Senator Win Gatchalian wants the Civil Aviation Authority of the Philippines (CAAP) to initiate a full-blown investigation on the possibility that a cyber-attack caused the New Year airport fiasco.
During the recent Senate hearing, Undersecretary Alexander Ramos of the Department of Information and Communications Technology’s (DICT) Cybercrime Investigation and Coordinating Center (CICC) admitted that no formal investigation has been conducted so far that would rule out the possibility of a cyber-attack in relation to the airport debacle.
“Based on the communication submitted by CAAP to the Office of the Senate Committee on Public Services, the CICC has already ruled out cyber-attack,” the senator said.
But the CICC was quick to correct the report saying that when they were called to help look into the urgent matter, the priority task given to them was only to help CAAP restore the system to normalcy and they have not gone beyond the restoration process because the targets of their investigation were offline and off-grid.
“Now, the CICC is saying that the report ruling out cyber-attack is not conclusive while in admission that the lack of tools and equipment is barring them to conduct a formal investigation,” Gatchalian said, heeding to the request of CICC for an executive session to discuss with the senators their own findings.
“May I suggest to CAAP Director General Manuel Tamayo to already initiate a formal investigation on the possibility of cyber-attack because the report is misleading and there is no formal investigation on the matter,” he stressed.
The senator also pointed out that CICC and CAAP themselves have admitted that no vulnerability tests have been conducted so far to address potential risks that expose the entire CAAP system, including Communication, Navigation, and Surveillance System for Air Traffic Management (CNS/ATM) to cyber-attacks.
“Because we have not conducted a vulnerability test on the entire CAAP system, that leaves us very open to the possibility of cyber-attack. That seems to be the mode of infringing on sovereignty by external factors so I would suggest that CAAP should take this seriously. We cannot just look at traditional equipment like circuit breakers. We are very open and vulnerable to cyberterrorism,” he emphasized.
The goal is to prevent all types of disruptions and prevent the New Year airport incident from happening again,” he ended.