Senator Sherwin Gatchalian on Sunday, January 15 urged the Civil Aviation Authority of the Philippines (CAAP) to conduct a investigation on the possibility that a cyber attack caused the airport fiasco on New Year’s Day.
Gatchalian pointed out that during the Senate hearing on the incident last Thursday, January 12, Undersecretary Alexander Ramos of the Department of Information and Communications Technology’s (DICT) Cybercrime Investigation and Coordinating Center (CICC) confirmed that no internal probe has been conducted that would rule out the possibility of a cyber attack in relation to the air traffic management system shutdown.
“Based on the communication submitted by CAAP to the Office of the Senate Committee on Public Services, the CICC has already ruled out cyber-attack,” Gatchalian noted.
However, the CICC immediately corrected the report saying that when they were called to help look into the urgent matter, they were only tasked to help CAAP restore the system to normalcy.
The senator noted they have not gone beyond the restoration process because the targets of their investigation were offline and off-grid.
“Now, the CICC is saying that the report ruling out cyber-attack is not conclusive while in admission that the lack of tools and equipment is barring them to conduct a formal investigation,” Gatchalian said.
“May I suggest to CAAP Director General Manuel Tamayo to already initiate a formal investigation on the possibility of cyber attack because the report is misleading and there is no formal investigation on the matter,” the lawmaker said.
CICC and CAAP themselves have admitted that no vulnerability tests have been conducted so far to address potential risks that expose the entire CAAP system, including Communication, Navigation, and Surveillance System for Air Traffic Management (CNS/ATM) to cyber attacks, Gatchalian pointed out.
“Because we have not conducted a vulnerability test on the entire CAAP system, that leaves us very open to the possibility of cyber-attack,” he said,
“That seems to be the mode of infringing on sovereignty by external factors so I would suggest that CAAP should take this seriously,” he stressed.
“We cannot just look at traditional equipment like circuit breakers. We are very open and vulnerable to cyberterrorism,” he reiterated.