By John Victor D. Ordoñez and Beatriz Marie D. Cruz, Reporters

THE CHINESE Embassy in Manila on Thursday dispelled allegations of state-sponsored hacking against the Philippines’ Executive branch, calling it groundless.

“China’s position on hacking and cyberattacks is consistent and clear,” it said in a statement. “We firmly oppose and crack down on hacking and cyberattacks in accordance with law, and at the same time we also oppose unjustified labeling, groundless accusations, or smear campaign for geopolitical purposes.”

Chinese state-backed hackers have penetrated the Philippine government’s Executive branch and had stolen sensitive data as part of a years-long campaign, according to Bloomberg News.

“It is worth noting that the report links the hacking to the South China Sea issue and mentions that the United States and others have provided technical support and technology to the Philippines,” the Chinese Embassy said.

“Who is the mastermind behind this hype farce and who is using cyber-issues to stir up the regional situation and seek geopolitical interests? The answer is self-evident,” it added.

Information and Communications Technology Secretary Ivan John E. Uy on Tuesday said “no current information has been compromised” from recent hacking attempts since the agency had detected them early on and secured the system.

“What we have seen so far are old data from many years ago that are being regurgitated, recycled just to make an impression that they were successful in doing so,” he told a news briefing at the presidential palace.

The Philippine National Police (PNP) in July said cybercrimes rose by 21.8% to 4,469 in the first quarter of 2024 from a year earlier.

Ransomware group Medusa in 2023 hacked into the systems of the Philippine Health Insurance Corp. (PhilHealth) and leaked sensitive data, including bank details of about 42 million members when the government refused to pay a $300,000 ransom.

The Philippines and China have been embroiled in repeated spats in the past few years over disputed features within Manila’s exclusive economic zone (EEZ) in the South China Sea.

The Philippines, one of the weakest in the world in terms of military capability, is important to Washington’s efforts to push back against China, which claims the South China Sea almost in its entirety.

The United Nations-backed Permanent Court of Arbitration in the Hague in 2016 voided China’s claim over the waterway for being illegal. Beijing has ignored the ruling.

In 2022, the Philippines only had about 200 cybersecurity professionals compared with 2,000 in Singapore, Mr. Uy earlier said, noting that 80% of Filipino cyber-experts work overseas.

The Department of Information and Communications Technology has identified and addressed more than 20,144 vulnerabilities in state cybersecurity systems last year, DICT Undersecretary David L. Almirol, Jr. told a Senate hearing in October.

“Proposed measures to boost the country’s cybersecurity should ensure regular updates and reviews to keep pace with technological advancements and establish a monitoring body to ensure compliance and effectiveness of the law,” Ronald B. Gustilo, national campaigner for Digital Pinoys, said in a Viber message.

WORKING WITH TAIWANMeanwhile, security analysts said the government of Philippine President Ferdinand R. Marcos, Jr. should beef up its cyber-infrastructure and train more experts as it remains vulnerable to cyberattacks amid geopolitical tensions with China.

“The cyberattacks in Taiwan are real and expected given its proximity and current strategic bullseye with Beijing,” Chester B. Cabalza, founding president of Manila-based think tank International Development and Security Cooperation (IDSC), said in a Facebook Messenger chat. “The Philippines is no exception since we have a strategic problem with China in the West Philippine Sea.”

On Monday, Taiwan’s National Security Bureau said Chinese cyberattacks against its state agencies averaged 2.4 million attacks daily in 2024.

Mr. Cabalza said the Philippines lacks investments in infrastructure, curriculum and specialists to guard its cyberspace against external threats.

“Manila is still lacking in building its cyber-infrastructure, innovative hardware and software, but it has a large pool of talented cyber-specialists.”

He also cited the need to invest more in cyber-curricula and training.

The National Computer Energy Response Team (NCERT) handled 2,855 cyber-incidents last year, a 55.67% increase from a year earlier, according to data obtained by BusinessWorld. The NCERT is a division under the Department of Information and Communications Technology’s (DICT) Cybersecurity bureau.

Project SONAR, a network scanning initiative by the DICT, identified and reported 437,720 vulnerabilities in online assets.

Philippine sectors that have been more vulnerable to various cyber-related incidents include government and emergency services, banking and finance, the military, academe and healthcare, DICT Undersecretary Jeffrey Ian C. Dy told BusinessWorld.

The agency would enhance its incident response capabilities against cyberattacks, he said.

“With the upsurge of ever-evolving cyberthreats and attacks that can impact anyone, anytime and anywhere, it is imperative for the DICT to provide continuous, uninterrupted services to enhance its incident response capabilities, safeguard the Philippine cyberspace and ensure the integrity and security of critical information infrastructure,” Mr. Dy said in a Viber message.

NCERT also engages in continuous information sharing with Taiwan CERT, particularly on suspicious cyber-activities.

“This ongoing exchange of data strengthens the cybersecurity response capabilities of both teams and helps address potential cyberthreats effectively,” he added.