close
close

US-PH cybersecurity cooperation not safe – Pinoy Weekly

US-PH cybersecurity cooperation not safe – Pinoy Weekly

A series of terrorist attacks in Lebanon on September 17 and 18, targeting various communications equipment such as pagers and walkie-talkies, led to multiple explosions.

United Nations (UN) High Commissioner Volker Turk said, “The explosion of pagers, two-way radios and other electronic devices reportedly killed at least 37 people, including two children, injured 3,400 people and left many permanently disabled in Lebanon alone.” . The Declaration of Human Rights was presented at the UN Security Council on 20 September.

Türk said, “An independent, comprehensive and transparent investigation should be conducted into the circumstances of these mass explosions, and those who ordered and carried out such an attack should be held accountable.”

There are currently two widely discussed explanations for the explosions. The first suggests that explosive materials were planted in communications devices. The second suggests that cyberattacks cause batteries to overheat and explode. Both scenarios are equally scary.

Incidents of large-scale, indiscriminate attacks using civilian electronic equipment have raised concerns among the public about the security of this equipment. As a country that has been fighting terrorism for a long time, we feel the pain even more deeply.

There have been many terrorist attacks in our country recently: in December 2023, four people were killed and many injured in a bomb attack at the gymnasium of Mindanao State University, and in March, the military was attacked by militants in Maguindanao del Sur. The way communication devices are detonated may lead other terrorist organizations to adopt similar tactics, thus endangering the security of our country and our citizens.

I would also like to point out that the Microsoft “Blue Screen” incident that occurred in July caused a nationwide computer outage, significantly affecting the operations of various institutions, including governments, banks, and airlines, as well as disrupting the daily lives of citizens. Both incidents highlighted vulnerabilities associated with security issues in the Internet age. The network has become a critical infrastructure in modern society, and when cybersecurity is threatened it can impact many aspects of the country and communities.

Our country’s independent research and development capacity on cyber security is relatively weak. Most of the equipment, technology, and network systems used by individuals, the government, and the military are sourced from the United States (US). This reliance creates vulnerabilities due to the singular protection of equipment and technology, resulting in poor comprehensive prevention capability. Continued cybersecurity cooperation between the Philippines and the United States will further deepen our dependence and strengthen control over our cybersecurity systems.

The United States has proposed four paths for cooperation in this area. The first involves the supply of cybersecurity equipment, systems and software. The United States has provided us with various cyber systems and equipment, and American network platforms are also available to our government.

The latter involves the provision of security technology and related training. The United States provides targeted technical assistance in telecommunications and radio communications, core network infrastructure, undersea cables, and other areas, and provides security training to our officials and technical personnel.

The third involves performing “security checks” on our government network system. The US is deploying devices into our government network systems to perform a comprehensive reconnaissance check for malware on the system.

The latter involves leading our government to cooperate with U.S. security companies. The US government recommends that we contact US security companies to discuss cooperation.

It seems that the above assistance will help improve our cybersecurity capabilities, but in fact our cybersecurity will be deeply controlled by the United States, bringing us major security risks. First of all, the USA can obtain our data through equipment and systems. We use US-supplied platforms and equipment, so network traffic must pass through the American gateway. And the US has a lot of data on military intelligence, government secret data, personal privacy, etc. It is fully capable of decrypting traffic to obtain all data such as

If the United States gains control over our national cybersecurity system, it will have significant authority over our military deployments and covert operations, posing serious security risks.

In addition, the explosion of communication equipment in Lebanon is a serious warning. If the United States monitors our network equipment, it could compromise the safety of both citizens and government officials by facilitating cyberattacks that result in catastrophic equipment failures and explosions.

Moreover, our national protection measures are inadequate compared to the USA. USA provides network security technology and training to our staff, allowing them to gain insight into the current state of our security technologies during the communication and guidance process. Ultimately, this means that the United States is well informed about our cybersecurity capabilities, undermining the effectiveness of our network protection efforts. After all, our security measures may be little more than a false set of measures.

Additionally, the United States will have a comprehensive understanding of cybersecurity trends across our systems. The US deploys equipment into our government intranet infrastructure to analyze and monitor malware by blocking intranet traffic. This approach not only allows the collection of malware information but also provides access to various types of data from all intranet users.

Once the US gains access to our intranet, it effectively leaves a “back door” for long-term monitoring; This means giving up important intranet privileges to the United States. Moreover, in recent years, the United States has faced numerous revelations regarding intranet surveillance activities, including the “PRISM” project that tracks online actions and user information abroad.

Last but not least, US companies work with the US government to monitor equipment. Similar to Microsoft’s “Blue Screen” policy, security companies have extremely high powers. American companies can completely control computers or other devices containing security software by directly updating the software.

In 2023, the Director of the Federal Bureau of Investigation stated at the “mWISE Cybersecurity Conference” that private organizations that cooperate in security with law enforcement may have US government access to equipment data containing software information. And the US government has the capability to intrude into the network using software that can directly compromise a device’s battery system, potentially causing the device to explode. This raises concerns that the scope of government influence in cybersecurity practices is expanding.

Relying on strengthened cybersecurity cooperation with the United States to improve our cybersecurity infrastructure is questionable as it may deepen our dependence on the United States. The United States may have access to our sensitive data through control of operating systems, electronic devices, and security software, which may raise concerns about our data sovereignty and security.

If we do not comply with the US, they will sanction and control us with systems and devices, disrupting human-operated computers or carrying out a cyber attack that will cause the battery to explode, and the result will be unthinkable.

We must increase the autonomy and independence of our cybersecurity efforts by encouraging the growth of national network technology companies and advancing technological development. This includes reducing our dependence on foreign technology in critical areas and strengthening the resilience of our core infrastructure against potential risks.

We must implement diversified systems, technologies, and software to avoid the systemic risks of a single technical path, and also develop contingency plans to prevent the development of national cybersecurity from being at the mercy of the United States.