Cyber Attacks Ground Airlines and Threaten Passenger Security
September 18, 2024 | Commerce, Science, and Transportation: Senate Committee, Standing Committees - House & Senate, Congressional Hearings Compilation
This article was created by AI summarizing key points discussed. AI makes mistakes, so for full details and context, please refer to the video of the full meeting. Please report any errors so we can fix them. Report an error »
Cybersecurity incidents in the airline industry are increasingly impacting passengers, leading to significant disruptions and financial losses. Recent events highlight the fragility of airline infrastructure and the cascading effects of cyber attacks. A notable incident occurred last month at Seattle Tacoma International Airport, where a cyber attack forced staff to revert to manual processes, resulting in delays for both flights and baggage.
On July 18th, a faulty software update affecting CrowdStrike clients, including several airlines, caused global system crashes that impacted approximately 1.4 million passengers, with nearly 5,200 flights canceled on the first day alone. One family in Seattle reported losing over $7,500 while attempting to rebook flights and secure lodging due to the chaos.
Government agencies are not exempt from these vulnerabilities. Earlier this year, an error by an FAA contractor led to a nationwide ground stop, delaying over 10,000 flights and canceling more than 1,300. These incidents underscore the susceptibility of the airline sector to both human error and cyber threats.
Moreover, the security of airline loyalty programs poses another risk. The value of unused miles in passenger accounts is substantial, with estimates indicating that the top five U.S. airline loyalty programs held a combined balance of $27.5 billion in unused miles at the end of 2020. This makes them attractive targets for cybercriminals, as evidenced by a 166% increase in bot attacks on airline accounts between late 2023 and early 2024. Stolen miles are often sold on the dark web for gift cards or airline tickets.
Despite the growing threat, U.S. airlines have been inconsistent in implementing security measures for mileage accounts. Basic protections, such as multi-factor authentication, are not universally available, leaving many passengers vulnerable. Additionally, airline miles lack the consumer protections that safeguard funds in other contexts, such as FDIC insurance or anti-fraud protections under the Electronic Fund Transfer Act.
Ransomware attacks also pose a significant risk to the aviation sector, with Boeing's chief security officer reporting a staggering 600% increase in such attacks on the aviation supply chain over the past year. As the industry grapples with these challenges, the need for enhanced cybersecurity measures has never been more urgent.
On July 18th, a faulty software update affecting CrowdStrike clients, including several airlines, caused global system crashes that impacted approximately 1.4 million passengers, with nearly 5,200 flights canceled on the first day alone. One family in Seattle reported losing over $7,500 while attempting to rebook flights and secure lodging due to the chaos.
Government agencies are not exempt from these vulnerabilities. Earlier this year, an error by an FAA contractor led to a nationwide ground stop, delaying over 10,000 flights and canceling more than 1,300. These incidents underscore the susceptibility of the airline sector to both human error and cyber threats.
Moreover, the security of airline loyalty programs poses another risk. The value of unused miles in passenger accounts is substantial, with estimates indicating that the top five U.S. airline loyalty programs held a combined balance of $27.5 billion in unused miles at the end of 2020. This makes them attractive targets for cybercriminals, as evidenced by a 166% increase in bot attacks on airline accounts between late 2023 and early 2024. Stolen miles are often sold on the dark web for gift cards or airline tickets.
Despite the growing threat, U.S. airlines have been inconsistent in implementing security measures for mileage accounts. Basic protections, such as multi-factor authentication, are not universally available, leaving many passengers vulnerable. Additionally, airline miles lack the consumer protections that safeguard funds in other contexts, such as FDIC insurance or anti-fraud protections under the Electronic Fund Transfer Act.
Ransomware attacks also pose a significant risk to the aviation sector, with Boeing's chief security officer reporting a staggering 600% increase in such attacks on the aviation supply chain over the past year. As the industry grapples with these challenges, the need for enhanced cybersecurity measures has never been more urgent.
View full meeting
This article is based on a recent meeting—watch the full video and explore the complete transcript for deeper insights into the discussion.
View full meeting