Professional Documents
Culture Documents
DEFINITIONS
Fundamentals (simplified)
Cyberspace
The domain where
information is exchanged and
processed by electronic
means, including physical
networks, the radio frequency
spectrum, and the internet
Cyberwarfare
Warfare waged using attacks
through and by cyberspace
Cyberterrorism
Cybersecurity
The state of being able to
minimize the depth, scope,
and impact of a cyberattack
Cyberdefense
The state of being able to
minimize the depth, scope,
and impact of cyberwarfare
THREAT ASSESSMENT
Cyberattack
Modes (targeting)
Directed
Viral
Modes (warhead)
Passive measures
Active measures
Impact
Physical
Socioeconomic
Sociopolitical
Actors
Non-state actors
Nation-states
5
Cyberattack modes
(targeting and warhead)
Directed
Analogous to guided missile
attack (i.e., delivery system,
targeting system, payload)
E.g., Stuxnet malware, DDOS
attack, hack
Viral
Analogous to biological
warfare attack (i.e., vector,
infectivity, lethality)
E.g., Flame espionage
malware
Passive measures
Espionage (infect and
listen)
E.g., Flame espionage
malware
Active measures
Sabotage (code strike)
E.g., Stuxnet malware
destroying nuclear
centrifuges of Iranian
nuclear weapons program in
Natanz
Cyberattack impact
Physical
Damage to physical
infrastructure
Socioeconomic
Societal disruptions,
difficulties in day-to-day
living
Case Alpha
Case Bravo
Case Charlie
Case Omega
Sociopolitical
Loss of trust in
government organs
7
Cyberattack actors
Non-state actors
Generic
classification
Group
Terrorist
groups
Currently unidentified
Al-Qaeda
ISIS
Dissident
groups
Hacktivists
Anonymous, etc
LULZSEC, etc
Cyberattack actors
Nation-states
Nation-State
Agency/ Unit
China
North Korea
Bureau 121
Russia
Israel
United States
Cyberattack actors
Other nation-states reported/ suspected of
possessing cyberwarfare capability
Various degrees of capability (developed; developing;
limited)
NATO members (e.g., UK - via MI6, Germany via Computer Network
Operation Unit under BND, Netherlands, etc)
Ukraine; Brazil
Iran; Vietnam
India; Pakistan
10
CAPABILITY ASSESSMENT
Existing capability
International law,
Philippine law and
conventions, and codes
policy
None
Constitutional ban on
offensive warfare
No laid-out policy
direction
12
Existing capability
Defense/ military, law
enforcement, government
CEISSAFP, ISAFP, AFP and
DND personnel trained
via joint exercise or
schooling
DICT, CICC (policy and
investigative support;
also leverages NBI, PNP
capabilities)
No point cyberdefense
or cybersecurity unit or
agency
Civilian, non-government,
academia, business
PH-CERT
Philippine IT community;
local hacking community
Cybersecurity businesses
(private sector)
ICT advocacy groups
(policy support; subject
matter expertise)
13
PROPOSALS
Implementation/
action items
Critical infrastructure
inventory, vulnerability
audit, penetration
testing, and hardening
Development of
cybersecurity mindset
Development of
hardened
infrastructure
15
END.
16
ABOUT DEMOCRACY.NET.PH
About Democracy.Net.PH
About Democracy.Net.PH:
An ICT and civil rights advocacy movement, since 2012 Democracy.Net.PH has been actively
involved in efforts to improve Philippine ICT legislation and policy development, measures to
improve internet connectivity access and penetration, quality of service, cyberdefense and
cybersecurity, in cooperation with international, national, and local government and nongovernment organizations.
18