It seems that every day there is a disturbing report about another widespread outage in some airline’s system; another glitch that grounds thousands of passengers; another apology from a representative vowing the problem will be fixed “as soon as possible.”
The question is, Why does this keep happening? More important, what does it say about the ability of our nation’s top airlines to manage these complex systems?
The short answer: They’re not managing very well. Airlines average about one major widespread glitch and outage every month.
As the former head of research and development for the U.S. Department of Homeland Security, I understand the challenges inherent to deploying and operating complex technologies. These IT failures are particularly relevant now, amid a major push by commercial airlines to convince Congress and the administration that a private company — one they would oversee — should take control of our federal air traffic control system.
The same airlines that can’t make their reservations systems work are pushing to manage an air traffic control system with 800 million flights a year, spanning thousands of airports. According to a recent article in Computer Economics, “U.S. and Canadian airlines are projected to spend an average of 3 percent of their revenue on information technology this year — compared to 8 percent by commercial banks and 4 percent by healthcare firms.” This begs the broader question of whether major decisions regarding the safety and security of the flying American public should rest in the hands of a private corporation — especially a corporation that would be controlled by the airlines, which have a track record of under-investing in their IT systems.
Let’s also consider that the United States currently has the busiest and safest air traffic control system in the world. The coming years will present critical challenges for maintaining that record as air traffic grows to record levels and threats to the system become more complex and ubiquitous. Just as computers, banks and power stations are threatened and penetrated by hackers daily, there are examples where these same types of attacks can be extended to modern aircraft. In fact, the risk from hackers is growing as more airlines add onboard wifi, streaming video services and other high-tech options that passengers demand creating potential doorways for hackers into the vital systems that control and operate an aircraft.
At the same time that the cyberthreat is growing, our government is taking a number of steps to upgrade the ATC system. These upgrades will move more planes more efficiently than ever before by precisely tracking and guiding them with next-generation satellite-based technology. The NextGen system should significantly improve the accuracy of the current system, allowing controllers to handle the expected increased number of flights and reducing the operating costs of the overall system by eliminating some of the decades-old radar sites.
The biggest challenge? This is a complex, costly process that involves many different moving pieces. Huge costs are required to ensure that the most up-to-date and secure technologies are deployed.
Based on its history, the American people can be sure that if the FAA maintains control and ownership of these systems, it will never risk the safety and security of American airspace to cut costs.
If the system is run by a private company controlled by commercial interests, will they choose to maintain critical radar sites that may be deemed redundant but provide a needed back-up capability? Will they choose to require themselves to buy more expensive radios for planes to ensure they can’t be jammed? Will they create standards that require them to create more secure but more expensive internal networks on its planes to reduce the risk of the system being hacked?
If history is any guide, it is likely that commercial interests will choose the cheapest option versus the most secure.
Thankfully, for now, these airline systems failures only cost money, time and delays for the American people, but what if the same people that are choosing not to invest in their IT systems that regularly fail the American public now have to decide whether to invest in the expansion of a new terminal at one of their hubs or in a new piece of equipment that could enhance a plane’s defenses against cyber threats. It is a question best left to the imagination.
PAUL BENDA IS THE FORMER DIRECTOR OF THE HOMELAND SECURITY ADVANCED RESEARCH PROJECTS AGENCY. HE NOW IS THE PRINCIPAL AND THE CHIEF TECHNOLOGY OFFICER OF GLOBAL SECURITY INNOVATIVE STRATEGIES.