The airport industry is no stranger to the threat of cyber attacks, but 2018 saw some key aviation and financial services companies in the spotlight after IT glitches. Lev Lesokhin from software consultancy CAST reveals how companies can learn from the past and avoid making the headlines for the wrong reasons.
Come fly with me… or maybe not
The aviation sector probably suffered the most in 2017, most notably British Airways and Amadeus IT Group SA which experienced worldwide delays. The sector clearly didn’t learn its lessons this year. British Airways experienced a data breach and a global IT glitch, resulting in all flights at Heathrow and Gatwick being cancelled. Just a month prior to this, there was Eurocontrol’s air traffic control system failure, causing widespread flight delays and cancellations. In August and September, technical faults caused monitor failures at Gatwick and Heathrow respectively, which incited chaos at the London airports as staff had to rely on whiteboards and market pens to share flight information. Winter began appropriately with an American Airlines computer glitch, which forced passengers to see a desk agent to retrieve their boarding passes.
Airline computers juggle multiple systems that must interact to control gates, reservations, ticketing and frequent fliers. Each of those pieces may have been written separately by different companies. Even if an airline has backup systems in place – which many do – the software running those can be susceptible to coding flaws. Tracking down a software flaw can be very difficult. It’s like investigating crime; there is a lot of data to sift through to figure out what actually happened. Added to the lack of structural oversight, increasingly, is an ageing workforce with fewer people knowing the system being relied on. The departure of critical staff is a major issue as a lot of these older systems are not well documented.
The Black Box inside aviation IT systems
Underlying, and perhaps hidden, software complexity not only costs airlines billions of dollars when it fails but also exposes customers’ data to malicious activity. Software Intelligence – which is the deeper understanding which enables enterprises to upgrade their systems swiftly, safely and without disruption to customer services – reduces spurious findings flagged by traditional tools. It focuses efforts on the flaws that application security tools can’t catch: malicious code gaining forbidden access to data, lack of input validation and back doors. In short, Software Intelligence is needed to cut through the noise and find the biggest threats.
The more insight organisations have on their software, the quicker risk in their IT systems can be acted on and produce trustworthy software that will stand strong as they modernise their IT systems. Only by doing so can anyone avoid making negative headlines in 2019.