Close this search box.

NY Day air fiasco: Was it a cyberattack?

by Malou Talosig-Bartolome

OFFICIALS the National Security Council and the Department of Transportation are meeting today on the airport crisis brought about by the shutdown of the air transport system on New Year’s Day.

National Security Adviser Clarita Carlos told republicasia she is meeting with DOTr officials to determine if the country’s aviation cybersecurity has been compromised.

Air traffic radar and communications went dark in the Philippines for 12 hours on New Year’s Day, a holiday and one of the busiest travel days of the year.

Close to 300 flights were canceled, diverted or delayed. Around 56,000 passengers were stranded in various airports in the country and around the world.

The Civil Aviation Authority of the Philippines, the agency in charge of the operation and maintenance of national airports and air navigation, has apologized for the crisis. They said there was a technical failure. 

Transportation Secretary Jaime Bautista, a licensed pilot, said the power supply of the country’s Communications, Navigation and Surveillance Systems for Air Traffic Management (CNS/ATM) Systems broke down. The uninterruptible power supply (UPS), the supposed backup power supply, also failed. When engineers manually restarted the CNS/ATM Systems, a surge in the power supply affected the equipment.

File photo of Philippine Air Traffic Management Center building that houses the Communications, Navigation and Surveillance Systems for Air Traffic Management (CNS/ATM) Systems. The Japan International Cooperation Agency (JICA) financed the P10.8-billion project to modernize the country’s air traffic control | courtesy Japanese Embassy in Manila

Was it really just a technical glitch?

Aviation has been considered one of the critical sectors in the country. The September 11 attacks in the US was just a stark reminder of how important aviation is on national security. One airplane can be weaponized and kill many people.

Thus, a critical infrastructure like aviation does not only need one power source and one backup. The International Civil Aviation Organization has been requiring all countries that the aviation facilities have redundancies in all aspects of its operations – from physical, network and yes, even power. Aside from the ICAO, the US Federal Aviation Authority has also been auditing the Philippine aviation safety standards. In 2014, the US gave it a Category 1 rating, the highest in terms of ICAO safety compliance. 

This is why cyber Intelligence expert ASEAN Engineer Alan Salim Cabanlong said the incident should be further investigated. 

“This incident should not be taken lightly as it is a matter of national security, a scary message to the world that they only need to take down NAIA and the whole PH airspace goes down. People’s lives are at stake,” Cabanlong said.

While you were sleeping

Cyber criminals have been attacking critical infrastructures in many countries for many reasons. 

Cabanlong, founder and chief executive officer of the nonprofit group Cyber Guardian, said like conventional warfare, cyberattacks are done while the “enemy is sleeping.”

Yesterday could be the perfect timing as it was a holiday.

Convene NCIAC — cyber intel expert

Cabanlong said when a critical infrastructure such as an aviation facility goes down, the National Cybersecurity Interagency Committee (NCIAC) should be convened.

Executive Secretary Lucas Bersamin chairs the NCIAC, with National Security Adviser Carlos and Department of Information and Communications Technology Secretary Ivan Uy as co-chairs. 

“This (ATS problem) is also raising doubts and fears since as of this time we have not heard any statement from the National Cybersecurity Interagency Committee (NCIAC) – are they investigating? Is this an isolated maintenance problem or a cyberattack? We need to rule out all possibilities,” Cabanlong added.

Cabanlong used to be assistant secretary for cybersecurity and enabling technologies for DICT. He said the department has the Cybersecurity Bureau with the Cybercrime Investigation and Coordination Center (CICC) which can assist the NCIAC in its investigation.

He said 80 percent of the cyberattacks around the world were “internal” or an inside job. Curiously, a few days ago, he noted, DOTr Secretary Bautista announced plans to privatize the MIAA. 

“We can only hope the people affected had a happy new year like everyone else who’s on radio silence even as of this time,” he added.

PHL gov’t response

NSC chair Carlos told republicasia her meeting with the DOTR officials was about the possibility of a cyberattack on the airport system. 

No further information was given.

CAAP Eric Apolonio, on one hand, allayed speculation that the CNS/ATM Systems was hacked.

“Alam niyo po itong CNS/ATM, ito po yung pinaka-well-secured na facility ng CAAP. Hindi basta puwedeng makapasok dito at may redundancy at may mga camera kaya makikita kung may human intervention na nangyari,” Apolonio said in an interview by dzbb.

But in a separate statement, the CAAP said “the main cause of the power supply problem is still being determined and is subject for investigation.” 

“The CAAP’s Aerodrome and Air Navigation Safety Oversight Office (AANSOO) will be tasked to investigate the incident,” the CAAP said.

republicasia reached out to Malacañang for comment. Undersecretary Cheloy Garafil, Office of the Press Secretary Officer-in-Charge, said “A thorough investigation is being conducted by appropriate agencies.”

Related story

banner photo: MIAA and airline crew provide food and other amenities to stranded passengers at NAIA airport on New Year’s Day | courtesy MIAA FB



We have the stories you’ll want to read.

RepublicAsia Newsletter