QuestionsQuestions (EXECUTIVE ORDER NO. 189)
It is issued by the President pursuant to powers under law, including the continuing authority to reorganize the Office of the President under EO No. 292 (Revised Administrative Code). Its purpose is to create a body to coordinate government agencies and relevant sectors to strengthen cybersecurity capabilities, update security protocols, and address vulnerabilities in light of technological developments and existing laws such as RA 10173 (Data Privacy Act) and RA 10175 (Cybercrime Prevention Act).
It is created under the Office of the President, and is referred to as the “Committee.”
The Committee is chaired by the Executive Secretary, co-chaired by the Director General of the National Security Council (NSC) and the Secretary of the Department of Science and Technology (DOST).
Examples include: Secretary of the Department of Energy (DOE), Secretary of the Department of Finance (DOF), Secretary of the Department of Foreign Affairs (DFA), Secretary of the Department of the Interior and Local Government (DILG), Secretary of the Department of Justice (DOJ), Secretary of the Department of National Defense (DND), Secretary of the Department of Transportation and Communications (DOTC), Secretary/officials from PCDSPO and PCOO, Commissioner of the NTC, Chairman of the National Privacy Commission (NPC), and Executive Director of ATC-PMC. (Any five are acceptable.)
The Committee may invite concerned public and private agencies or entities to participate, complement, and assist in the performance of its functions.
Key functions include: (a) assessing national cybersecurity vulnerabilities; (b) issuing updated security protocols to government employees for handling and distribution of all forms of documents/communications; (c) enhancing public-private partnership for information sharing on cyberattacks/threats/vulnerabilities; (d) conducting strategic planning and workshops to reduce vulnerabilities; (e) directing member and appropriate agencies to implement needed cybersecurity measures; (f) serving as the coordinating arm for domestic/international/transnational cybersecurity efforts; (g) making recommendations/reports as directed by the President; and (h) performing other necessary functions.
They must cover the storage, handling, and distribution of all forms of documents and communications (digital, electronic, “snail mail,” etc.), must follow best practices, and must be updated periodically and as necessary due to rapid developments in ICT.
The NCCC is created to act as the secretariat of the Committee. The Committee provides guidelines for the creation of the NCCC, including suitable ranks of officials that comprise it.
The NCCC contains within it a National Computer Emergency Response Team (NCERT). The head of the NCCC acts as team leader of the NCERT. The NCERT issues guidelines on the handling of government data/information by CERTs organized in agencies and performs oversight and audit functions for compliance with those guidelines.
CERTs are Computer Emergency Response Teams. The EO requires all bureaus, offices, agencies, and instrumentalities of the Government to organize their respective CERTs, subject to guidelines to be issued by the CICC.
All CERTs in the country shall directly report to the CICC (Cybercrime Investigation and Coordinating Center).
Section 5 provides a transfer of administrative/policy supervision: the CICC, attached to the Office of the President under RA 10175, shall be under the administrative and policy supervision of the Committee.
Member agencies may charge necessary amounts against their current appropriations. Additional possible funding sources are to be identified by the DBM, and subsequent funding requirements must be incorporated in the annual budget proposal of the respective agencies through the General Appropriations Act.
If any provision is declared invalid or unconstitutional, the remaining provisions not affected remain valid and subsisting. This helps preserve the effect of the rest of the EO even if part is struck down.
It takes effect immediately upon its publication in a newspaper of general circulation.
It recognizes RA 10173’s mandate to secure sensitive personal information and communications systems and notes RA 10175’s powers regarding formulation/enforcement of a national cybersecurity plan and creation of a national computer emergency response team. EO 189 then operationalizes these concepts through the Committee, NCCC/NCERT, and CERTs, while aligning CICC under the Committee’s supervision.