The Downside of Living in an Internet Connected World: Airline Travel Edition

Internet Security.

This week we delve into a topic that feels like it would be more at home on a tech blog than a travel blog: hacking.

You may or may not have noticed the uptick in hacking incidents related to the travel industry recently. In 2015 both American Airlines and United were victims of “cyber attacks” where their systems were compromised resulting in customer information being stolen as well tickets being fraudulently purchased. And then there is the matter of Delta airlines in August of this year when their system was completely down due to what the airline explained was a “power outage”. More on this later.  While some people would be quick to label these acts “cyber terrorism”, I would choose not to since no investigations have found this to be the case and furthermore, because I detest how frequently the word terrorism is thrown about by the media in order to scare people. This being said, there are some things to worry about when it comes to hacking airlines.

First, airlines are private companies, and as such their main concern is making money. Why mention this? Because airlines are loathe to report bad news about their operations which could adversely affect the share price and therefore cost them a lot of money. One could also say that such information could create the conditions for a vicious circle as well: the airline reports that it has been hacked, resulting in a loss of value vis a vis share price. This in turn makes the public wary of traveling with said airline, resulting in decreased sales,  eventually leading to lower share prices… and the circle continues. Essentially, it is difficult to get a straight answer from the airlines when they have technical problems, just like it is difficult to get straight answers when they have mechanical problems or a plane crash because they do not want to do more damage to the company from bad publicity.

This makes the recent events concerning Delta all the more relevant because there have been some interesting developments since the “blackout”. First, it appears this is the first time since the invention of electricity that a blackout singled out a particular company rather than a particular geographic location. The company said the cause of the system outage was a blackout, yet none of the people or businesses in the area surrounding Delta headquarters in Atlanta reported experiencing a blackout. Furthermore, the blackout affected all delta systems worldwide. Later, Delta walked back their statement and claimed it was a “system blackout” whatever that is. There has been some reporting on this incident and one could make the case that Delta is trying to cover up the fact they were the victim of a cyber attack that compromised their entire system. This is in fact what has been reported by Debka File, a site with clear connections to Israeli intelligence and people who would be in a position to know such information.

Most of these events seem remote to many people, unless they are directly affected by the incidents. Most customers stranded due to Delta’s “blackout” would take it in stride just the same as if they were delayed due to bad weather, or other benign circumstances. But it is important to recognize the dangers here. An airline is responsible for the lives of a great many people every day who are traveling, and while a system failure could present serious problems for them, it would be much worse if the air infrastructure of the US (or any other country) is attacked. Think if the chaos that could ensue if the FAA air traffic control systems were compromised, or if even a main center like NYC was taken offline. We are not talking about reservation systems and frequent flyer numbers, but collision avoidance, radar, ILS and other vital systems that keep planes from crashing into each other. The likelihood of one of these types of attacks seems only to grow with the sophistication of those who engage in these types of attacks.