OPINION: Is the Philippine national grid vulnerable to cyber-attacks?

Jessa Ibañez and Kenneth Daniel Quesada, Institute for Climate and Sustainable Cities

Posted at Feb 11 2020 01:15 AM

Grid security was identified as an urgent national concern in last week’s Senate energy hearing, given not only that the State Grid Corporation of China's 40 percent ownership of the national grid operating concession but also increased cyber-terrorism activity globally.

The Department of Energy (DOE) and National Transmission Corporation (TransCo) have been demanding the National Grid Corporation of the Philippines (NGCP) to submit themselves to a technical audit since 2017, but this call is now more imperative as NGCP president and CEO Anthony Almeda divulged that the NGCP has come under attack “a hundred times already” in the preceding two weeks alone.

“Cyber-attacks on a power grid is becoming a reality,” Senator Sherwin Gatchalian warned during the hearing, in light of the unprecedented hack on Ukraine’s power grid last 2016. And since such an attack can happen anytime, he emphasized the need for the government to secure the national grid. That was when Almeda countered the senator, saying the more important question to be asked should be about the speed of NGCP's response. The revelation that the national grid is already under attack came as a surprise to everyone in the hearing. 

TransCo president and CEO Melvin Matibag likewise told the Senate energy committee that a year after NGCP assumed office, they replaced their equipment from Asea Brown Boveri, General Electric, and Siemens to NARI, or the Chinese State Grid Electric Power Research Institute. Matibag pointed to NARI's very website, which states the Chinese company controls the power grid of the Philippines. This raises more national security concerns and rightly so. Even National Security Adviser Hermogenes Esperon, Jr. also contested Almeda's assertion that unsupervised remote access to the national grid's software and hardware system is impossible.

While Almeda clarified that China does not have a connection to the Philippine national grid, Professor Rowaldo del Mundo, special assistant to the TransCo president, explained that the national grid’s NARI control system can switch on and off circuit breakers of power plants remotely through computers. Since it uses a communication system connected to the internet, hackers can get into the system, similar to the attack experienced by Ukraine. 

Matibag shared the sentiment of DOE secretary Alfonso Cusi, who stressed the need to put defenses in place, and this will only be possible if NGCP will open its doors for auditing. 

However, the NGCP continues to refuse requests of government agencies, citing the Electric Power Industry Reform Act of 2001 and reiterating only the Energy Regulatory Commission (ERC) is authorized to conduct a full audit. This was refuted by Matibag, who cited provisions in the concession agreement that supports the government's power to conduct full inspection of the operations and facilities of NGCP. Meanwhile, ERC chief Agnes Devanadera assured the Senate committee they intend to commission a third-party entity to conduct the audit of NGCP with their 2020 budget already available, scheduling its bidding within the first quarter.

To regain credibility, it is clear the NGCP needs to cooperate and move forward with the technical audit. Only then will the lingering concern over national grid security be lifted.

Jessa Ibañez and Kenneth Daniel Quesada are technical consultants on transition scenarios of the Institute for Climate and Sustainable Cities and associates of the Center for Empowerment, Innovation and Training on Renewable Energy (CentRE). They are licensed electrical engineers and hold graduate degrees in energy engineering.
 

Disclaimer: The views in this blog are those of the blogger and do not necessarily reflect the views of ABS-CBN Corp.