Mapping Philippine Cyber Defense:
Agency Roles and Responsibilities
Introducing a New Series on Philippine Cyber Defense
As a string of cyberattacks have plagued Filipino government agencies, citizens and policymakers have called upon the government to take more action. This post is the first in a four-part series that examines the key organizations and agencies within the Filipino Government to better understand their current cyber capabilities and illuminate their strengths and weaknesses. This series also examines the state of Philippine–American cyber collaboration and suggests steps to further strengthen this partnership.
In this first post, we examine the cybersecurity structures within the Philippines and highlight important agencies and organizations. In the next post, we will examine cybersecurity information sharing in the Philippines. In the third post, we will discuss current cyber threats and future directions of Philippine cybersecurity. In the fourth and final installment, we will conclude with potential avenues for American and Filipino cyber cooperation and partnership.
The Philippines Cyber Defense System
The Philippines has a multifaceted cybersecurity system designed to protect the country in four strategic areas: policy and technological control, national security, cybercrime, and socio-economic prosperity. Overall, this structure emphasizes collaboration, coordination, and specialization among agencies to address cybersecurity challenges in the Philippines.
The system involves seven major players. The Philippine Department of Information and Communications Technology (DICT) is the leading agency for developing and implementing national cybersecurity policies and strategies. DICT is the key agency for the Philippines in domestic systems defense in cyberspace. The main agencies in charge of law enforcement and investigation in cyberspace are the Philippine National Police Anti-Cybercrime Group (PNP-ACG) and National Bureau of Investigation Cybercrime Division (NBI-CCD). The Armed Forces of the Philippines Cyber Command (AFPCyCom) leads military cyber operations and defense. The National Cyber Intelligence Network (NCIN) is the central intelligence agency for cyberspace in the Philippines. The DICT is also the primary agency for international coordination & engagement in cyberspace, but often collaborates with the Department of Justice Office of Cybercrime (DOJ-OOC) and the NBI-CCD.
This post will proceed by describing each of these organizations and their role in the Philippine cyber defense system.
Department of Information and Communications Technology
The Department of Information and Communications Technology (DICT) is the central “policy, planning, coordinating, implementing, and administrative entity” of the Philippine information and communication technology infrastructure and the main agency in charge of the country’s cybersecurity policy. Formed in 2016, this agency replaced the Commission on Information and Communications Technology and centralized other agencies that dealt with information and communication technology. As an executive department within the Philippine government, DICT is headed by a Secretary that is appointed by the President of the Philippines. It has multiple Undersecretaries and Assistant Secretaries in charge of various administrative arenas.
There are three agencies attached to DICT to improve program and policy coordination. In the Philippine government, an attached agency refers to an organization that operates independently but is linked to a specific department for administrative supervision and coordination. The “attachment” allows the agency to benefit from the department’s support and oversight while maintaining a certain level of autonomy in fulfilling its specific mandate.
These agencies are:
National Telecommunications Commission. This is the primary agency in charge of managing and overseeing the various telecommunication services, including television and radio networks.
National Privacy Commission. This is the primary authority in data protection and privacy. It is tasked with monitoring and ensuring compliance of international standards of data protection and privacy through policy.
Cybercrime Investigation and Coordination Center. This agency is tasked with all matters regarding cybersecurity for the Philippines. Its main tasks includes aiding in the creation of the National Cybersecurity Plan, providing real-time cybercrime assistance and suppression, facilitating international cooperation, and coordinating information sharing across agencies in all matters related to cybersecurity.
DICT also houses the Cybersecurity Bureau. A bureau is a subordinate unit within a department, responsible for implementing specialized functions, programs, or services aligned with the broader goals of the department. Bureaus are directly under the supervision and control of the department they belong to, unlike attached agencies, which operate with more autonomy. The Cybersecurity Bureau operates two cybersecurity divisions — the National Computer Emergency Response Team and the National Security Operations Center — that focus on actively monitoring and responding to cyber threats. The National Computer Emergency Response Team focuses only on cyber incident response and investigation, while the National Security Operations Center focuses on monitoring critical assets in cyberspace and assessing government agencies' cybersecurity postures. The two divisions run constantly, monitoring and responding to Philippine cyberspace incidents.
Philippine National Police Anti-Cybercrime Group
On February 27, 2013, the Philippine National Police created the Anti-Cybercrime Group (PNP-ACG) as a National Operational Support Unit with the primary responsibility of implementing Philippine cybercrime laws and pushing an anti-cybercrime campaign of the Philippine National Police. The PNP-ACG’s parent agency is the Department of the Interior and Local Government. Their capabilities include cyber response, cybersecurity, and digital forensics. The PNP-ACG consists of three administrative staff positions that direct, supervise, and control PNP-ACG activities. Additionally, there are four operational divisions:
Administrative & Resource Management Division. This division supervises, plans, and coordinates all administrative and logistical activities of the group.
