Recent ‘glitches’ show airlines unusually vulnerable to cyber attacks

Aging IT systems, inadequate backups leave industry prone to failures, unprotected from bad actors

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Some­times a glitch is more than a glitch. Some­times, that glitch grinds much of the coun­try to a halt. And it gets the com­pa­ny involved hauled in front of Con­gress to explain itself.

Recent air­line tech­no-dis­as­ters at Delta and Southwest—and Unit­ed last year—have made one thing clear: Sys­tems designed to keep Amer­i­ca mov­ing in the air are far too frag­ile. Are they just too old?

Relat­ed pod­cast: Denial-of-ser­vice attacks becom­ing more devastating

The out­ages also raise obvi­ous ques­tions about con­cen­tra­tion of pow­er after megamerg­ers in the indus­try, and whether or not it is ade­quate­ly pre­pared to defend against cyber attacks.

As oper­a­tors in this crit­i­cal trans­porta­tion indus­try, it is your respon­si­bil­i­ty to ensure that your IT sys­tems are both reli­able and resilient,” wrote Sens. Ed Markey, D-Mass., and Richard Blu­men­thal, D-Conn., in a let­ter to the air­lines this week.

Last week, Delta Air­lines flights were ground­ed for at least six hours, and pas­sen­gers endured a day’s worth of has­sle, lost work and poten­tial­ly lost wages. Delta blamed a pow­er out­age, but in Atlanta, Geor­gia Pow­er dis­put­ed that claim.

In July, a glitch also was blamed for the ground­ing of all South­west Air­lines flights. Last year’s Unit­ed fias­co was equal­ly as painful, and was blamed on a failed reser­va­tions sys­tem router.

Markey and Blu­men­thal want a bet­ter expla­na­tion. They also want assur­ances that the air­lines are work­ing to make sure back­up sys­tems are more robust.

We are con­cerned with recent reports indi­cat­ing that air­lines’ IT sys­tems may be sus­cep­ti­ble to fal­ter­ing because of the way they are designed and have been main­tained,” the pair wrote in let­ters to var­i­ous air­line CEOs. “Now that four air car­ri­ers con­trol approx­i­mate­ly 85 per­cent of domes­tic capac­i­ty, all it takes is one air­line to expe­ri­ence an out­age and thou­sands of pas­sen­gers could be strand­ed, result­ing in missed busi­ness meet­ings, grad­u­a­tions, wed­dings, funer­als and oth­er pre­paid events.”

They have asked the air­lines to answer a set of ques­tions by Sept. 16. Among them:

• Over the past five years, what was the cause of IT out­ages or dis­rup­tions that caused flight can­cel­la­tions or delays longer than one hour, what safe­guards were in place at the time each out­age occurred, and why did these safe­guards fail to pre­vent the disruption?

• What spe­cif­ic safe­guards and back­ups does your com­pa­ny have in place to pre­vent your airline’s IT sys­tems from failing?

• What is the state of your airline’s IT sys­tem and what spe­cif­ic steps are being tak­en to mod­ern­ize it, if needed?

• In the event of delays and can­cel­la­tions caused by the air car­ri­er, does your air­line rebook pas­sen­gers on anoth­er air­line or with a dif­fer­ent mode of trans­porta­tion for no addi­tion­al charge?

• What oth­er com­pen­sa­tion and recourse, includ­ing but not lim­it­ed to lodg­ing, food and reim­burse­ment, does your air­line pro­vide con­sumers in the event of delays and can­cel­la­tions caused by the air carrier?

Sto­ries relat­ed to secu­ri­ty attacks:
Does your air­line real­ly under­stand and pro­vide data security?
More orga­ni­za­tions find secu­ri­ty aware­ness train­ing is becom­ing a vital secu­ri­ty tool
Tar­get­ed attacks on indus­tri­al con­trol sys­tems surge


Posted in Cybersecurity, Featured Story