Tuesday, June 23, 2015

Media frenzy stupidity: 1,400 passengers grounded

Here we go again, the media has jumped into the chasm of despair.  Slow news week.

Reporting that 1,400 passengers have been grounded is after all breaking news.

Reporting on how BIG this risk is.

First off, stopping planes from taking off is hardly a life threatening risk.

Secondly, 20 planes couldn't take off, once again, not a big deal.  And, of interest in this case, there are at least three other ways to file your flight plan.

What is a big deal, is the lack of security found at most airlines.

As a pilot, I'm in the right seat to explain how "flight planning" works and the risks associated with it.

I will take the US as an example.

A pilot must file a flight plan before taking off.  Once airborne, this flight plan must be activated and this is often done by the control tower.

In general aviation, a lot of pilots will use an application on their iPad to prepare their flight plan and file & activate it.

Take a look at this screen shot for a general idea of what it looks like

Once filed, this data is packaged and sent to Lockheed Martin who has the contract to handle flight planning in the US.  You can also call them and file by voice, or fax them.  Or you could walk your flight plan to the tower and hand it to a controller (busy airports will not be too pleased with that)

This is what the paper version looks like 

 So if someone hacked into my CLOUD based flight planning service, and my trusty iPad could not work, I would have alternate means to react.

In this case, based on the declaration made by the airline in question, their private system for filing flight plans was affected, and unable to send planning information upstream.

If they would have had a plan B (which most airlines do not), or if they would have had better security, this would not have been an issue.

Since aviation is a complex ecosystem, news agencies will once again get their panties in a bunch and get overly excited about hackers impacting the aviation world.

I'm not saying that better security is not required (it is), I'm saying that we should invest in the right areas first since no one has won the lottery and has unlimited security dollars.

The state of security in most organizations is so poor that we shouldn't have to use FUD media outbreaks to advance, yet experience seems to indicate that this remains the only way to move things along.

No comments:

Post a Comment

Are we even trying over at BRP

This will be a short blog entry.  Essentially, a general observation. If your enterprise was breached and screenshots of user account passwo...