| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to bogus flight plans being sent to pilots has happened again at United Airlines. In a previous incident, all United flights in the US were grounded for nearly an hour due to problems with flight plans dispatched to its pilots, resulting in delays and cancellations [37119].
(b) The software failure incident related to bogus flight plans being sent to pilots has also happened at LOT airline in Poland. Hackers apparently got into the computer systems responsible for issuing flight plans to pilots, causing some flights to be cancelled and others to be delayed [37119]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the article where it is mentioned that the flight plan-delivery protocol used by every airline, including LOT airline, was a weak link that allowed hackers to potentially send bogus flight plans to pilots [37119]. This indicates a design flaw in the protocol that did not require authentication, making it vulnerable to unauthorized access and manipulation.
(b) The software failure incident related to the operation phase is evident in the article where it describes how hackers breached the network at Warsaw's Chopin airport, causing flight cancellations and delays for approximately 1,400 passengers on flights to various destinations [37119]. This disruption in the operation of the system led to significant inconvenience for both the airline and the affected passengers. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident related to the bogus flight plans affecting LOT airline and United Airlines was primarily due to contributing factors originating from within the system. The vulnerability in the flight plan-delivery protocol used by airlines allowed hackers to send bogus flight plans to pilots, causing disruptions and grounding of flights [37119]. The issue with the protocol not requiring authentication and accepting properly formatted plans regardless of the source was highlighted as a systemic problem within the system itself [37119]. The incident did not pose a safety concern as pilots have checks in place to verify and confirm the accuracy of the flight plans before taking any action [37119].
(b) outside_system: The software failure incident was also influenced by contributing factors originating from outside the system, specifically from hackers who breached the network at Warsaw's Chopin airport and gained unauthorized access to the flight plan systems of LOT airline, causing disruptions and grounding of flights [37119]. The external threat posed by hackers exploiting the vulnerability in the flight plan-delivery protocol highlighted the importance of cybersecurity measures to protect against such attacks [37119]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the articles was primarily due to non-human actions, specifically hackers gaining unauthorized access to the computer systems responsible for issuing flight plans to pilots of Poland's state-owned LOT airline and United Airlines. This unauthorized access led to the grounding of airplanes and the disruption of flight plans [37119].
(b) Human actions also played a role in the incident as the protocol for delivering flight plans did not require authentication, making it vulnerable to exploitation by hackers. Additionally, human actions were involved in the response to the incident, such as pilots and airline personnel identifying and addressing the issue with the flight plans [37119]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident related to hardware:
- The incident involved hackers apparently getting into computer systems responsible for issuing flight plans to pilots of Poland's state-owned LOT airline, indicating a breach in the hardware systems [37119].
- The ACARS datalink system, which is used to distribute flight plans and other data to pilots, is a hardware component that was potentially compromised in the incident [37119].
(b) The software failure incident related to software:
- The issue with both the LOT planes and United Airlines was identified as potentially being the protocol for delivering flight plans, which doesn't require authentication, indicating a software vulnerability [37119].
- The protocol for delivering flight plans was highlighted as a potential weak link that could allow hackers to send bogus flight plans to pilots, irrespective of the branded flight-plan system used by an airline, pointing to a software-related flaw [37119]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in the articles is malicious in nature. It involved hackers breaching the network at Warsaw's Chopin airport and getting into computer systems responsible for issuing flight plans to pilots of Poland's state-owned LOT airline [37119]. The hackers sent bogus flight plans to pilots, causing flights to be cancelled and delayed, affecting approximately 1,400 passengers. The incident was similar to a previous mysterious grounding of United Airlines planes, where hackers also sent bogus flight plans to pilots, resulting in all United flights in the US being grounded for nearly an hour [37119]. The issue was related to the flight plan-delivery protocol used by airlines, which did not require authentication, allowing hackers to exploit the system and send false information to pilots [37119]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident related to poor decisions can be inferred from the articles. The incident involving the grounding of airplanes at LOT airline and United Airlines was due to hackers breaching the network and sending bogus flight plans to pilots. The protocol for delivering flight plans did not require authentication, which allowed hackers to exploit this vulnerability and disrupt flight operations [37119]. This lack of authentication in the flight plan delivery protocol can be seen as a poor decision in the design and implementation of the software system, leading to the software failure incident. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident related to development incompetence is evident in the article as it discusses the vulnerability in the flight plan-delivery protocol used by airlines. The protocol did not require authentication, allowing hackers to send bogus flight plans to pilots, leading to the grounding of airplanes. This lack of proper authentication in the protocol can be attributed to a lack of professional competence in designing a secure system [37119].
(b) The accidental aspect of the software failure incident is also highlighted in the article. For example, United Airlines experienced problems with flight plans dispatched to its pilots, resulting in delays and grounding of flights. Passengers reported that bogus flight plans were popping up in the system, indicating an accidental introduction of incorrect data that led to the disruption in flight operations [37119]. |
| Duration |
temporary |
(a) The software failure incident described in the articles was temporary. In the case of the LOT airline incident, the problem with the flight plans was reportedly fixed after about five hours [37119]. Similarly, in the United Airlines incident, all flights in the US were grounded for nearly an hour before the problem was resolved [37119]. These incidents were not permanent failures but rather temporary disruptions that were eventually rectified. |
| Behaviour |
omission, timing, value, other |
(a) crash: The articles do not mention any instances of the system losing state and not performing any of its intended functions.
(b) omission: The incident involved the issuance of bogus flight plans to pilots, which could lead to the system omitting to perform its intended functions of providing accurate flight plans to pilots [37119].
(c) timing: The system was reported to have experienced problems with flight plans being dispatched to pilots, causing delays in flights. This could be considered a timing failure where the system performed its intended functions but at the wrong time [37119].
(d) value: The incident involved the issuance of incorrect flight plans to pilots, indicating a failure in the system performing its intended functions incorrectly [37119].
(e) byzantine: The articles do not mention any inconsistent responses or interactions that would classify the failure as a byzantine behavior.
(f) other: The behavior of the software failure incident in this case could be described as a security vulnerability leading to unauthorized access and manipulation of flight plans, potentially compromising the safety and efficiency of airline operations [37119]. |