SECURING the Philippines’s cyber space is highly pivotal in fulfilling the nation’s goal to boost its competitiveness amid the government’s ongoing massive infrastructure projects.
The use of unlicensed software by numerous private organizations in the country over the years has not completely been addressed, however, leaving some of them highly susceptible to cyber attacks that could be detrimental not only to their business, but also to the markets or clients they serve, most especially in the public sector.
“We are looking at an initial list of 5,000 companies in the Philippines where we believe there is a significant gap between the design software they license and their actual usage rates,” BSA | The Software Alliance (BSA) Senior Director Tarun Sawney told the BusinessMirror in an e-mail interview.
In particular, the top executive said these are primarily professional engineering and design providers operating fairly large businesses and serving significant clients.
“Beyond these 5,000 companies there are of course thousands of other firms using unlicensed software,” he said, noting that they include manufacturers and animation studios.
Atty. Cyrus Paul S. Valenzuela, chief of Legal Division of the Optical Media Board (OMB), underscored that the first line of defense against cyber threats is a licensed software.
“The country’s unlicensed software use is an indicator of how exposed we are to cyberattacks, data theft, ransomware and network attacks. This remains a concern in the Philippines, and it has to be fixed,” he pointed out.
‘Dubious’ role in infra buildup
GIVEN that there are still many engineering and design companies using unlicensed software, it “is quite possible” that some of these are engaged in certain colossal infrastructure initiatives of the government, according to Sawney.
The “Build, Build, Build” (BBB) project is touted as the Duterte administration’s “centerpiece” economic program. Launched in 2017, it was envisioned to spend at least P8.4-trillion worth of new infrastructure projects nationwide, from roads to bridges and airports, among others.
“We do not know which firms are going to win government projects,” he emphasized, when pressed on how certain firms might have been awarded the contracts for some of the BBB projects—with their rigid rules and transparent biddings—if they use illegal software.
“In many procurement processes, companies must make numerous guarantees. And in some of these cases, using licensed software would be among these guarantees. But to systematically audit every company pitching for a project would be beyond the capacity of the government. Instead, it is the duty of the business leaders and shareholders in such companies to ensure they are using licensed software, because this is in the best interests of their business and the best interests of their stakeholders,” he explained.
Risk to public works
USING illicit design and engineering software could have adverse effects on the outcome and timetable of public works, the BSA’s senior officer admitted.
“The risks are serious,” he cautioned of the many possibilities in which security gaps in unlicensed software could have very dire consequences.
“Imagine a design firm engaged in an important infrastructure project that is hacked via a security gap in unlicensed software. And imagine that the hackers demand ransom in order to allow the company to access its computers. In the midst of a big project, how would a design firm react? Would the firm try to piece together designs while lacking the right software to do the job? Would they fall behind schedule—and in the rush to meet deadlines make mistakes?” he pointed out.
Sawney said that this should serve as a stern warning to those who remain unaware of the manifold impacts of using unauthorized design software that may be tied to national infrastructure projects.
“It is simply not worth the risk—and this is why we want to help companies transition from risky unlicensed software to secure licensed software assets. In short, the use of unlicensed software by design companies engaged in infrastructure is fully unsustainable and is a losing proposition for everyone—including the public,” he said.
Protecting the business
ANY company using illegal software is taking a huge risk with their own business and the data that belongs to their customers.
With this in mind, chief executive officers must be on top policing their own businesses, especially now, to ensure their software is fully legal. It will just take only three steps to protect their business.
“First, they should conduct PC [personal computer] audits to ensure that all employees are using only legal software as this forms the first line of defense against cyberattacks,” Sawney said.
“Second, companies should establish internal company policy to prevent employees from using private consumer applications in the work environment as these are often not protected against cyberattacks.
“Third, companies should close gaps in software licensing by purchasing legal software for every purpose that employees could need it and make it available to all employees. Allow requests of specific software,” he said.
Decline of illegals, but…
THROUGH the years, there has been a consistent decline of unlicensed software use in the Philippines.
“But we know there is still a long way to go, especially for those firms using sophisticated design software,” the BSA senior director said of this perennial problem that needs immediate action from both the private and public sectors.
While companies have a national duty to monitor their own behaviors and use only licensed software, he reiterated that the government has also an important role to influence them, most especially those who are noncompliant.
This is by educating business leaders on the importance of using licensed software to protect their business from cyber felons, enforce the law and use procurement regulations, per Sawney.
“Similarly, we encourage the government to require those companies providing services in the infrastructure projects to meet certain standards, which include the use of only licensed software in such projects,” he added.
WITH billions of dollars budgeted for national infrastructure
projects here and the rest of Southeast Asia, BSA launched on July 21 a campaign encouraging engineering and design firms to commit to using only licensed software in the development of roads, bridges, ports and communications infrastructure planned for the years ahead.
This initiative is a continuation of its successful regional Legalize and Protect initiative that kicked off in 2019, helping businesses across the 10 member-states of the Association of Southeast Asian Nations (Asean) to install licensed, cyber-secure software on nearly one million PCs.
“It would be a tremendous sign of strength to have the next generation of infrastructure projects in Southeast Asia built with software that is fully enabled, highly productive, secure and licensed,” said Sawney. “BSA wants to help the Asean region’s leading design and engineering firms to make the transition away from the risks of unlicensed software to fully licensed software that can actually unlock potential of the region’s leading designers.”
The leading advocate for the global software industry is working with software company Autodesk Inc. for this campaign. It plans to conduct outreach to 20,000 engineering and design firms across the region, including 5,000 in the Philippines, 5,000 in Indonesia, 5,000 in Malaysia, and 5,000 in Thailand.
“Our goal is to try and ensure that every company working on important infrastructure projects takes time to audit its software assets and to confirm its licensing agreements are current—in particular for design and engineering software required for large-scale projects,” he shared.
Directly communicating with the target firms, the BSA now offers free consultations and advisory services on conducting audits for private-sector enterprises that seek counsel on the software licensing process. For companies that would like to learn more about software licensing, it encourages executives to conduct internal audits to identify potential licensed gaps inside their companies.
As part of the campaign, BSA is also collaborating with government agencies across the region to support the campaign and further encourage the private sector to exclusively use licensed software. This includes the OMB in the Philippines; the Ministry of Communication and Informatics in Indonesia; the Ministry of Domestic Trade and Consumer Affairs in Malaysia; and the Royal Thai Police, Economic Crime Suppression Division in Thailand.
“BSA’s effort to help companies on their journey to following national laws is crucial and we strongly support BSA to make our national cyber space more secure,” said Valenzuela.
Per the BSA estimates, there are still more than 100,000 design and engineering companies using unlicensed software in Southeast Asia. Nearly every week in the region, a private-sector engineering, architecture or design firm is fined and penalized for using unlicensed software. As such, its campaign is designed to inform business leaders about the risks of unlicensed software and the benefits of using legal design software.
“It’s clear that Southeast Asia’s leading engineers and designers want to use fully licensed design software because it makes them more productive and keeps their PCs secure from attack. The challenge is that not enough business leaders at these firms are willing to make the necessary investment,” Sawney stressed.
Images courtesy of Petrovv | Dreamstime.com and BSA | The Software Alliance