The US Department of Transportation has been tasked with investigating the root cause of a glitch in a Federal Aviation Administration (FAA) alert system that quickly halted all domestic flights in the US – the first time a nationwide grounding has occurred since the 9/11 terror attacks.
As first reported by our Cybernews team, the FAA announced the system failure at exactly 8:28 p.m. EST Tuesday. The critical alert system was not back online until 9 a.m. Wednesday morning.
Although an official statement by The White House Wednesday morning tried to squash rumors of a possible cyberattack, as of 2:36 p.m. EST, the cause of the IT failure, as aviation regulators described it, was still unknown by the FAA. The US Secretary of Transportation told President Joe Biden there was no evidence of cybersecurity attack at that time.
The system, known as the Notice to Air Missions System (NOTAMs), is responsible for alerting airline pilots of any critical changes that could negatively or urgently impact a flight, including weather conditions, airport construction, or broken equipment. Pilots are required to check the system before every flight as a safety protocol.
NOTAMs alerts were originally designed to be sent to pilots over a telephone hotline before being upgraded to operate over the internet. The transition from analog to digital was made in 2012.
According to Neil Jones, Director of Cybersecurity Evangelism at security firm Egnyte, oftentimes these types of digital transformations can result in an excess of technological debt, negatively impacting the organization's cybersecurity structure.
Technical debt is when the urgency to get a system up and running to satisfy business operations, can compromise the integrity of its software technology, such as clean coding or proper testing. Jones compares the issue to consumers who overextend themselves through the use of credit cards.
“The more technical debt the mission-critical airline industry accrues…the airlines face a ‘perfect storm’ of operational, customer satisfaction, and cybersecurity impacts,” Jones said.
Specifically referring to the NOTAMs breakdown, Jones stressed another area overlooked by the airlines as a result of technical debt, “the crucial need for viable incident response plans.” Incident response is a necessary and major component of any robust security strategy.
“Every technical incident that lacks a hot backup to a secondary system gives cyberattacks even more time and bargaining power.”Neil Jones, Director of Cybersecurity Evangelism, Egnyte
The nationwide grounding has thrown airline travel into pandemonium today as flight delays and cancellations continue to creep higher by the hour, leaving millions of disgruntled customers in the lurch. According to FlightAware.com, delays in the US passed seven thousand by 1:30 p.m. with more than 16 thousand delays worldwide. About 2500 cancellations were also reported worldwide.
“The result is that customers are increasingly viewing cyber-preparedness as a key metric to assess whether they want to expand their business relationships with a particular company. Accruing massive amounts of technical debt can harm your customer relationships way beyond a single operational incident and ultimately affect customers’ travel decisions.” said Jones.
For comparison purposes, totals on Fight Aware for Monday, the same week, list about four thousand US delays and 15 thousand global delays for the entire day. Worldwide flight cancellations for Monday were just over 16 hundred.
Military flights, also routed through the system, were not affected by the outage.
The Cybernews team will update readers on this story as new developments come in.
More from Cybernews:
Subscribe to our newsletter