I have to start with the definition of terms. I hope, you already have the idea what cyber is. It is anything relating to computers or the internet, even to smart gadgets controlled by programs or remote controls running through networks. When we come to the words security and defense, many IT practitioner in the industry still do not know the difference. They usually interchange the use of these words. They use the word defense even they are just referring to security.

My cellphone dictionary defines security as the state of being safe; freedom from the occurrence or risk of injury, danger or loss. In my own perception, it is all about building up and establishing a sense of confidence that guarantees nothing will go wrong! There is a promise of assurance no mistakes, harm or danger that could happen during operations or at rest. Security is proactive; while defense is reactive. It is only in the latter where skirmishes with an attacker may happen. Security is purely a psychological issue. It is just a pursuit of a feeling, a feeling of being safe and secure.

So in establishing this feeling of security in IT, we focus on hygiene and hardening. We put up precautionary measures by installing anti-viruses, firewalls, intrusion detection system (IDS) and alike. Talking about IDS, it can be likened to clear tape placed at your entrance door that is not visible to the eyes of intruders. On your part as owner of the house, you will know immediately that somebody opened the door by checking the clear tape if it is broken or still intact. If intact, nobody opened and entered the house. However if the clear tape is broken, suspicions begin. You know that somebody entered the house but you still do not know what the intruder did. You have to investigate for a time what happened or got lost. Likewise as owner, you might prefer a better intrusion detection system. You might install motion detectors and CCTVs to warn and even identify intruders at the instance of unauthorized entry. The same, there is no retribution or punishment done to the culprit. The intent of the home security made from my example can be correlated to computer security, the house as the computer. In NSSP (Network Systems & Security Professional Course) I learned, “You cannot protect what you do not see. Visibility is not security – you must have an action!” That action is called defense . . .

In Defense, there must be a blocking force. May it be in warfare or sports. It is much bigger in scope compared to security. It has lots of components. The word “defense” usually goes along with the word “offense”. These are the two sides of the coin. May it be in sports or combat. In speaking of combat, warfare is now being engaged in cyberspace, a different dimensional realm, the 5th one after land, sea, air and space (Star Wars). So if it concerns cyber warfare, we talk about cyber defense, not cyber security. My cellphone dictionary defines defense as a resistance to attack; a fortification; stopping someone from doing something by defeat; and a capacity to react. The definition of defense contains all of these elements, where fortification is part of it. I therefore conclude the definition of defense can be shown in this formula:

DEFENSE = SECURITY + BLOCKING FORCE (Countering Enemies Strategy)

Countering the enemies strategy includes, the following: countering the attack by Intrusion Protection System (IPS); isolating the attack; tracing/hindering the damage; detecting breached data; finding out where the attack is coming from by forensic; activating the Cyber Incident Response Team (CIRT) and letting them performing the tasks; Checking if the anti-virus protection failed; Checking if the Security Awareness Training effective; conducting immediately risk assessment; performing the Disaster Recovery, if needed; conducting counter intelligence if hackers penetrated physical parameter by social engineering? Conducting Vulnerability Scan & Penetration Test; implementing crisis management plan; auditing network architecture & failure incident; reviewing the document & communicated security policies and standards that were violated; reinforcing efficient access control procedures; and updating virus protection, network management, patch management, and change management processes.

In the US military strategy for cyber warfare, there are 5 pillars.¹ The department should adopt these also:

1. Recognizing cyberspace as the new domain for warfare;
2. Employing the balance of proactive defense with passive defense. (passive defenses are computer hygiene and firewalls. Proactive defense is the usage of sensors to provide a rapid response to detect and stop a cyber attack on a network. This utilizes military tactics to backtrace, hunt down and attack an enemy intruder);
3. Enhancing Critical Infrastructure Protection (CIP);
4. Using of collective defense, which would provide the ability of early detection and to incorporate them into the cyberwarfare defense structure.
5. Maintaining and enhancing the advantage of technological change. (Computer literacy/awareness and increasing data analytics and artificial intelligence capabilities in catching intruders).

The primary mission of the Department of National Defense (DND) is to maximize its effectiveness and efficiency for guarding against internal and external threats to national peace. Internal treats that are coming inside the country, namely: CPP-NDF-NPA, MILF, MNLF and Abu-Sayaff. External treats coming from outside, namely, any country with hostile intentions. These are the same group that we might be dealing in the cyberspace.

Surreptitiously, as I said earlier, attacks are now occurring in the cyberspace. These attacks may be coming from an individual, a criminal group, insider or a state-sponsored hackers. In the early days, attacks were usually pranks that defaces the websites of private or government organizations. Now, hackers are moving to data breaching where the money is. Remember the recent Bangladesh incident? DND is more concerned on nation-sponsored hacking especially those dealing on cyber espionage and destruction. Soon hackers will be moving to tinkling of electrical gridlines, air traffic control, drinking water, streetlights, sanitation systems, 911 dispatch, stock markets, hospitals, HVAC and more which will really be devastating that may involve loss of lives.

The creation of the Department of Information and Communication Technology (DICT) is more than welcome. Their task and responsibility must focus on issuing guidelines on Cyber Security. However, I believe that they should only take Cyber Security and leave Cyber Defense to DND. By the word “Defense” alone, it implies that the function and responsibility falls under purview of the Defense Department, which has control and influence over the Armed Forces of the Philippines . . .

Disclaimer:

This article was written in my personal capacity. The opinions expressed here are my own and do not reflect the view of the Department of National Defense (DND).

Reference: 1) Cyber Warfare, retrieved from https://en.wikipedia.org/wiki/Cyberwarfare_in_the_United_States)

FAQ:

• Question: Are you going to defend the whole country and will act as border patrol?
• Answer: Yes
• Question: Are you going or considering cyber offense?
• Answer: Yes