Recent ‘glitches’ show airlines unusually vulnerable to cyber attacks
Aging IT systems, inadequate backups leave industry prone to failures, unprotected from bad actors
By Bob Sullivan, ThirdCertainty
Sometimes a glitch is more than a glitch. Sometimes, that glitch grinds much of the country to a halt. And it gets the company involved hauled in front of Congress to explain itself.
Recent airline techno-disasters at Delta and Southwest—and United last year—have made one thing clear: Systems designed to keep America moving in the air are far too fragile. Are they just too old?
Related podcast: Denial-of-service attacks becoming more devastating
The outages also raise obvious questions about concentration of power after megamergers in the industry, and whether or not it is adequately prepared to defend against cyber attacks.
“As operators in this critical transportation industry, it is your responsibility to ensure that your IT systems are both reliable and resilient,” wrote Sens. Ed Markey, D-Mass., and Richard Blumenthal, D-Conn., in a letter to the airlines this week.
Last week, Delta Airlines flights were grounded for at least six hours, and passengers endured a day’s worth of hassle, lost work and potentially lost wages. Delta blamed a power outage, but in Atlanta, Georgia Power disputed that claim.
In July, a glitch also was blamed for the grounding of all Southwest Airlines flights. Last year’s United fiasco was equally as painful, and was blamed on a failed reservations system router.
Markey and Blumenthal want a better explanation. They also want assurances that the airlines are working to make sure backup systems are more robust.
“We are concerned with recent reports indicating that airlines’ IT systems may be susceptible to faltering because of the way they are designed and have been maintained,” the pair wrote in letters to various airline CEOs. “Now that four air carriers control approximately 85 percent of domestic capacity, all it takes is one airline to experience an outage and thousands of passengers could be stranded, resulting in missed business meetings, graduations, weddings, funerals and other prepaid events.”
They have asked the airlines to answer a set of questions by Sept. 16. Among them:
• Over the past five years, what was the cause of IT outages or disruptions that caused flight cancellations or delays longer than one hour, what safeguards were in place at the time each outage occurred, and why did these safeguards fail to prevent the disruption?
• What specific safeguards and backups does your company have in place to prevent your airline’s IT systems from failing?
• What is the state of your airline’s IT system and what specific steps are being taken to modernize it, if needed?
• In the event of delays and cancellations caused by the air carrier, does your airline rebook passengers on another airline or with a different mode of transportation for no additional charge?
• What other compensation and recourse, including but not limited to lodging, food and reimbursement, does your airline provide consumers in the event of delays and cancellations caused by the air carrier?
Stories related to security attacks:
Does your airline really understand and provide data security?
More organizations find security awareness training is becoming a vital security tool
Targeted attacks on industrial control systems surge