Published Date: 2015-06-22
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident targeting air travel and grounding around 1,400 passengers at Warsaw Chopin airport happened on Sunday, as reported in Article 37130. 2. The article was published on 2015-06-22. 3. Therefore, the software failure incident occurred on Sunday, 2015-06-21. |
| System | 1. Ground computers used to issue flight plans at Warsaw Chopin airport [37130] |
| Responsible Organization | 1. Hackers targeted air travel and successfully grounded around 1,400 passengers by breaching the ground computers of LOT Polish Airways, causing the software failure incident [37130]. |
| Impacted Organization | 1. Passengers at Warsaw Chopin airport were impacted by the software failure incident, as around 1,400 passengers were grounded due to the hack on LOT Polish Airways [37130]. |
| Software Causes | 1. The software cause of the failure incident was hackers breaching the ground computers used by LOT Polish Airways to issue flight plans, leading to the inability to create flight plans for outbound flights from its Warsaw hub [37130]. |
| Non-software Causes | 1. Hackers breached the ground computers used to issue flight plans at Warsaw Chopin airport, leading to the grounding of around 1,400 passengers [37130]. 2. The cybersecurity consultant detained for discussing hacking into the plane he was traveling on claimed to have hacked into computer systems aboard airliners and managed to control an aircraft engine during a flight [37130]. |
| Impacts | 1. The software failure incident caused around 1,400 passengers to be grounded at Warsaw Chopin airport, leading to the cancellation of 20 flights and delays for several others [37130]. 2. The incident highlighted the vulnerability of airlines to cyberattacks, raising concerns about the industry's reliance on electronic systems for critical operations [37130]. 3. Cyberattacks on aviation systems can have a significant economic impact by disrupting the industry, potentially affecting passenger confidence in air travel and leading to financial losses [37130]. |
| Preventions | 1. Implementing robust cybersecurity measures such as firewalls, intrusion detection systems, and regular security audits to prevent hackers from breaching the ground computers used for issuing flight plans [37130]. 2. Conducting regular cybersecurity training for employees to raise awareness about potential cyber threats and how to mitigate them effectively [37130]. 3. Enhancing the overall cybersecurity posture of the aviation industry by collaborating with organizations like the International Civil Aviation Organization to develop global standards for cybersecurity in aviation [37130]. |
| Fixes | 1. Enhancing cybersecurity measures within the aviation industry to prevent future cyberattacks like the one experienced by LOT Polish Airways [37130]. 2. Implementing robust IT system security protocols and regularly updating software to address vulnerabilities that could be exploited by hackers [37130]. 3. Conducting regular cybersecurity training for airline staff to increase awareness and preparedness for potential cyber threats [37130]. 4. Collaborating with international organizations like the International Civil Aviation Organization to establish global standards for cybersecurity in the aviation sector [37130]. | References | 1. Sebastian Mikosz, CEO of LOT Polish Airways [37130] 2. International Civil Aviation Organization [37130] 3. Federal Aviation Administration [37130] 4. FBI [37130] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization, multiple_organization | (a) The software failure incident related to a cyberattack on air travel systems has happened again at one_organization. The CEO of LOT Polish Airways mentioned that cyberattacks on aviation are an ongoing issue that the industry will continue to deal with, indicating that similar incidents have occurred before within the same organization [37130]. (b) The software failure incident related to a cyberattack on air travel systems has also happened at multiple_organization. The International Civil Aviation Organization highlighted that cyber security is becoming a more significant issue in civil aviation due to the increasing risk from cyberattacks, suggesting that similar incidents have occurred at other organizations within the aviation industry as well [37130]. |
| Phase (Design/Operation) | design, operation | (a) The software failure incident related to the design phase can be seen in the article where hackers breached the ground computers of LOT Polish Airways, which are used to issue flight plans. This breach in the system's design allowed the hackers to disrupt the creation of flight plans for outbound flights from the Warsaw hub, leading to the grounding of around 1,400 passengers [37130]. (b) The software failure incident related to the operation phase is evident in the same article where it mentions that the cyberattack on LOT Polish Airways' IT system resulted in the airline being unable to create flight plans for outbound flights from Warsaw. This disruption in the operation of the system caused the cancellation of 20 flights and delays for several others, impacting the airline's operations and passenger travel [37130]. |
| Boundary (Internal/External) | within_system, outside_system | (a) within_system: The software failure incident reported in the article is due to hackers breaching the ground computers of LOT Polish Airways, which are used to issue flight plans. This internal system breach led to the grounding of around 1,400 passengers and the cancellation of 20 flights [37130]. (b) outside_system: The article also mentions that cyberattacks on aviation are an ongoing issue and a concern for the industry. The CEO of LOT Polish Airways highlighted that cyberattacks on aviation are an industry-wide problem, indicating that the contributing factors originate from outside the system [37130]. |
| Nature (Human/Non-human) | non-human_actions | (a) The software failure incident occurring due to non-human actions: The software failure incident in the article was caused by hackers breaching the ground computers of LOT Polish Airways, which are used to issue flight plans. This non-human action led to the grounding of around 1,400 passengers and the cancellation of 20 flights [37130]. (b) The software failure incident occurring due to human actions: The article does not provide specific information about the software failure incident being directly caused by human actions. |
