Watchdogs and government agencies recommended that the Electoral Commission (Comelec) devise a mechanism that would make it easier to notify the electoral body of potential hacking incidents.
This happened during a Manila-Bulletin report of an alleged data leak in Comelec’s servers, in which hackers allegedly stole 60 gigabytes worth of confidential election data. The polling panel has since disputed the claims made in that story.
On Tuesday, January 18, the Comelec met with the Cybercrime Investigation and Coordinating Center (CICC) to Notice Report.
Law enforcement agencies and regulators, the National Citizens’ Movement for Free Elections (Namfrel) and the Parish Pastoral Council for Responsible Voting (PPCRV), also participated in the dialogue.
“Various agencies have made recommendations on how to proceed,” said Comelec spokesman James Jimenez in an SMS. “One of the key recommendations was the establishment of an incident reporting system to deal with future data breach reports.”
The creation of an incident reporting system was previously addressed by Namfrel in a statement following the release of Notice‘s Article.
„[The incident response team’s] Primary responsibility includes developing a proactive incident response plan, conducting a vulnerability assessment of Comelec’s technology infrastructure, including the automated voting system, remediating system vulnerabilities, implementing strong information security practices, and handling information security incidents,” Namfrel said Jan. 13.
the NoticeThe technical editor of , Art Samaniego, had previously slammed the Comelec, saying that his team’s eight-paragraph story of Jan. 10 would not have been published if the polling board had returned him with a rejection after he received the forwarded information.
Jimenez denied this, saying the Comelec took time to validate Samaniego’s information and went through the proper channels before issuing a formal response.
“Agreement that there was no hacking”
Samaniego has confessed to his team’s eight-paragraph story, claiming it was based on screenshots and a 44-page PDF, among other things. But the Bulletins Methodology in reviewing the screenshots remains unclear.
The electoral body has now pointed out loopholes in the report, including alleging that the PINs and passwords from vote counting machines were stolen by hackers.
The Comelec has repeatedly said that the data the Notice Claims of being stolen were not yet in the system.
During Tuesday’s meeting, participants agreed that the Comelec servers were not hacked, Jimenez said.
The National Bureau of Investigation previously inspected the Comelec warehouse in Laguna on Saturday, January 15, and said it was “convinced” that there had been no data breach on the Comelec servers.
The National Data Protection Commission is meet virtually mit dem Comelec, Notice, and Samaniego on January 25 to clarify details of the alleged hacking incident.