Creation of National Cybersecurity Committee

The Executive Order is issued under the President’s continuing authority to reorganize offices under Executive Order No. 292 (the Revised Administrative Code of the Philippines) (WHEREAS clause).
The Executive Order grounds cybersecurity needs on:
- Republic Act No. 10173 (the Data Privacy Act of 2012) (WHEREAS clauses), and
- Republic Act No. 10175 (the Cybercrime Prevention Act of 2012) (WHEREAS clause).
The Executive Order directs alignment and updating of prior cybersecurity-related government memoranda referenced in its preamble:
- Memorandum Circulars 78 (s. 1964) and 196 (s. 1968) (WHEREAS clause).

The Executive Order is driven by the constitutional role of communication and information in nation building (WHEREAS clause).
The Executive Order mandates review and update of government practices for handling classified and sensitive electronic information in light of developments in information and communications technology (WHEREAS clause).
The Executive Order seeks to strengthen the nation’s cybersecurity capability by coordinating government agencies and relevant sectors (WHEREAS clause).
The Executive Order targets increasing cyber threats against both government and commercial information systems that create risk to institutions (WHEREAS clause).

A Cybersecurity Inter-Agency Committee is created under the Office of the President, chaired by the Executive Secretary (Section 1).
The Committee is co-chaired by:
- the Director General of the National Security Council (NSC), and
- the Secretary of the Department of Science and Technology (DOST) (Section 1).
The Committee is composed of the following officials (Section 1):
- Secretary of the Department of Energy (DOE);
- Secretary of the Department of Finance (DOF);
- Secretary of the Department of Foreign Affairs (DFA);
- Secretary of the Department of the Interior and Local Government (DILG);
- Secretary of the Department of Justice (DOJ);
- Secretary of the Department of National Defense (DND);
- Secretary of the Department of Transportation and Communications (DOTC);
- Secretary of the Presidential Communications Development and Strategic Planning Office (PCDSPO);
- Secretary of the Presidential Communications Operation Office (PCOO);
- Commissioner of the National Telecommunications Commission (NTC);
- Chairman of the National Privacy Commission (NPC); and
- Executive Director of the Anti-Terrorism Council – Program Management Center (ATC-PMC).
The Committee may invite concerned public and private agencies or entities to participate, complement, and assist in the performance of its functions (Section 1).

The Committee must assess the vulnerabilities of the country’s cybersecurity (Section 2).
The Committee must issue updated security protocols to all government employees on the storage, handling, and distribution of all forms of documents and communications, including digital, electronic, and snail mail, and must update these protocols periodically and as necessary (Section 2).
The Committee must enhance public-private partnership in information sharing involving cyberattacks, threats, and vulnerabilities to cyber threats (Section 2).
The Committee must conduct periodic strategic planning and workshop activities to reduce the country’s vulnerabilities to cyber threats (Section 2).
The Committee must direct its member agencies and appropriate agencies to implement cybersecurity measures as required by the situation (Section 2).
The Committee must serve as the country’s coordinating arm on domestic, international, and transnational efforts pertaining to cybersecurity (Section 2).
The Committee must make recommendations and/or other reports as the President directs from time to time (Section 2).
The Committee must perform other functions necessary to carry out its role (Section 2).

A National Cybersecurity Coordination Center (NCCC) is created to act as the secretariat of the Committee (Section 3).
The NCCC is composed of officials from member agencies of the Committee and other agencies designated by the NCCC (Section 3).
The Committee must provide guidelines for the creation of the NCCC, including the suitable ranks of officials that will comprise the NCCC (Section 3).
The NCCC must constitute within it a National Computer Emergency Response Team (NCERT) with the head of the NCCC as the team leader of the NCERT (Section 3).
The NCERT must issue guidelines on the handling of government data/information by members of CERTs organized within their respective agencies (Section 3).
The NCERT must perform oversight and audit functions for compliance with the guidelines on handling government data/information (Section 3).

All bureaus, offices, agencies, and instrumentalities of the Government must organize their respective Computer Emergency Response Teams (CERTs) subject to guidelines issued by the Cybercrime Investigation and Coordinating Center (CICC) (Section 4).
All CERTs in the country must directly report to the CICC (Section 4).

The CICC, created under the Cybercrime Prevention Act of 2012, is attached to the Office of the President and is placed under the administrative and policy supervision of the Committee (Section 5).

Member agencies are authorized to charge against their current appropriations amounts necessary to implement the Executive Order (Section 6).
Additional funds and possible funding sources necessary for implementation must be identified by the Department of Budget and Management (Section 6).
Subsequent funding requirements must be incorporated in the annual budget proposal of the respective agencies through the General Appropriations Act (Section 6).

If any provision of the Executive Order is declared invalid or unconstitutional, the remaining provisions not affected remain valid and subsisting (Section 7).
All orders, rules, regulations, and issuances or parts thereof inconsistent with the Executive Order are repealed or modified accordingly (Section 8).
The Executive Order takes effect immediately upon its publication in a newspaper of general circulation (Section 9).