Risk of Insider Threats Amidst Growing Concerns Over Foreign Espionage and Malign Influence in the Philippines

Since 2020, risks of foreign espionage and malign influence in the Philippines began drawing national attention, sparking renewed efforts to strengthen the current anti-espionage capabilities of the country.

To date, the Commonwealth Act No. 616, enacted in 1941, sets the legal framework for the prosecution of espionage. Many national security experts and lawmakers have criticized the law’s limitations and narrow scope; the current law is designed to be in effect only during times of war and focuses strictly on the protection of national defense and military-related information. The current law fails to address peacetime infiltration, covert operations, and the intelligence gathering of economic, diplomatic, or strategic policy information, which alleged spies for China have targeted in the Philippines in recent years. 

Since these discussions, some national security proponents have been pushing the passage of two bills on this matter: the amendments to the Anti-Espionage Act, which updates the current anti-espionage legislation to fit the current needs and trends; and the Anti-Foreign Malign Influence and Interference bill, which seeks to impose sanctions on covert operations and create mechanisms to counter social media disinformation. 

Alleged Chinese espionage operations have been reported in several parts of the world, notably in the US and Europe, where they have targeted government institutions, academic bodies, and key technology players in the private sector. These operations utilized a range of methods for intelligence gathering, including cyber penetration, electronic and physical surveillance, and human intelligence which involves the recruitment of local insiders. 

Private companies are increasingly becoming a target for foreign intelligence recruitment and malign interference as intelligence networks move away from traditional government targets. In the Philippines, private companies can be a conduit for sensitive information on national critical infrastructure - particularly telecommunications and power - as these entities are mostly managed by these firms. Publicly-known Chinese espionage attempts have utilized electronic surveillance and human intelligence to gather information on Philippine critical infrastructure. Private companies have also been utilized by some foreign intelligence networks as a mouthpiece to spread foreign agenda and shift public opinion to policies which are counter intuitive to strategic national interest.

The Center for Information Resilience and Integrity Studies (CIRIS), a local think-tank, discusses in its report how foreign intelligence recruitment works and how the private sector can protect themselves and their employees from these acts. 

For companies, the CIRIS recommends: 

• Foster insider-threat awareness in employee training and onboarding processes: This awareness campaign should include steps on how to identify suspicious approaches of malicious actors and escalating requests for information. 
• Establish strict access controls for all sensitive data and systems: Strong discipline and security-oriented culture should be in place for handling company information at all classifications, from public information to highly classified data. 
• Provide secure and confidential channels for both formal reporting and informal workplace communications: These communication channels could be a trusted supervisor, the company’s security officer, or national authorities like the National Security Council (NSC). Standard operating procedures should be in place if company information is found to be compromised.