CALABANYAN – is a fictitious neighboring country of the Philippines. For all intent and purpose, just like any wargames in Balikatan Exercises or Combined Military Exercises with other nations, this article will also refer to the enemy as “Calabanyan” – a play on words, meaning in Tagalog: Kalaban yan!

By J. Irving

The time is now! PMA must establish the Department for Cyber Warfare, alongside with the departments of ground, air and naval warfare – to make all graduates be in tune with the times, being cyber-ready!

In 1993, PMA was transformed into a Tri-Service Academy, initiating specialized, branch-of-service-specific courses in the last two years of training. The move prepared fresh graduates for their specific branch of service. Three Departments were created: the Department for Land Warfare (for Army candidates be field-ready); the Department of Naval Warfare (for Navy candidates be fleet-ready); and the Department of Air Warfare (for Air Force candidates be squadron-ready).

In 2004, the US Joint Chiefs of Staff in their National Military Strategy declared, “Cyberspace is now a domain of conflict alongside the air, land, sea, and space domains; and the Department of Defense must maintain its ability to defend against and to engage enemy actors in this domain”. So, in 2012, West Point established the Army Cyber Institute at their academy to meet the critical need for Army cyber leaders.

In 2016, I, as the DND Director for MISS, suggested to the PMA Superintendent the idea of following suit – establishing a Department of Cyber Warfare at PMA. The Superintendent welcomed the idea but perhaps, he does not know how to proceed . . .

In 2017, in the consultative committee (ConCom) to review the 1987 Constitution chaired by former Chief Justice Reynato Puno, DND submitted a position paper to include cyberspace under the Sovereignty clause, immediately after the Preamble, and the paragraph must be: “. . . among the territories which the Philippines has sovereignty or jurisdiction; to include: terrestrial, fluvial, aerial and cyberspace domains, including its territorial sea, the seabed, the subsoil, the insular shelves, and other submarine areas. Note that these are now the realms which the AFP must defend!

In 2018, I published an article in the homecoming edition of the Cavalier Magazine entitled, “Cyber Defense – DND’s New Role”, differentiating the role of the Defense Department from the role of DICT on matters of cybersecurity. The National Cybersecurity Plan 2022, which DICT published, limited the role of DND by just defending its own military networks.

Nevertheless, I believe that the role of DND goes beyond defending its military networks from data breach. The coverage should include: cyber recruitment of radicals, cyber espionage, cybercrimes, hacktivism and cyber terrorism that may involve damage to properties and loss of lives e.g. through hacking of: electrical gridlines, air traffic control, drinking water, streetlights, sanitation systems, 911 dispatch, stock markets, hospitals, Global Positioning System (GPS), Heat Ventilations and Air Condition (HVAC) Systems and other Internet of Things (IOTs). So for the AFP, in every Balikatan exercises, along these lines, is about addressing cyber operations made by enemies-of-the-state. In these manner, present and future military leaders must be aware of these things!

In the recent Balikatan 2023, I noticed that the cyber defense exercise was, not mutually at the same level, but more for the Philippine to learn on how to develop its cyber defense capabilities. The Exercise Director disclosed in the press conference: “the AFP is not yet technically proficient on cyber defense; but aims to learn from the US counterpart on how to develop AFP cyber defense capabilities in the near future. He continued that the Philippines also hopes to develop its own cybersecurity defense experts, who will then one day help other nations develop their own capabilities.”

How?

This article is not about a creation of a new branch-of-service, along with the Army, Airforce and Navy; nor propping up the Signal Corps as a combat arm in the Army, at the same level with the Infantry, Armor, Artillery and Special Forces.  Please do not get me wrong!

The Department for Cyber Warfare is all about Jointness!

Graduates of PMA going to any branch-of-service must also be cyber-ready! They will be involved in Joint Operations and Combined Arms. Joint Operation means that the three major services (Army, Navy, Air Force, and even to include the Police Forces) would be operating together; and Combined Arms refers to the participation of different military arms (Infantry, Armor, Artillery, Engineers, and Special Forces) in one big operation. As future officers, they must not only understand what a Network-Centric organization is but also know how to defend it and learn about the importance for cybersecurity. The graduates must be able to translate an informational advantage into a competitive advantage through the computer networking of dispersed land, air and sea forces. Network-centric warfare involves the linkage between unified command’s decision-makers with its sensors, and shooters – to dictate the success of a battle!

