Exploring the cyber factor in the US-Philippines Alliance
In true Duterte fashion, the Philippines once again decided to suspend the countdown to cancel the Visiting Forces Agreement (VFA) for another six months. According to Philippine Foreign Affairs Secretary Teodoro Locsin and the Philippine Ambassador to the US Jose Manuel Romualdez, President Duterte extended the suspension of the VFA for another six months which was due to expire in August 2021—the third time the mercurial Duterte asked for an extension to review the VFA after sending the notice of termination last February 2020.
Duterte’s latest request for another stopgap is expected. COVID-19 has left the Philippines devastated, crashing its economy into a historic recession. Due to the pandemic, the ongoing defense modernization of the Armed Forces of the Philippines was also extremely affected as the government realigned its budget to prioritize its pandemic response.
Despite Duterte’s perceived warmer ties with Beijing, the Sino-Philippine relations has also started to deteriorate. China’s relentless provocation and militarization in the South China Sea, unfulfilled loans and investments set against a global public health crisis started to buoy the idea that a bilateral approach is not working in the Philippines’ favor. Removing the glue that binds the US and the Philippines military cooperation at a time of heightened geopolitical tensions in the South China Sea and the region as whole can leave the country highly vulnerable.
The extension of the cooling off period before the VFA’s formal cancellation comes at the heels of the 75th anniversary of the US-Philippines alliance. Although President Biden did not include the Philippines at his interim national security strategy last March, the US and Philippine officials are reportedly in talks since the first 180 day reprieve period was set.
As the US State Department and the Philippine Department of Foreign Affairs engage in consultation regarding the extension of the VFA abrogation in such a commemorative occasion, it is critical to reflect on the contemporary challenges in the ever-changing security environment. Discussions should be oriented towards how much the strategic landscape has changed for more than half a century ago and especially consider the re-emergence of a more assertive China. Such framing will alter the calculations of both parties, consequently ushering a deeper examination on why the alliance is worth upgrading, let alone keeping.
The alliance achieved modest results in areas such as counterterrorism, but dealing with the maritime security remains a contentious issue. Nevertheless, emerging areas like cybersecurity is rapidly becoming a shared strategic concern for both countries. Bolstering the cybersecurity partnership between the US and the Philippines can provide a new opportunity to deepen collaboration between the US and the Philippines, and strengthen the alliance that has undergone a dramatic “review-rescind-resuscitate” cycle. To this end, three cyber policy recommendations are proposed:
First, instituting a formal US-Philippines cybersecurity cooperation. The time is ripe for such formal arrangement to be inked from the fallout of the Solar Winds attack. The suspected Russian hacking further illustrates how the spillover effects of cyber operations are difficult to contain due to its transboundary nature. Likewise, the Philippines is no stranger to state-sponsored cyberattack as evinced during the Bangladesh Bank Heist in 2014 as well as the persistent Chinese cyber espionage activities in relation to the South China Sea. Through a formal mechanism, the two allies can explore specific and targeted range of activities to protect Critical National Infrastructures (CNIs). These initiatives include incident response coordination, joint cybersecurity exercises, and sharing of best practices and threat information between their respective National Computer Emergency Response Team. The US Cyber Command can engage the newly formed AFP Cyber Group through capacity-building to secure military networks and related communications systems.
Second, streamlining a cybersecurity accreditation and certification framework. As the Philippine military continue to leverage private sector resources to ramp up its cyber capacity be it through commercially available equipment or shared cyber intelligence platform, it must put the appropriate controls to safeguard its own networks and systems. The US Cybersecurity Maturity Model Certification (CMMC) can provide insights for the Philippine army to adopt a cybersecurity risk-management approach. Through a graduated level, a framework like CMMC can enhance the protection of unclassified information flowing between the Philippine military’s networks and external contractors.
Third, strengthening the US-Philippines Joint Cybersecurity Working Group. The private sector exercises a relatively high degree of control and ownership of CNIs. Improving public-private sector collaboration should be a key priority to address legal, policy, and regulatory issues beyond setting up information-sharing channels.
The US-Philippines Joint Cybersecurity Working Group is cross-sectoral platform which enjoins key government agencies and companies to share best practices in protecting Information Technology and Operational Technology as well as the implications of digital transformation.
More than just an informal and ad-hoc venue, it must be elevated as a formal body in the bilateral coordination between the US and the Philippines to facilitate even more meaningful international exchanges. Through the US Department of Homeland Security’s CISA Global Strategy, the Philippine’s Department of Information and Communications Technology can devise collaborative mechanisms with the Joint Cybersecurity Working Group to draft a public- and private-backed plan to discuss current gaps on liability issues, privacy, law enforcement, security, and information sharing.
The ground has shifted on how the Philippines and the US view the alliance. No matter where Manila and Washington currently stand, with the challenges and limitations at hand, it remains certain that cooperation will prevail especially in emerging fields like cybersecurity. What this cooperation will look like remains to be seen. Many of the concerns and convictions that animated the Duterte administration were fueled by emotional outburst, rhetorical bravados, and idiosyncratic ideologies with very little policy deliberations. Opportunities for cooperation are certainly present in the cyber domain. With the US renewed interest to mobilize the international community to advance a more secured cyberspace under the Biden administration, the Philippines as a longtime ally should capitalize on this opportunity to strengthen the alliance. But more than fixating on “key military deals,” the Philippines should first have a cleared-eye assessment of its strategic priorities and what it can offer to the US in exchange for wanting more from the alliance. On the eve of the alliance commemorative 75th anniversary, a carefully calibrated strategic diplomacy supported by concrete lines of engagement should chart the alliance’s next horizon and cybersecurity cooperation offers a good starting point.
Mark Manantan is the resident Lloyd and Lilian Vasey Fellow at Pacific Forum and concurrently a non-resident fellow at the Center for Southeast Asian Studies at National Chengchi University in Taiwan. Views expressed are entirely personal.