The sudden announcement of an FAA system outage that grounded all flights nationwide immediately raised natural concerns about a cyber attack, but the agency is now saying that the incident was a “glitch” caused by a damaged database file.
Travelers in the United States woke on January 11 to the unexpected news that all flights nationwide had been temporarily halted due to some sort of computer problem. The announcement that systems had to be restored from backups caused immediate speculation of ransomware, but the issue appeared to have been ironed out by January 12 as flight traffic resumed relatively normal patterns.
Widespread system outage not as bad as initially feared
The FAA said late Wednesday that the investigation was still in the early stages, but that there was no evidence of a cyber attack and that the system outage was thought to have been caused by a software issue, likely a damaged database file. There could be further developments, but as of Thursday air traffic had returned to a fairly standard level of daily delays and cancellations, a strong indication that ransomware was not involved. 11,000 flights were delayed on January 11 and over 1,300 were canceled, roughly ten times the number that were impacted on January 12.
The FAA has yet to release much in the way of detail but did announce that its Notice to Air Mission (NOTAM) was impacted by the glitch. NOTAM is a nation-spanning air safety system that notifies pilots of potential hazards in their flight paths, such as closed runways or technical issues at airports. The FAA issued an announcement that it was working to mitigate the system outage in the early hours of January 11 and said that things were back to normal Thursday morning.
Though the FAA said there was “no evidence” of a cyber attack, the possibility was not strictly ruled out as the investigation continues. The system outage has fueled a great deal of speculation that continues even as things go back to normal, as the last time a national grounding of flights of this sort was ordered was in the immediate wake of the September 11 terrorist attacks in 2001. US Department of Transportation Secretary Pete Buttigieg indicated that the order to stop flights was issued out of an “abundance of caution” as irregularities were observed in the NOTAM system. Aircraft were reportedly able to land safely during the system outage, but there may have been problems with takeoffs as NOTAM is meant to be viewed prior to departure.
Even without a cyber attack, federal databases remain vulnerable
Though it may well turn out that it was not a cyber attack, the system outage puts a spotlight on other problems with the federal cyber infrastructure: dated equipment, and systems that are not necessarily equipped with vital redundancies to handle unlikely problems.
The FAA is in the midst of a five-year review that is part of its 2018 reauthorization; the agency generally faces a review of its funding every three to five years. Buttigieg said that NOTAM redundancy measures would be included in this review, along with a review of airline performance and compensation of customers during a rash of severe winter storms in December that caused an unusual amount of cancellations.
Though it has not been cited as a factor in this system outage as of yet, the federal government has been struggling to replace a wide variety of badly dated legacy computer equipment that can be very difficult to modernize (not to mention defend from modern cyber attacks). OpsGroup, an advocacy group for reform of the NOTAM system, also notes that it has a dated interface and has been the subject of pilot complaints about too much irrelevant information for some time.
The system outage may not have ended up causing any lasting problems, but it was poorly timed from a public relations perspective. In addition to an unusual amount of delays and cancellations due to winter weather in recent weeks, airlines have struggled to keep adequate staff on hand at times. They have had their own software and internal infrastructure problems as well, as demonstrated when Southwest had a severe scheduling system failure that ended up forcing it to cancel thousands of flights just as travelers were heading home from Christmas trips.
One piece of good news in this case is that the Transportation Department has mandated that any flight canceled due to the system outage be refunded. Some airlines are going a step further to improve customer relations, offering to waive rebooking fees and differences in fare for domestic flights over the next few days.
Neil Jones, director of cybersecurity evangelism for Egnyte, notes that incidents such as this and the Southwest failure in December provide an ample warning of the risks presented by a successful cyber attack: “A great deal of attention has been paid to the impact of technical debt on specific airlines’ flight schedules and their customers’ experience. Those are extremely important factors, but overlooked areas include: 1) The crucial need for viable incident response plans and 2) The additional impact of technical debt on cybersecurity. For every month’s worth of technical debt that the airline industry accrues, potential cyberattackers have more time on their hands to detect flaws in existing software and develop new vulnerabilities that can jeopardize critical infrastructure. And, every technical incident that lacks a hot backup to a secondary system gives cyberattacks even more time and bargaining power. The result is that airlines face a “perfect storm” of operational, customer satisfaction and cybersecurity impacts.”
“Customers are increasingly viewing cyber-preparedness as a key metric to assess whether they want to expand their business relationships with a particular company. Accruing massive amounts of technical debt can harm your customer relationships way beyond a single operational incident and ultimately affect customers’ travel decisions,” noted Jones.