Investigation Management Division. The division handles the formulation of strategies and policies regarding intelligence operations and investigations of the PNP-ACG. They also monitor all cybercrime cases and maintain the PNP-ACG database.
Cyber Security Unit. The Cybersecurity Unit primarily conducts studies and research on cybersecurity capabilities of the PNP-ACG. Their research aims to provide insight into upgrading cybersecurity capabilities and recommend policy amendments to combat cybercrime.
Anti-Cybercrime Field Units. These units conduct anti-cybercrime and cybersecurity intelligence, activities, operations and investigations at the regional level. They also implement orders, directives, and programs of the PNP-ACG and submit periodic cybercrime reports and case monitoring of their region. There are 16 known field units spread throughout the Philippines.[ii]
The PNP-ACG primary handles domestic cybercrime cases, including hacking, cyber fraud, cyberbullying, and cyberterrorism. They focus on operational enforcement and immediate response to cybercrime incidents affecting public safety. The PNP-ACG complements other agencies by focusing on immediate action and maintaining order in the domestic digital environment.
National Bureau of Investigation Cybercrime Division
The National Bureau of Investigation's Cybercrime Division (NBI-CCD) is a key organization in the investigation and detection of cybercrimes—listed under the Cybercrime Prevention Act of 2012—within the Philippines. The NBI-CCD’s parent agency is the Philippine Department of Justice. The primary mission of the NBI-CCD is to investigate, prevent, and assist in the prosecution of cybercrime cases. This includes addressing complex and transnational cybercrimes that threaten public safety, national security, and the integrity of digital systems.
The NBI-CCD primarily focuses on complex cases in cybercrimes requiring advanced technical and investigative skills. Its mandate often extends to addressing international or cross-border cybercrimes, differentiating it from other agencies like the PNP-ACG, which primarily focuses on domestic cases.
There are multiple regional and district level offices around the country monitoring cybercrimes. Within the NBI-CCD is the Cyber Investigation and Assessment Center, which serves as the focal point for data on cybercrime cases, computer intrusion, threats, and other related crimes or activities. Besides monitoring and investigations, they also hold educational seminars and training for citizens.
The NBI-CCD’s is the Philippines’ lead investigative body for cybercrime, focusing on sophisticated, high-profile, and international cases, while providing expertise and support to the DOJ and other law enforcement agencies.
Philippine Department of Justice Office of Cybercrime
The Deparment of Justice's Office of Cybercrime (OOC) was created after the enactment of the Cybercrime Prevention Act of 2012. This act made the OOC the central authority in all matters regarding international mutual assistance and extradition for cybercrimes and cyber-related matters. The OOC is also an important agency in formulating and implementing strategies and investigations to curb cybercrime at the international level. The OOC is the legal cornerstone of the Philippines’ cybercrime framework, responsible for ensuring the prosecution of offenders, strengthening international collaboration, and leading the formulation of policies to address the challenges of cybercrime.
Armed Forces of the Philippines Cyber Command
In October 2023, the Chief of Staff of the Armed Forces of the Philippines, General Romero Brawner, announced the expansion of the Armed Forces of the Philippines Cyber Group into the Cyber Command (AFPCyCom), with vastly more resources and personnel. Its mission is to defend military networks and conduct cyberspace operations to defend the sovereignty of the Philippines in both the physical and cyber domains. The AFPCyCom is the main entity in charge of the defending and securing military systems and networks. Additionally, it assists other agencies in a range of cybersecurity tasks like securing national security systems, gathering intelligence on threat actors, and determining attribution on foreign threats. The figure to the right shows the full mandate of AFPCyCom activities.
Currently, little has been released on the capabilities of the developing AFPCyCom. However, we do know three kinds of cyberspace operations they conduct. The first are Information Network Operations, which consists of designing, building, configuring, securing, maintaining, and sustaining military communications systems and networks. The second are Defensive Cyber Operations, which are actions to protect AFP and other critical information and communication infrastructures. The third are Active Defensive Operations, which are proactive measures against specific threat actors to (1) defend the AFP network and other critical cyber assets and (2) destroy, disrupt, nullify, or reduce the effectiveness of cyber threats.
Conclusion
In this first blog, we examined the Philippines’ cyber defense system and its main actors. The Philippines’ cyber defense framework has grown significantly in response to escalating digital threats, with key agencies like DICT, PNP-ACG, NBI-CCD, and the emerging AFPCyCom leading the charge. These organizations take a collaborative approach to securing the nation’s cyberspace through policy development, law enforcement, and military operations. In the next blog post in this series, we will examine we will examine cybersecurity information sharing in the Philippines.