February 9, 2020 | 9:21 pm
THE National Grid Corp. of the
Philippines’ (NGCP) transparency regarding its operations has become an issue
after reports that it has detected 100 cyberattacks, officials said.
At a Monday hearing at the Senate
Committee on Energy, NGCP President Anthony L. Almeda disclosed the detection
of cyberattacks “a hundred times,” in the past few weeks. On top of this,
National Transmission Corporation (TransCo) said the NGCP uses the NARI
Transmission Control Operational Platform System, which allows remote access to
the grid.
“Ito po ’yung ginagamit na
computer control na pwede mag-switch on and switch off ng circuit
breaker ng powerplants (This is the computer system that is used to
switch powerplant circuit breakers on and off),” TransCo consultant Rowaldo del
Mundo told the panel. He also answered in the affirmative when asked if such
controls are remotely accessible.
Energy Secretary Alfonso G. Cusi
pressed the NGCP to subject its operations to audit to ensure that security
measures are in place to counter attacks.
“The vulnerability is always there,
the threat is always there, we must have the defenses in place,” he said in the
same hearing. “That’s why we want to have an audit to determine if we have the
right defensive mechanism to protect our system.”
Mr. Cusi said the department has
attempted to audit the NGCP since 2017, but was declined. The NGCP, for its
part, said it is open to the audit, provided it is conducted by the Energy
Regulatory Commission.
NGCP Spokesperson Cynthia P.
Alabanza said the detections are proof that its cybersecurity efforts are
effective. “Nag-invest ang NGCP heavily on cybersecurity, ‘yung
mga vulnerability, everyday pinag-aaralan (NGCP invested heavily in
cybersecurity, and the vulnerabilities are evaluated every day),” she told
reporters after the hearing.
“Kahit anong sistema na may
cyber aspect, may mga detections talaga pero dahil matatag ang ating
cybersecurity efforts, walang nakakalusot (Any system with a cyber
aspect will have attempted instrusions but our cybersecurity efforts are
robust, and nothing has got through),” she said.
Asked to comment, Ateneo de Manila
University professor and cybersecurity expert William Emmanuel S. Yu said NGCP
represents “critical infrastructure” that must be protected.
“I am not familiar with the systems
being used in NGCP. Nor am I familiar with the NARI Transmission Control
Operational Platform system. I am pretty certain that there are mechanisms that
can be used to secure such critical infrastructure,” Mr. Yu said via e-mail,
Saturday.
“It would be important to inquire on
what controls NGCP has in place to prevent such attacks from occurring and what
they have to ensure that nothing else is getting across.”
Mr. Yu called the matter a national
security concern, citing the experience of Ukraine.
“Imagine being able to disrupt power
distribution in the country by disrupting the national grid. This has already
happened in the past.”
In December 2016, a portion of
Ukraine suffered power outages after hackers accessed its electric utility
system.
A 2017 Wired.com report, shared by
Mr. Yu, described the malware as having the capability to cause a massive power
outage “far more widespread and longer lasting” than the Ukraine blackout. — Charmaine
A. Tadalan
No comments:
Post a Comment