FAA Says No Evidence of Cyberattack in NOTAM OutageHuman Error, Not Hackers, Behind Hourslong System Outage That Grounded Flights
Blame a contractor and not hackers for the hourslong nationwide pause on flights last week that grounded thousands of planes, says the Federal Aviation Administration.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
A preliminary agency review of the Jan. 11 incident points the finger at contract personnel who unintentionally deleted files. The FAA suspended flights shortly after midnight that Wednesday after experiencing an outage to the Notice to Air Missions system. NOTAM transmits real-time flight hazard and airspace restriction data to airline pilots.
The outage occurred when personnel unintentionally deleted files while working "to correct synchronization between the live primary database and a backup database," the agency concluded.
There is no evidence of a cyberattack or malicious intent, the agency says. The White House made a similar statement the day of the outage (see: US Flights Resume After Reported Computer Glitch Resolved).
Over the course of the roughly nine-hour NOTAM outage, airlines canceled more than 1,300 flights and delayed close to 10,000 more, according to data from FlightAware.com captured by National Public Radio.
The FAA says it has taken steps to ensure a repeat of the incident can't occur.
The incident occurred just months after a Boeing subsidiary that distributes NOTAMs experienced a cyber incident about which little is publicly known.
The Jan. 11 incident also coincided with a brief NOTAM outage in Canada, leading to speculation that the incidents could be related and caused by a malicious actor.
No evidence exists that they are. Jake Williams, a cybersecurity expert and a former member of the National Security Agency's offensive hacking team, told Information Security Media Group that rather than hackers, the underlying cause of the FAA outage probably was contractor inexperience with the agency's legacy systems. The "outage could have easily been caused by inadvertently deleting files. I've seen similar outages in business systems caused by inadvertently overwriting a file," he said.
"Back in my system admin days, I've even caused one with an errant command. The key isn't whether a mistake like this is possible but how quickly you can diagnose the issue and recover. Clearly, the recovery process here was found lacking."