Perhaps, PMA is apprehensive that they do not have the necessary experts to teach and handle the department?

PMA is rich in talents. They can always invite their alumni and alumnae who can help to set up and maintain the Department. To name a few: BGen Nicolas Ojeda Jr ‘77 (Ret), the Philippine Counselor in the ASEAN CIO Association; LtCol Francel Margareth Taborlupa Class 2000, MIS, MIDP, MPM, CEH and CSCU, the CO of 7th Signal Battalion and hailed as International Cybersecurity Woman Leader of the Year for 2023; Maj Carlos Ely Tingson ’06 PA (Ret), CISM, CISSP, CEH, CHFI, CSA, Senior VP at Kroll, who have been teaching cadets, upon invitation, on National Cyber Defense, Cyber Threat Intelligence, and Capacity Development; Maj Gil Tario II ’05 PA (Ret), OSINT, ECIH, C|TIA, Cyber Security Philippine CERT and a consultant at Google; Col Joey Fontiveros ’94, MPM, DevSec, CEH, SANS, COBIT, CCNA, CSCU, CND, the former commander of Army Cyber Battalion and presently the Deputy of ASR; LtCol Norman Ancheta ’95 PA (Ret) of CICC, who handles the Cybersecurity Operation Center (SOC) of the DICT. These are the people I usually see in LinkIn and public fora, talking about their specialties in computers.

The first thing for PMA to do is to invest in a good Cyber Range, a collection of hardware or software that can simulate an organization’s network and systems, where cadets can perform cyber combat training, system/network development, testing and benchmarking. The cyber ranges are simulation platforms for operational teams to train, improve responsive capacity in case of a cyber crisis.

Training the cadets must consist the following fields of endeavor: Cybersecurity, Systems Networking, Artificial Intelligence, and Cyber Operations. Cybersecurity is everyone’s concern. Graduates must know how to defend from different cyber-attacks; the appreciation of connectivity and be able to optimize the use to their advantage; artificial intelligence includes machine learning and software development; and lastly, how to use cyber operation to aid the conduct of war, such us jamming the enemy’s communication lines and the denial-of-service of enemy’s computer systems, to include disarming computerized weapons, to name a few.

With C4ISTAR, in mind, for the 21st Century, when military leaders are adept with a network-centric organization, the implementation of networking sensors, commanders, and shooters to flatten the hierarchy, reduce the operational pause, enhance precision, and increase speed of command can dictate the outcome of wars. Our military leaders, however, must be cyber-ready!

ABBREVIATIONS:

AFP – Armed Forces of the Philippines

ASR – Army Signal Regiment

C4ISTAR – Command and Control, Computer, Communications, Intelligence, Surveillance, Target Acquisition, and Reconnaissance

C|TIA – Certified Threat Intelligence Analyst

CCNA – CISCO Certified Network Associates

CEH – Certified Ethical Hacker

CEIS – Communications, Electronics and Information Systems

CERT – Computer Emergency Response Team

CHFI – Certified Hacking Forensic Investigator

CICC – Cybercrime Investigation Coordinating Center

CISM – Certified Information Security Manager

CISSP – Certified Information System Security Professional

CND – Certified Network Defender

COBIT – Control Objectives for Information and Related Technologies

CSA – Certified Security Analyst

CSCU – Certified Secure Computer User

DevSec – Development Security

DICT – Department of Information and Communications Technology

DND – Department of National Defense

ECIH – Certified Incident Handler

EWG – Experts Working Group

MIDP – Master’s in International Development Practice

MIS – Master’s in Information System;

MISS – Management Information Systems Service

MPM – Master’s in Policy Management

OSINT – Open-Sourced Intelligence

PMA – Philippine Military Academy

SOC – Security Operation Center