Delta’s Tech Meltdown & Aviation Security

Delta Airlines on Monday canceled hundreds of flights after a power outage in Atlanta sparked global computer issues for the carrier. The commercial aviation industry has experienced a number of glitches disrupting travel in recent months, and Delta’s computer outage offers just the latest example of the vulnerabilities that plague airline systems.

Delta said it canceled more than 650 fights “due to a loss of power affecting Delta operations systemwide.”

“Following the power loss, some critical systems and network equipment didn’t switch over to Delta’s backup systems,” the airline said in a statement. “Delta’s investigation into the causes is ongoing.”

The Cipher Brief’s Mackenzie Weinger spoke with former Director of the U.S. Department of Homeland Security’s Advanced Research Projects Agency Paul Benda, now the Principal and Chief Technology Officer at international security and strategic advisory firm GSIS, to discuss how the commercial aviation industry can boost its security practices and better work with the government in the face of emerging threats.

The Cipher Brief: Do disruptions like Delta’s outage pose a security threat or do they just cause aggravating delays for travelers?

Paul Benda: It depends on the scope and scale of the outage. There’s still some unknowns about what caused the outage — they claim it was a power outage, frankly, that seems unlikely. A system like that is bound to be on backup generator.  It seems far more likely that there was some kind of computer malfunction that maybe a power outage triggered and things didn’t come back on when backup power came on. What happens is that all the passenger manifests, all the passenger data, all the checks, those systems are generally kept separate from the main reservation and booking systems, but there is some cross-pollination of that. There’s a potential that there could be some security issues. It’s unlikely, but you don’t know because we’re not sure of the scope and scale of what happened.

TCB: This appears to have been an accident, but could a malicious actor inflict similar outages to cause similar or potentially more devastating disruptions? If so, what can really be done to minimize this?

PB: I think the scope and scale of potential cyberattacks, the imagination is really the boundary you have to look at. A determined state-sponsored adversary could certainly cause this kind of damage. Could a terrorist organization? Possibly. We really need to strengthen the cybersecurity of our systems that we’ve got in place. This goes across the board, from mission critical systems in airlines to industrial systems in the utilities sector. It’s about making sure that all of these big systems know all of the accesses that different vendors might have because there might be vulnerabilities that they’re just simply not aware of.

TCB: Given the interconnectedness of these systems, can you assess how vulnerable they are to cyberattacks? How is the commercial aviation industry working to keep their systems secure?

PB: Different companies do different things to make their systems stronger, so it’s hard to make a blanket statement. The blanket statement I could make is that I’m sure they can all do it better. The technical side is always improving, but I think on the policy side is where further collaboration between private industry and government, the sharing in real-time of cyber threat indicators, is something we can still make progress on. These attacks don’t necessarily spring out of nowhere and all of a sudden happen. There’s a lot of reconnaissance that happens, there’s other indicators that happen. If we could get better at recognizing those indicators and sharing them across industries, then potentially we can stop them.

TCB:  What role does DHS play in working with critical infrastructure, in this case the aviation sector, to prepare for this specific risk landscape? How can the government and the private aviation industry work together better in light of these glitches and future problems?

PB: It goes back to information sharing. DHS, the government, can be that honest broker and gatekeeper of information. There may be certain things that the airlines don’t want to share with everybody — if it’s proprietary or gives them a competitive advantage — the government can wash the identifying details of that but then still share the threat indicators that come out of it. I think a much stronger collaboration, and it has to be in real-time, and that’s where I think we’re lagging. And it has to be across all the systems to be able to see this threat data, be able to recognize these indicators and be able to share when something suspicious is going on.

TCB: And what’s holding that back right now?

PB: I think it’s just institutional inertia. There’s some concern that proprietary, competitive advantage type information might get out. So there’s a legitimate concern, a legitimate business aspect to it. And I think it’s difficult to do. How do you set up these processes so that everyone can be assured their information is safe? The government itself isn’t necessarily the best gatekeeper of secure information, so how can the government earn the trust of industry? And how can industry act in the best interest of the country from our national security perspective?

TCB: What are some of the other biggest aviation security threats on the horizon?

PB: The biggest threat is going to that lone wolf terrorist. I think it would be last point of departure flights that don’t necessarily originate in the U.S., where things might get onto a plane before we get a chance to check it.

If you look at the move to the next generation aviation system (Next Generation Air Transportation System), with GPS signals, whether there’s a threat there of those GPS signals being manipulated or blocked. It opens up potential cyberattacks to airlines, to airplanes that are in the air. And so, can you actually bring down a plane if you hack in? I think that’s something, just like automated vehicles and all of these new safety features in cars, you can see where cars have been hacked. Is it possible for our adversary to link into a plane in flight and cause that to happen, or even plant a device in the plane that causes that to happen? Is the next suicide bomber going to be someone with a computer that can hack into a plane mid-flight and cause it to crash versus having explosives? And if that’s the case, how do we stop that?


This article was originally featured on The Cipher Brief’s website.