By J. Irving

I am writing this blog with the hope of reaching a wider audience and to convey what I failed to mention in the forum.

The 17th of January 2024, a Wednesday, was the second day of the cybersecurity conference hosted by Stratbase ADR Institute in collaboration with the Embassy of Canada in the Philippines. Its theme was, “Fortifying Cyber Cooperation Towards Digital Security”.

I was starstruck by the big names in the programme: Secretary of Defense Gibo Teodoro, Ambassador David Hartman of the Canadian Embassy, the Head of Canada Centre for Cyber Security Sami Khoury, CISOs of Telcos and Banks, government secretaries with their undersecretaries and assistant secretaries, and so many more, to include notable personalities in the audience.

I had the honor to be grouped with former Commissioner Raymund Liboro of NPC and Atty. Raymond Panotes of the NBI (the counterpart of the FBI Cyber Division), in the main event, with the topic: “Enabling a Cyber-Safe Population”. The panel was moderated by Ely Tingson of Kroll Solutions, my underclassman in PMA, who served as adviser-to-the-adviser of President Duterte at the National Security Agency (NSA) on cybersecurity matters.

In his Powerpoint presentation, Comm. Liboro showcased statistics of security breaches. In one slide, I was dumbstruck by the mesh of cable wires running on the seabed of China Sea, a strong reminder of one of the compelling reasons for supremacy.

NBI lawyer, Atty Raymond Panotes of the Anti-Cybercrime Division, assured us that they are doing their best to deal with the hundreds if not thousands of reports about cybercrime. Unfortunately, his agency is hard pressed as they are undermanned.

On that particular day, I made it a point to introduce myself to Ambassador Hartman. When I saw that the seat beside him was vacant, I took it and introduced myself as a permanent resident of Vancouver. He beamed upon hearing this, that someone from “his side” is a resource speaker. But when I asked him for a selfie, he raised his right hand and made a Stop sign and said softly, “After.”

Embarrassed I kept quiet while the panel discussion on stage went on. In my mind, it was a sin to lose my military decorum by descending to the level of a screaming fan, wanting to snap photos with his idol. Yes, my excitement overcame my senses to break protocol. I learned my lesson well.

When the discussion on stage was over, I was genuinely surprised when the good Ambassador came over and said with all the kindness in his heart said politely, “We can now take the selfie.” I jumped up, stood beside him and “double-tapped” my iPhone. Then I gushed, thanking him profusely and got ready to go on stage, at the same time sending these pictures to my children in Vancouver.

On stage, I made a three-minute opening remark about three things: first, I compared my cybersecurity experience in Canada with ours; second, the need to bring the confrontation in cyberspace into kinetic by sending hackers to jail; and lastly, the rising fear factor of – The Cyber Mercenary.

My Canadian Experience:

The head of the Canada Centre for Cyber Security was not at the presidential table. I cannot see him around. Sayang! I opened with a story about the hacking of the Facebook account of Fr. Gerard Deveza, a healing priest, where the scammer was very successful in getting cash from most of the friends of the priest. The Cybercrime Investigation Coordinating Center (CICC) failed terribly to apprehend the culprit – despite leads from the Cyber Battalion. The hacker is still free out there, and the next victim might be you! (Pointing my fingers to the audience).

Upon arriving in Canada as an IT skilled-worker in 2012, same year I retired from the Army Signal Corps, I took up the first Network Systems and Security Professional (NSSP) course that was offered by UBC, the University of British Columbia. There is a website: www.getcybersafe.ca – about a national public awareness campaign created to inform Canadians about cyber security. In Facebook, there are certain links being blocked by Canada, to protect Canadians from fake news.

Due to the limited time, I was unable to tell the audience about the things I enjoyed most in Canada. I love to enter libraries in between my long walks (then, if I feel lazy to walk back home, I simply take the bus using my senior-bus-pass). I can read from a wide array of books and magazines, to include my favorite magazine “Wired,” all for free. I sometimes take pictures of the pages to continue my reading back home. However, later, I discovered that there is a phone app called Libby where I can borrow eBooks and audiobooks online for 21 days, then listen to audiobooks during my lengthy walks. Let me share, the cybersecurity books I came across that you might be interested to read:

1) The Two Michaels (Blanchfield and Hampson, 2021) is about Canadian captives and high-stake espionage in the US-China cyber war. An audio book read by Miles Meili.

