The Computer Emergency Response Program shall be composed of the National CERT, Government CERTs, and the Sectoral CERTs. The National CERT is the highest body for cybersecurity-related activities. All CERTs, Government CERTS, Sectoral (or Private) CERTs, as well as organizational CERTs shall coordinate and report incidences to the National CERT. The CERTs all over the country shall also conduct real-time coordination with CICC as provisioned in the law.
I. National Computer Emergency Response Team (NCERT) (CERT-PH)
II. Government Computer Emergency Response Team (GCERT)
III. Sectoral Computer Emergency Response Team (Sectoral and Private CERT)
IV. Organizational Computer Emergency Response Team (Organization Level CERT)
Apart from establishing the hierarchy of CERT in the country, the governance structure shall be clearly defined to make the implementation of the NCSP efficient and the monitoring of its progress and milestones more effective to ensure that the plan shall be on target with its objectives until 2022
CERT-PH Core Sections
National Computer Emergency Response Team (NCERT) is a division under the Cybersecurity Bureau of the Department of Information and Communications Technology. NCERT is responsible for receiving, reviewing, and responding to computer security incident reports and activities. This division will also ensure that systematic information gathering/dissemination, coordination, and collaboration among stakeholders, especially computer emergency response teams, are maintained to mitigate information security threats and cybersecurity risks.
The CERT-PH consist of four major sections:
A. Security Operations Center Section
- Administers the operations of the Cybersecurity Management System Project (CMSP);
- Conducts regular network monitoring security testing, source code analysis, vulnerability and risk management, and escalation and resolution of cybersecurity related incidents;
- Monitors the system for possible information security threats and injects countermeasures and remedy.
B. Digital Forensics Section
- Conduct Vulnerability Assessment and penetration testing to Government Agencies;
- Provide technical details and analysis of discovered vulnerabilities and criticality to systems owner;
- Examine and evaluate web and network assets to identify security deficiencies.
C. Incident Response Section
- Respond to Cybersecurity incidents reported to the Bureau (internal and external to the Department);
- Monitor the implementation of the information security incident response plan to ensure that detected and reported incidents are given appropriate immediate action;
- Develop well-structured process for handling and managing information security events and enabling tools, methodologies and practices.
D. Cyber Threat Monitoring and Information Sharing Section
- Collect and analyze data from publicly available sources and feeds regarding cyber threats;
- Collaborate with international and local communities and organization on existing and new threats in cyberspace;
- Develop effective implementation approach on monitoring and information sharing of cyber security incidents.