DICT: Only 14% of gov't agencies responded to cyber vulnerabilities

On Tuesday, Undersecretary Jeffrey Ian Dy of the Department of Information and Communications Technology (DICT) revealed that only 55 out of 388 government agencies responded to reports about vulnerabilities on their online sites.

During a hearing at the House of Representatives committee on information and communications technology, Dy reported discovering over 30,682 vulnerabilities since Project Sonar began in December 2023, scanning more than 2,000 digital assets across 885 government offices.

Project Sonar is an automated system that scans government ICT systems for security issues without prior permission from agencies and provides vulnerability assessments to manage online platforms.

Of the discovered vulnerabilities, 2,250 were deemed critical, 1,958 high, 8,744 medium, and 17,728 low severity, highlighting a significant cybersecurity challenge.

Dy emphasized the need for responsive action as only a small percentage of agencies have acknowledged or addressed these vulnerabilities, stressing the importance of immediate remediation.

To improve accountability, Dy mentioned discussions with the Department of Budget and Management about incorporating vulnerability response into performance evaluations of government offices.

Going forward, Dy has asked government agencies to assign focal persons who will help deal with DICT findings on their department's digital vulnerabilities.