Anchored on the theme “Building Cybersecurity Allies: Lifting Nation’s Cyber Response Capacity and Creating a Digitally Prepared Community, the Philippine National Computer Emergency Response Team (CERT-PH) holds its annual National Cyber Drill (NCD) on November 28 – 29, 2022 as part of its initiative to support the Philippine government’s steadfast cybersecurity efforts and programs for the enhancement of the stakeholders’ cyber preparedness and incident response capabilities.

As the CERT-PH eagerly opens its door to the general public, the NCD has effectively enticed the interest of the mass with the virtual attendance of around Six Hundred Twenty Three (623 participants) for the two-day activity. In summary, the participants were composed of 324 representatives from various National Government Agencies (NGAs) and instrumentalities including 43 from their regional counterparts; 18 from the Health Sector; 44 from Local Government Units (LGUs); 79 emanated from the Academes/ State Universities and Colleges (SUCs); 91 from different private organizations as well as numerous entities and individuals of different occupations and background across the country namely 11 freelancers and 13 home-based individuals.

The opening day on November 28, 2022 was purposely carried out featuring a Basic Learning Path that is designed and tailor-made for the beginners or entry-level individuals for their optimal familiarity or awareness. A total of Three Hundred Fifty Six (356) participants have been able to embark on the scenario-based video table top platform that the CERT-PH diligently devised to inculcate the relevance of cybersecurity in this day and age.

Through a creative and multi-faceted approach, the Basic Learning Path allowed the participants to strategically engage themselves in an interactive story-based learning path centered on the existing and emerging cyber incidents in the country. The players’ key role is to choose “what to do next” and see how the characters in the video respond to their decisions. Injected with the imagination of putting themselves in the position of the main character, options for specific outcomes which could result in a good or adverse outcome were presented to the participants. This methodology enabled them to evaluate and develop their decision-making skills, particularly during specific cyber crises, through assessments and branching scenarios.

On the other hand, the second day on November 29, 2022 showcased an Advanced or Extensive Learning Path intended for Intermediate Level and was participated by a total of Two Hundred Sixty Seven (267) individuals. The drill was open and available for anyone to take part in, though it may be most beneficial to those knowledgeable and engaged in the fields of information technology and cybersecurity. In essence, the platform allowed the participants to apply and exercise their incident handling response, and reporting capabilities through the Capture-the-Flag (CTF) format. Participants were able to carry out research, investigation, and analysis of the provided evidence and simulation-based scenarios. This includes determining Indicators-of-Compromise (IOCs), investigating using analysis tools, performing remediation through enhancement of security controls, and preparation of incident reports.

CERT-PH Chief, Engr. George P. Tardio graced the opening of the first day and highlighted that this year’s theme plays a critical role in the pursuit of having a cyber resilient community. While the cases of cyber incidents continue to rise in the 21st century, he further added that “This activity would be instrumental in serving the needs of our stakeholders to be properly equipped with the right combination of knowledge and skills to combat any cyber-attack or incident, be it long-term or emerging ones”.

Cybersecurity Bureau Director Maria Victoria C. Castro meanwhile delivered her opening remarks on the second day of the NCD putting emphasis on this year’s principal objective which is to help assess and improve the participants’ creativity, collaboration, imagination, and capacity to defend against and respond to cybersecurity incidents regardless of their occupations or background in life. “This endeavor is a paramount move towards the thrust of the current administration and Secretary Ivan Uy in transforming the Philippines into an inclusive digitalized nation to generally promote effective and efficient delivery of government service”, she further cited.

To ascertain the effectiveness and efficiency of the overall conduct of NCD, feedback forms were also administered to the participants for both of the learning paths. Consequently, most of the comments and feedback generated have exhibited positive responses from the public commending the platforms as a challenging yet innovative approach to instill the significance of having an optimal familiarity and skills in cybersecurity. Constructive criticisms on the organizer’s side, platform, timeliness and overall conduct of the drill were also mentioned citing some technical difficulties and limitations encountered of having a virtual event that need to be improved, to name a few.

Certain organizations and individuals likewise conveyed their gratitude to the CERT-PH for carrying out an activity like this which could be very advantageous to their agencies, schools, companies or even for self-development and awareness. They even signified their interest to have the platforms or methods emulated or re-echoed to their colleagues so that the beneficial learnings they had been able to acquire from the drill will be further disseminated and shared to more and more stakeholders.

With the ever-increasing threat of cyberattacks nowadays wherein nobody is immune or safe to be a victim, the conduct of NCD has been very timely and relevant since its launching in 2018. The drill has been consistently solid in its goal of reducing the risk of compromising the country’s information security encompassing the integrity and security of the participants and their organizations’ respective assets in the simplest and most effective way. 

The CERT-PH takes pride in involving the stakeholders in an array of undertakings such as the CCID and NCD exercises. To put forward its persistent commitment in collaborating with the stakeholders, the NCD 2022 has been generally well-accepted by the public with its eye primarily set forth in conducting more interactive cyber drills for the succeeding years and building more cyber allies. This is tantamount to the mutual desire of lifting the nations’ cyber response capacity and creating a digitally prepared community in the ensuing years.