Anyone who transacted with a government office may have this observation that the bureaucracy is overstaffed yet undermanned. We can see many people sitting behind desks or hanging around, but only few respond to the needs of citizens who pay the salaries of government employees.
We keep on creating new government agencies supposedly to respond to a needs of our people, but once created, the agencies fail due to problematic staffing.
The Department of Information and Communication Technology (DICT), for instance, was created due to the dire need of a government agency to lead our digital journey, yet then President Rodrigo Duterte appointed a former senator and military official as its secretary, apparently who had no clue what his position entailed. However, the then DICT secretary received intelligence fund allocation intended to enhance cybersecurity.
Today, a DICT official admitted that they do not have the qualified staff to deal with the cybersecurity problems of government agencies. The irony is that they don’t have permanent staff but merely job order staff.
The role of DICT is almost as significant as the national defense department.
Our payroll for bureaucrats is increasing every year, because the government is the largest employer with over 1.4 million civil servants. But to our dismay, it has nothing much to show by way of proper service to the Filipino people. Our national budget allots P1.621 trillion in personnel services alone.
Thus, it is difficult to comprehend why our government can allocate billions for never-ending national road repairs and re-blocking, intelligence funds, or pork barrel for lawmakers, yet it has not allocated sufficient funds for DICT to counter cybersecurity.
The data breach in PhilHealth and Philippine Statistics Authority (PSA) proved that cyber-related attacks to other government agencies are imminent.
Cyberattacks disrupt essential government services such as financial system, healthcare, energy, and more. National security and personal data can be compromised. Worse, targeted attacks can lead to loss of life.
Digital transformation is here to stay, and the risk are real. However, these risks are manageable if we are prepared to address it.
It is indeed timely that government agencies, institutions, offices and local government units, including private companies and businesses should have their own cybersecurity officers. An issuance or policy should be immediately enacted to make it mandatory, just like the mandatory Pollution Control Officers (PCOs) in all establishments seeking Environmental Compliance Certificates (ECC). Courses and trainings on cybersecurity should also be made available in higher learning institutions or training centers in the provinces.
The national government should train key personnel from their department or bureaus, including that in the LGUs on cybersecurity and related field as mitigating measures. Without preemptive measures against cyber-attack, we will be always exposed to risks of hacking and other data breaches.