Gatchalian seeks formal investigation on possibility of cyber-attack in airport fiasco

Senator Win Gatchalian wants the Civil Aviation Authority of the Philippines (CAAP) to initiate a full-blown investigation on the possibility that a cyber-attack caused the New Year airport fiasco.

During the recent Senate hearing, Undersecretary Alexander Ramos of the Department of Information and Communications Technology's (DICT) Cybercrime Investigation and Coordinating Center (CICC) admitted that no formal investigation has been conducted so far that would rule out the possibility of a cyber-attack in relation to the airport debacle.

"Based on the communication submitted by CAAP to the Office of the Senate Committee on Public Services, the CICC has already ruled out cyber-attack," the senator said.

But the CICC was quick to correct the report saying that when they were called to help look into the urgent matter, the priority task given to them was only to help CAAP restore the system to normalcy and they have not gone beyond the restoration process because the targets of their investigation were offline and off-grid.

"Now, the CICC is saying that the report ruling out cyber-attack is not conclusive while in admission that the lack of tools and equipment is barring them to conduct a formal investigation," Gatchalian said, heeding to the request of CICC for an executive session to discuss with the senators their own findings.

"May I suggest to CAAP Director General Manuel Tamayo to already initiate a formal investigation on the possibility of cyber-attack because the report is misleading and there is no formal investigation on the matter," he stressed.

The senator also pointed out that CICC and CAAP themselves have admitted that no vulnerability tests have been conducted so far to address potential risks that expose the entire CAAP system, including Communication, Navigation, and Surveillance System for Air Traffic Management (CNS/ATM) to cyber-attacks.

"Because we have not conducted a vulnerability test on the entire CAAP system, that leaves us very open to the possibility of cyber-attack. That seems to be the mode of infringing on sovereignty by external factors so I would suggest that CAAP should take this seriously. We cannot just look at traditional equipment like circuit breakers. We are very open and vulnerable to cyberterrorism," he emphasized.

The goal is to prevent all types of disruptions and prevent the New Year airport incident from happening again," he ended.

Gatchalian nais paimbestigahan ang posibleng cyber-attack sa insidente sa airport

Pinapaimbestigahan ni Senador Win Gatchalian sa Civil Aviation Authority of the Philippines (CAAP) ang posibilidad na isang cyber-attack ang sanhi ng nangyaring technical glitch noong bagong taon sa paliparan ng Maynila.

Sa katatapos na pagdinig ng Senado, inamin ni Undersecretary Alexander Ramos ng Department of Information and Communications Technology (DICT) Cybercrime Investigation and Coordinating Center (CICC) na wala pang pormal na imbestigasyon na isinagawa na mag-aalis sa posibilidad na may kinalaman sa cyber-attack ang nangyari sa airport.

"Batay sa komunikasyong isinumite ng CAAP sa Office of the Senate Committee on Public Services, inalis na raw ng CICC ang anggulong cyber-attack," sabi ng senador.

Pero mabilis na itinama ito ng CICC at sinabing hiningi ang kanilang tulong noong kasagsagan ng aberya upang tumulong lamang na maibalik sa normal ang operasyon ng airport.

"Ngayon sinasabi ng CICC na ang anggulong cyber-attack ay hindi conclusive. Unang-una, sinabi ng CICC na wala silang sapat na kagamitan upang makapagsagawa ng imbestigasyon na makapagsasabi kung may cyber-attack ngang nangyari o wala," sabi ni Gatchalian, na humingi ng isang executive session sa Committee on Public Services para talakayin ang mga natuklasan ng ahensiya.

"Ang mungkahi ko kay CAAP Director General Manuel Tamayo ay simulan na ang isang pormal na imbestigasyon sa posibilidad na may kinalaman ang cyber-attack sa insidente dahil nakakalito ang mga ulat," diin niya.

Ipinunto din ng senador na mismong ang CICC at CAAP ay umamin na wala pang vulnerability test na isinasagawa sa ngayon upang matugunan ang mga potensyal na panganib na naglalantad sa buong sistema ng CAAP, kabilang ang Communication, Navigation, and Surveillance System for Air Traffic Management (CNS/ATM) sa cyber-attack.

"Dahil hindi pa nakapagsagawa ng isang vulnerability test sa buong sistema ng CAAP, dahilan ito para maging bukas tayo sa posibilidad ng cyber-attack. Ito ay isang mode of infringing na sinasagawa sa sovereignty ng mga external factors kaya't hinihikayat ko ang CAAP na seryosohin ito nang maigi. Hindi natin maaaring tingnan lamang ang mga tradisyonal na kagamitan tulad ng circuit breaker dahil tayo ay vulnerable sa cyberterrorism," giit ng senador.

Ang layon ng lahat ng ito ay upang maiwasan ang anumang uri ng pagkagambala at maiwasan ang parehong insidente noong New Year, ayon kay Gatchalian.