Earlier this year, the Philippine Army put out an unusual call on Facebook, inviting civilian hackers to join its cybersecurity unit. “We have a greater enemy that wants to devour us. Do we want to let them?” Joey Fontiveros, founding commander of the Cyber Battalion, said in a Facebook Reel that has been viewed over 2 million times. “Why not join us?”

The Philippines is among the countries most vulnerable to cyber attacks, with tens of thousands of cyber threats targeting its government agencies, academic institutions, and corporations in recent years. Cyber attacks on the email servers and websites of the Philippine Coast Guard and President Ferdinand Marcos Jr. this year were traced to China, authorities said. China has denied this.

In response to the threats, the Philippine government has adopted a new five-year national cybersecurity plan, formed a defense network with the U.S. and Japan, and asked the military to reinforce the security of its systems. The Cyber Battalion, which was set up in 2020, was initially staffed by soldiers. The army then decided to actively recruit civilians. It targets young IT professionals who may be open to lower wages for greater job security and the pride of working for the nation, Lieutenant Colonel Ariel Alejandro, the Cyber Battalion’s commander, told Rest of World.

Lt. Col. Ariel Alejandro, Commanding Officer of the Philippine Army’s Cyber Battalion, shows a poster summarizing the responsibilities of the Cyber Battalion in his office.
The Cyber Battalion is led by Lieutenant Colonel Ariel Alejandro.

“The cyber practitioners in our military force are very limited. We need a lot more,” Alejandro said. “Our limitation is we cannot afford to offer the same benefits as private and multinational companies. [But] joining the Philippine Army through the Cyber Battalion is a way of helping the country for our young bloods.”

The Cyber Battalion currently has a staff of about 120. The unit has so far hired about 70 civilian experts in their 20s and 30s. Civilian recruits receive months-long training, including the basics of life in the military, such as morning calls, exercise drills, and some weapons training. The viral Facebook Reel, a part of this year’s recruitment drive, drew nearly 5,000 comments and inquiries. Several filed job applications, Alejandro said.

We will recruit cyber warriors … this new breed of warriors does not have to be muscle strong.”

The job itself is “very taxing, very challenging,” said Fontiveros, who is now commander of the Armed Forces of the Philippines Cyber Group, a unit serving the military headquarters. “You look at your monitor without even the nerve to blink because you are seeing all the traffic that’s there,” he said.

It’s a very different kind of job from those in tech, financial services, telecoms, or insurance that Filipino IT graduates generally flock to. The IT industry employs around 1.5 million workers, according to the IT & Business Process Association of the Philippines. Some 850,000 fresh college graduates enter the industry every year; few are trained in cyber threats.

Worldwide, cybercrime cost companies an estimated $8 trillion in 2023, a number that is expected to triple by 2027. Last year in the Philippines, ransomware group Medusa broke into the systems of state insurer PhilHealth and leaked the personal data, including sensitive information such as government IDs and bank account details, of an estimated 42 million members when the government refused to pay the $300,000 ransom. Private health insurer Maxicare and fast food chain Jollibee have also reported data breaches that affected millions of customers.

Across Southeast Asia, Chinese state-sponsored threat groups have targeted government and private-sector organizations, according to a 2023 report from Microsoft and intelligence firm Recorded Future. These include malware, distributed denial of service (DDOS) attacks, data leaks, and compromised websites and reflect Beijing’s geopolitical ambitions in the region, analysts said. Tensions have been running high between Beijing and Manila, in particular, as both states assert their claim over the resource-rich waters of the disputed South China Sea.

A portrait of Ferdinand Lazarte, an instructor of the Philippine Army’s Cyber Battalion, wearing military uniform and taken through a glass, which reflects the sky and trees outside.
Former IT executive Ferdinand Lazarte, 31, has worked with the army for four years.

So “it’s not surprising that when there’s a flare-up in the South China Sea, then you would have a flare-up in cyberspace,” Miguel Gomez, a cybersecurity researcher at the Lee Kuan Yew School of Public Policy in Singapore, told Rest of World. The Philippine military “doesn’t have nearly enough skilled manpower to cover all their bases. That’s a big problem.”

The Chinese embassy in Manila earlier said accusations that it engaged in cyber attacks against the Philippines were “groundless.” China “firmly opposes and cracks down on all forms of cyber attack in accordance with law, allows no country or individual to engage in cyber attack and other illegal activities on Chinese soil or using Chinese infrastructure,” it said.

Simply hiring civilian hackers is not going to solve the cyber threat problem, Sherwin Ona, an associate professor of political science at the De La Salle University in Manila, told Rest of World. The government needs to set a baseline for cybersecurity and regularly conduct audits and risk assessments, he said.

“Cyber readiness initiatives are just now beginning to grow teeth,” Ona said. “However, it’s an uphill climb.”

Still, the efforts appear to be paying off. The Philippines has improved its ranking in the United Nations Global Cybersecurity Index this year. Authorities said the progress can be attributed to the focus on strengthening cybersecurity, building capacity, and collaborating with other countries. But they also noted that the constant brain drain, with IT professionals leaving the country, posed a “big challenge.”

Two military personnel are seated at a wooden table, working on laptops. One person uses a touchpad while the other operates a mouse. Various items, including notebooks and a book titled "Master Your Emotions," are visible on the table. Both individuals wear military uniforms that display patches, including flags.
Civilian recruits receive months-long training, including the basics of life in the military, such as morning calls, exercise drills, and some weapons training.

The Armed Forces has set up a new entity called the Cyber Command to improve coordination among the military’s cybersecurity units. Civilians will be a part of this program too. “We will recruit cyber warriors,” General Romeo Brawner, chief of the Armed Forces of the Philippines, told reporters. “This new breed of warriors does not have to be muscle strong.”

The army hopes to recruit more civilians like Ferdinand Lazarte. The 31-year-old IT executive had always wanted to serve his country, like several of his family members who worked in the military and police force, he told Rest of World.

“My first goal was just to contribute, to be able to create a system and say, ‘I made this,’” he said. He began as a penetration tester in 2020, performing simulated cyber attacks to spot vulnerabilities, then became a forensic investigator and instructor at the Cyber Battalion. He also helped create a platform for cyber exercises and a virtual private network for the Philippine Army.

After four years, he has a bigger role than he would have had in a similar job in the private sector, he said, and is eyeing a promotion. “I enjoy the work, and I’ve learned a lot,” he said. “I see the importance of it.”