Comments and Suggestions on the Philippines' National Cybersecurity Plan (Year)

List of Key Chapter Titles

1. Overall Comments
2. Pillar One: Enacting the Cybersecurity Law to Strengthen the Policy Framework
3. Pillar Two: Safeguarding Critical Information Infrastructure Security
4. Pillar Three: Proactively Protecting Government and Citizens in Cyberspace
5. Pillar Four: Building an Efficient and Coordinated Computer Emergency Response Team and Security Operations Center Network
6. Pillar Five: Enhancing Workforce Cybersecurity Capabilities
7. Pillar Six: Strengthening International Cooperation
8. Recommendations for Revising the Core Principles Statement
9. Optimization of Cybersecurity Incident Reporting Mechanisms
10. Data Classification and Human Rights-Oriented Data Processing Principles
11. Recommendations for Strengthening Supply Chain Security
12. Strengthening the Cybersecurity Role of Local Governments

Document Introduction

On July 25, 2023, the human rights organization Access Now submitted comments and recommendations on the "2023-2028 National Cybersecurity Plan (Draft)" to the Philippine Department of Information and Communications Technology (DICT). As an international organization dedicated to defending human rights in the digital age, Access Now drew upon its experience in cybersecurity policy, technical support, and global advocacy to propose systematic optimization solutions from multiple core dimensions.

The report first emphasizes that cybersecurity strategies should integrate the protection of human rights and fundamental freedoms. It recommends that the core principles statement clearly state that government policies and technical controls must adopt a human-centric approach, strictly protecting people's human rights while maintaining national security and promoting economic development, and adhering to international ethical norms and the rule of law in cyberspace. Considering the Philippines' vulnerability to natural disasters and climate-related threats, the report proposes strengthening the disaster resilience of cyber infrastructure from the national to local levels and clarifying disaster risk reduction, management, and recovery plans.

In the specific optimization suggestions for the six-pillar strategy, the report focuses on the enactment and implementation of the Cybersecurity Law, emphasizing that the law must be anchored in international human rights law, clarify the core connection between privacy and cybersecurity, and optimize the coordination process between incident reporting mechanisms and data breach notifications. Regarding the protection of Critical Information Infrastructure (CII), it recommends expanding the scope of industries covered by CII, opposing confidentiality requirements for CII designation, and ensuring that related standards are open and transparent.

The report also addresses key issues such as rules-based government cyber defense, local government cybersecurity responsibilities, a human rights-oriented approach to data classification, due diligence mechanisms for supply chain security, building collaborative networks between public and private sectors and internationally, and fostering a nationwide cybersecurity culture. All recommendations are based on the Philippines' socio-economic context, cybersecurity vulnerabilities, and international best practices, aiming to promote the construction of a trusted, shared, and clearly accountable cybersecurity ecosystem.