2) The Digital Silk Road: China’s Quest to Wire the World and Win the Future (Hillman, 2021) is about what the title says.

3) The Ransomware Hunting Team: A Band of Misfits Improbable Crusade to Save the World from Cybercrime (Dudley and Golden, 2022) is a real-life technological thriller about these misfits taking on the biggest cybersecurity threats – ransomware. The misfits created a website to ID the ransomeware. They even offered solutions, for free, without the need to pay the ransom. Better, read the book!

4) Cyber Mercenaries: The State, Hackers, and Power (Maurer, 2017) is the secretive relationships between states and hackers, that I included in my lecture.

Bringing the Fight from Cyber to Kinetic:

The Philippines suffered a lot of network breaches last year. The Philippine ambassador to the US, Babe Romualdez, complained about our eroding cybersecurity situation. I do not need to expound and enumerate them. You all know the incidents. What DICT did was to encourage the hacking victims in hardening on their critical infrastructures. The confrontation remained in cyberspace. Nobody ran after the cyber criminals – they are free to do their next crime.

In the AFP Day last December, General Brawner is promising to create the Cyber Command. With the creation of the Cyber Command, I expect them to bring the confrontation from cyber to kinetic. By “Kinetic”, I mean any actions outside cyberspace – pinpoint location of hackers and Identify Advance Persistent Threats (APTs) through the intelligence assets and networks of the AFP. The role of Cyber Command must be beyond data breach. It includes: counter intelligence on cyber recruitment of radicals and combatants (just what happened in Marawi – there were foreign jihads monitored at the dark web), cyber espionage, cybercrimes, hacktivism and cyber terrorism that may involve damage to properties and loss of lives, through hacking of: electrical gridlines, air traffic control, drinking water, financial systems, stock markets, hospitals, GPS, HVAC, electric cars and other Internet of Things (IOTs) – anything hackable! So, in the latest   National Security Policy Framework of the country, under the paragraph: Defense and Military Security, the document states cyberspace as part of our sovereignty and territorial integrity to be protected and defended by the AFP.

Cyber criminals must now be warned that there will be a military unit that will be neutralizing them and stop them at their tracks…

The Cyber Mercenary:

I tend to believe what the author wrote. Tim Maurer served as the adviser of President Biden at Homeland Security.

Some countries, instead of putting up their cyber commands, they employ cyber mercenaries. The head of country can easily disavow knowledge about them when accused of a state-sponsored hacking; and the cyber mercenaries do not have to be inside the country; and when pursued, they can just move to another country.

For offensive cyber operations, these nations deemed it is better for them to outsource and utilize third party groups, cyber mercenaries. Maintaining own cyber team is costly. The cyber mercenaries have the expertise. They can attack without being seen and act with impunity, the freedom from punishments. These private criminally financed industry can be self-funding, even bringing in money to the host country. Cyber mercenaries are also offering their services to private corporations in business wars.

Cyber mercenaries will be the worst nemesis in cyber that can create the greatest havoc with hybrid result…

In Closing:

I’m glad there are many coalition groups wishing for a cyber-safe environment, foremost of them is Cybersecurity Tech Accord, which is composed of 144 global companies e.g. Palo Alto Networks, Fortinet, Cisco, CrowdStrike, IBM, Microsoft and the rest – joining forces to protect and empower users online and improve security. I told the moderator, Ely Tingson of Kroll, to let their company join the coalition.

In essence, as I simply understand their accord, it means no members of the coalition will abet or let their products be used by hackers in committing crimes …

Cybersecurity is not simply reacting to threats but it is about shaping creative and sustainable combinations of technological and social responses which include capturing cyber criminals. With such set-up, we can build better confidence, better transparency, better cooperation and ultimately a cyber-safe population.