CNN (and many others) are reporting a ground stop of Southwest Airlines flights, initiated by the FAA at the request of the the airline after "a vendor-supplied firewall went down and connection to some operational data was unexpectedly lost," according to spokesman Dan Landson (quoted from [5]). Many news articles remind readers of the airlines meltdown last December, when they cancelled nearly 17,000 flights over 10 days.[1,2,3] Southwest was not alone in cancelling flights then; the initial challenge was winter weather. However they were noteworthy in the reason and magnitude of their disruption, which was blamed in part on outdated crew scheduling software.[4]
Both of these failures are cybersecurity issues. I've mentioned the CIA triad before:
- Confidentiality: Data should access should be limited to those parties who are authorized to access it
- Integrity: Data integrity should be maintained; data should be complete and correct
- Accessibility: Data should remain accessible to those parties who are authorized to access it
Both cases represent failures of Accessibility: data that Southwest needed to meet its business goals was not accessible. In December, outdated software meant that the airline didn't know where its flight crews were. In some cases, personnel had to phone in their locations because they couldn't notify the airline electronically.[5] The airline used in-house software to manage its crews.[6] While doing so may enable a finely tailored result, it also means that they must be entirely self-reliant for any maintenance, expansion, upgrades, and security for that software - no one else uses it, no one else is familiar with it to offer insight. New employees enter entirely naive to the software, and have to learn it form the ground up. Legally, there may be more liability in providing their own software rather than outsourcing to a professional. Thus, though there may be short-term financial gains in in-house development, the aggregate picture becomes murky.
Today, the culprit appears to involve off-the-shelf software. Where the culpability lies is not yet clear, though. Setting up and maintaining the software may have been part of Southwest's responsibility. For the moment, we'll have to wait and see.
Sources:
1. Ivanova, Irina, "More than 2,000 Southwest Airlines flights delayed after temporary ground stop" CBS News (cbsnews.com). Accessed 4/18/2023 at https://www.cbsnews.com/news/southwest-flights-grounded-over-computer-issue/
2. Josephs, Leslie, "More than half of Southwest Airlines flights delayed after technology problem paused departures" CNBC (cnbc.com). Accessed 4/18/2023 at https://www.cnbc.com/2023/04/18/southwest-airlines-departures-pause.html
3. Baio, Ariana, "FAA briefly grounds all Southwest Airlines flights nationwide" Independent (independent.co.uk). Accessed 4/18/2023 at https://www.independent.co.uk/news/world/americas/southwest-airlines-ground-stop-faa-b2321980.html
4. Koeng, David, "US investigating December flight cancellations at Southwest" Independent (independent.co.uk). Accessed 4/18/2023 at https://www.independent.co.uk/news/ap-southwest-airlines-dot-dallas-b2269417.html
5. Wallace, Gregory et. al. "Hundreds of Southwest Airlines flights are delayed after FAA lifts nationwide ground stop" CNN (cnn.com). Accessed 4/18/2023 at https://www.cnn.com/travel/article/southwest-airlines-flight-delays/index.html
6. Arnold, Kyle, and Natalie Walters, "Holiday meltdown exposes Southwest Airlines’ technology woes" Dallas Morning News, The. Accessed 4/18/2023 at https://www.dallasnews.com/business/airlines/2022/12/29/holiday-meltdown-exposes-southwest-airlines-technology-woes/
No comments:
Post a Comment