News Short: Grounded flights were the result of employees deleting critical files, FAA says

FAA

On Friday (01/20/2023), FAA reported that flights were grounded due and systems outage caused by employees deleting critical files see article, albeit aging systems and infrastructure

With news of this outage, I have so many questions (as should you), such as; why did this person have access? Was this an experienced person that had access and shouldn’t? Was this a mistake by an experience IT person (because who hasn’t made a mistake in their career) without the appropriate measures and policies in place to make sure mistakes in critical infrastruture aren’t made? Well designed IT systems really should have checks and balances in their system, whether it be error checking, seperation of duties, automation of production systems and appropriate “break glass” procecedures for if production ever needs manual intervention.

Apparently “The FAA is still trying to determine whether any one person or “routine entry” into the database is responsible for the corrupted file, a government official familiar with the investigation into the NOTAM system outage told CNN.”

Issues like these, whether they be from internal threats (even accidental) or external threat actors are why we need to continue making progress towards (at a mimimum) Role Based Access Controls in the short term to seperate duties and protect data in use, however as system complexities (and risk surface) continue to grow exponentially a move to a Zero Trust Security Model will not simply be a “nice to have” but a “must have” to protect our systems.

Its is the continued job of infosec personnel to lead the charge in terms of driving a culture where information security is a business enabler rather than a seperate silo within the business. This culture change is ultimately the biggest challenge here, and will require smart infosec people to hone their business savy skills.

Until next time.

-RM