Southwest Christmas Outage: risks of using outdated infrastructure


During the end of Dec 2022, Southwest Airlines suffered downtime of its IT infrastructure. As a result, about 16,000 scheduled flights were canceled, turning thousands of its passengers’ Christmas into unplanned chaos.

A severe winter storm crippled the company’s operations, resulting in this outage. The age of these IT is a second “contributing” aspect, as Casey A. Murray, president of the Southwest Airlines Pilots Association described it – “IT and infrastructure from the 1990s”.

Cyber crimes may affect IT and infrastructure in a very similar way. A well-planned cyberattack that targets these outdated infrastructures may result in similar results like outages, downtime, chaos, delays, and a bad reputation.

When considering the legacy (widespread) of the onboard devices, maintenance laptops, data loading devices, and even test equipment, it is clear that not only the backend infrastructure is exposed to these risks but also the avionic devices and other airborne equipment.

Cyber attacks are no stranger to the aviation sector. Recent attacks that occurred during 2022 unveiled many common weaknesses, impacting the airlines and airports in various ways, for example, on airports, airlines, websites, mobile apps data breach, suppliers ransomware, and the list is long.

There are a few differences between these root causes, the winter storm and cyber crimes. The first and most notable is that winter storms are considered “force majeure,” even if some are partially predicted and considered to be not under the control of the airlines. On the other hand, cyber crimes should be governed and handled by the airlines (as per the FAA’s DO-355 / EASA’s ED-204).

The second difference relates to the insurance aspect. While winter storms are considered force majeure and beyond the airlines’ control, cyber crimes are expected to be assessed, mapped, detected, managed, and mitigated as much as possible.

The third difference is the recovery timeframe and process. Since winter storms are unpredictable in their extent and implications, the preparations and risk assessment preempting the actual events are complicated and can only be partially applied. Cyber events can be preempted, and airlines should be ready and develop cyber resilience.

The implications of winter storms and cyber attacks on airlines and airports can be very similar in one sense; the range of impact, and the risk to the passenger, can vary from cancellations or delays to devastating consequences.

While cyber crimes are an old-new threat to the industry, it should be clear to all key stakeholders that this threat is here to stay. The initiative, regulators, operators, and OEMs should understand and react to this threat. This threat can be minimized and preempted in advance.

The writer is Chief Technology Officer @Cyviation Ltd.

(Photos: Southwest)


CyViation Welcomes Eliran Almog as CEO
Cyviation Announces Strategic Partnership
Cyviation Announces Strategic Partnership on Aviation Cybersecurity Intelligence and Monitoring Solutions
Hacking the Sky: Planes Need Patching, Too – Interview with CEO Avi Tenenbaum