Cyberattack on PHL military exposes urgent need for digital sovereignty

By Francis Allan L. Angelo

A recent cyberattack on the Philippine military by a Chinese state-linked Advanced Persistent Threat (APT) group has triggered renewed calls for stronger digital sovereignty and cybersecurity reforms across the country.

The breach, which reportedly involved the use of sophisticated malware to infiltrate military systems, highlights growing concerns about the Philippines’ vulnerability to foreign cyber espionage.

Bret Cunningham, Chief Product Officer at Zimbra, said the incident is more than just a technical failure — it is a wake-up call to treat cybersecurity as national security.

“Beyond the breach, this event highlights the urgent need for a ‘cloud-smart’ strategy in the Philippines to secure national data and critical infrastructure,” Cunningham said.

He emphasized that digital security is now deeply intertwined with national sovereignty, particularly as more government functions move to digital platforms.

“The Philippines must recognize that digital security is deeply tied to digital sovereignty,” he said.

“Keeping sensitive communications within Philippine jurisdiction allows agencies to better protect their data and respond faster to cyber incidents.”

The attack has also reignited debate over the country’s continued dependence on foreign technology vendors and the risks that come with housing sensitive data on global cloud platforms.

Cunningham noted that local data control minimizes exposure to cross-border threats and places accountability under Philippine law.

“This ensures that Philippine data remains under Philippine law, with accountability anchored in the local regulatory system,” he said.

The Department of Information and Communications Technology (DICT) and the Bangko Sentral ng Pilipinas have previously stressed the importance of localized infrastructure to safeguard against external threats.

According to Cunningham, conventional security measures — such as antivirus programs and firewalls — are no longer adequate to counter advanced cyberattacks launched by state-sponsored groups.

“Traditional security is designed to stop known threats at the perimeter,” he explained.

“State-sponsored attacks bypass those defenses, using stolen credentials and social engineering to enter through legitimate access points.”

He argued that the Philippines must shift from perimeter-focused defenses to a continuous system of detection, response, and internal controls.

One of the most promising strategies, he said, is the adoption of “open-core” technology — systems built on open standards that promote transparency and allow for independent code auditing.

“Open-core technology allows organizations to examine and verify the integrity of their systems,” Cunningham said.

“With proprietary, closed-source platforms, users must take the vendor’s word on security claims.”

He added that open-core systems deployed on private or local cloud infrastructure grant organizations sovereign control over their data — a critical defense against espionage and data exfiltration.

Cunningham also pointed out that such control supports compliance with the Philippines’ Data Privacy Act, which mandates strict data protection for personal and classified information.

He distinguished between the widely adopted “cloud-first” policy and the more selective “cloud-smart” approach, which he recommends for government and regulated sectors.

“Cloud-first is a blanket policy that pushes everything to the public cloud, often ignoring regulatory needs,” he said.

“Cloud-smart is strategic. It keeps sensitive data on secure local infrastructure while using public cloud services for less-sensitive functions.”

A hybrid model, combining public cloud flexibility with private infrastructure for mission-critical workloads, allows agencies to strike a balance between agility, cost savings, and legal compliance.

Cunningham outlined three practical steps for Philippine government agencies aiming to gain sovereign data control.

“First, perform a data classification audit to identify mission-critical and regulated data,” he said.

“Second, ensure that new communication and collaboration platforms can be deployed on-premises or within the country.”

“Third, start migrating to open-standard platforms that can integrate securely with existing audited systems.”

He acknowledged that moving to sovereign cloud platforms may require effort and investment but said the trade-offs have diminished significantly.

“The perception that local deployment means sacrificing advanced features is outdated,” Cunningham said.

“Today, platforms like Zimbra offer sovereign data solutions with enterprise-grade tools such as Two-Factor Authentication (2FA) and S/MIME encryption.”

Cunningham emphasized that digital independence goes beyond infrastructure ownership — it is about full visibility, control, and assurance over data access.

“True digital independence is not just about owning infrastructure,” he said.

“It’s about having full visibility, control, and assurance that your data cannot be accessed without your authority.”

He warned that continued reliance on foreign-controlled systems exposes the Philippines to undue influence and security risks, especially as cyber espionage grows more sophisticated.

“This is no longer about if the Philippines will be targeted, but when,” he said.

“Building cybersecurity resilience must become a national priority supported by sustained policy, funding, and education.”

Cunningham said email security must be prioritized, as email remains the most common entry point for phishing and business email compromise (BEC) attacks.

DICT data shows the Philippines recorded over 1,000 cybersecurity incidents in 2024, including data breaches that hit both public and private sectors.

According to Kaspersky’s 2025 report, the Philippines ranks among the top 10 countries most targeted by cyberattacks globally.

Cunningham explained that while technical defenses are necessary, a deeper mindset shift is required to treat email and communication platforms as national infrastructure.

“Five years from now, success will mean that critical communication systems — like email and collaboration platforms — are viewed as national infrastructure, not just convenience tools,” he said.

He said the Philippines must build a trusted digital ecosystem based on transparency, local data residency, and adherence to open standards.

“This foundational resilience will allow the Philippines to lead with confidence in the digital economy, ensuring that its data, systems, and citizens remain secure from both internal and external threats,” he said.

Cunningham concluded that the latest military breach must serve as a turning point for the country to abandon outdated security models in favor of more resilient, sovereignty-driven solutions.

“Cybersecurity is now national security,” he said.

“Every system we depend on — from government networks to financial services — is part of our critical infrastructure. Securing them means protecting our sovereignty.”

As the Philippines accelerates its digital transformation, experts agree that embedding transparency and sovereign control in cybersecurity policies will be essential to earning public trust and ensuring national resilience in a volatile cyber landscape.