DoST advises govt websites' system administrators to review web security

Tweet

InterAksyon.com
The online news portal of TV5

MANILA, Philippines - The Department of Science and Technology (DoST) has advised system administrators of government websites to review the security of their respective websites to ensure that homepage defacements do not happen in the future.

In a statement, DoST said the website of Philippine Atmospheric, Geophysical and Astronomical Services Administration (PAGASA) was vandalized by hackers of still undetermined origin. The weather bureau’s system administrators had the website back online three hours later.

The websites of Philippines News Agency (PNA), University of the Philippines (UP), and the Department of Budget and Management (DBM) were also defaced by hackers suspected to be from China.

“The recent defacement of the PAGASA website only illustrates the patent vulnerabilities inherent in some web platforms. We would like to request system administrators of government websites to review their source code for these security flaws. A common vulnerability we have found stems from third party plug-ins used in content management systems (CMS),” said Louis Casambre, Executive Director of the Information and Communications Technology Office of the Department of Science and Technology (DoST-ICTO).

DoST-ICTO is also recommending that government agencies add an extra layer of security to their websites by migrating them to secure server facilities.

”The PAGASA website is hosted on its own web servers as well as those of a third party provider and were not hosted on DoST’s secure servers,” said Casambre.

DoST Secretary Mario G. Montejo said homepage defacements are nothing new to government websites, as it happens around the globe. “Government websites are potential high-profile targets for local and foreign hackers. Thus, government system administrators must take the extra effort to ensure that their servers are safe from cyber vandalism," he said.

The DoST-ICTO was tasked to oversee department's internal efforts on website security. "We have taken definitive action to migrate all DoST websites to secure server facilities when these defacements started almost three weeks ago. It is unfortunate, however, that the PAGASA website was hacked so soon. In light of this new development, we are looking at accelerating our ongoing effort," said Casambre.

Follow @interaksyon