperation: Expand bilateral and multilateral cooperation in cybersecurity to align with global standards and practices.