| Dimension (Hardware/Software) | hardware, software | (a) The software failure incident reported in the article is primarily related to a cyberattack by hackers targeting the air travel industry. The hackers breached the ground computers of LOT Polish Airways, which are used to issue flight plans, leading to the grounding of around 1,400 passengers at Warsaw Chopin airport [37130]. This incident was a result of a security breach in the hardware systems, specifically the ground computers used by the airline. (b) The software failure incident also has a significant software component as the attack on LOT Polish Airways' IT system disrupted the creation of flight plans for outbound flights from its Warsaw hub. The inability to create flight plans due to the cyberattack resulted in the cancellation of 20 flights and delays for several others [37130]. This software failure incident highlights the vulnerability of airlines to cyberattacks and the importance of cybersecurity measures to protect critical software systems in the aviation industry. |
| Objective (Malicious/Non-malicious) | malicious | (a) The software failure incident reported in the articles is malicious in nature. The incident involved hackers targeting air travel by breaching the ground computers of LOT Polish Airways, which are used to issue flight plans. This malicious attack resulted in grounding around 1,400 passengers, forcing the airline to cancel flights and causing delays. The CEO of LOT Polish Airways, Sebastian Mikosz, emphasized that cyberattacks on aviation are an ongoing issue that the industry will continue to face, indicating that the objective of the software failure incident was malicious in nature [37130]. |
| Intent (Poor/Accidental Decisions) | poor_decisions | The software failure incident reported in the articles is related to a cyberattack on the aviation industry, specifically targeting LOT Polish Airways. The incident involved hackers breaching the airline's ground computers used to issue flight plans, leading to the grounding of around 1,400 passengers and the cancellation of 20 flights [37130]. The intent behind this software failure incident can be attributed to poor decisions made by the hackers who intentionally targeted the airline's IT system to disrupt its operations. This deliberate action to breach the system and cause chaos in air travel demonstrates a malicious intent rather than accidental decisions or mistakes. The CEO of LOT Polish Airways highlighted that cyberattacks on aviation are an ongoing issue faced by the industry, indicating a deliberate and intentional threat to disrupt operations [37130]. |
| Capability (Incompetence/Accidental) | development_incompetence | (a) The software failure incident related to development incompetence is evident in the article as hackers targeted air travel by breaching the ground computers of LOT Polish Airways, which are used to issue flight plans. This breach led to the grounding of around 1,400 passengers and the cancellation of 20 flights, causing significant disruptions. The CEO of LOT Polish Airways, Sebastian Mikosz, highlighted that cyberattacks on aviation are an ongoing issue that the industry will continue to deal with, emphasizing that all airlines are vulnerable to such attacks [37130]. (b) The software failure incident related to accidental factors is not explicitly mentioned in the provided article. |
| Duration | temporary | The software failure incident reported in the article about LOT Polish Airways being targeted by hackers resulted in a temporary failure. The incident caused the airline to ground around 1,400 passengers, cancel 20 flights, and delay several others on Sunday [37130]. The CEO of LOT Polish Airways mentioned that they managed to re-establish the functioning within a few hours, indicating that the software failure was temporary and not permanent. |
| Behaviour | crash, omission, other | (a) crash: The software failure incident in the article can be categorized as a crash. The incident resulted in the grounding of around 1,400 passengers due to hackers breaching the airline's ground computers, which are used to issue flight plans. This led to the system losing its state and being unable to create flight plans for outbound flights, causing flights to be canceled and delayed [37130]. (b) omission: The software failure incident can also be categorized as an omission. The system omitted to perform its intended functions of issuing flight plans, resulting in the inability of outbound flights from Warsaw to depart as planned [37130]. (c) timing: The software failure incident does not align with a timing failure as there is no indication that the system performed its intended functions too late or too early. The primary issue was the system's inability to create flight plans, leading to flight disruptions [37130]. (d) value: The software failure incident does not align with a value failure as there is no mention of the system performing its intended functions incorrectly. The main issue was the system's failure to create flight plans, impacting the airline's operations [37130]. (e) byzantine: The software failure incident does not align with a byzantine failure as there is no mention of the system behaving erroneously with inconsistent responses and interactions. The incident was primarily attributed to hackers breaching the airline's ground computers, leading to the disruption of flight plans [37130]. (f) other: The other behavior exhibited by the software failure incident is a security breach. The incident involved hackers targeting the airline's systems, breaching its ground computers, and disrupting the creation of flight plans, ultimately impacting the airline's operations and causing flight cancellations and delays [37130]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | processing_unit, network_communication | (a) sensor: The article does not specifically mention any sensor-related errors or failures. (b) actuator: The article does not specifically mention any actuator-related errors or failures. (c) processing_unit: The failure in this incident was related to the processing unit of the cyber physical system. Hackers breached the airline's ground computers, which are used to issue flight plans, leading to the grounding of around 1,400 passengers and the cancellation of flights [37130]. (d) network_communication: The incident involved a cyberattack on the airline's IT system, which disrupted the network communication and prevented the creation of flight plans for outbound flights from the Warsaw hub, resulting in flight cancellations and delays [37130]. (e) embedded_software: The article does not provide specific information about any errors or failures related to embedded software. |
| Communication | connectivity_level | The software failure incident reported in the article [37130] was related to the connectivity level of the cyber physical system. The incident involved hackers breaching the ground computers of LOT Polish Airways, which are used to issue flight plans. This breach at the network or transport layer resulted in the airline being unable to create flight plans for outbound flights from its Warsaw hub, leading to flight cancellations and delays. The CEO of LOT Polish Airways highlighted that cyberattacks on aviation are an ongoing issue that the industry will continue to deal with, emphasizing the vulnerability of airlines to such attacks. |
| Application | FALSE | The software failure incident reported in Article 37130 was related to a cyberattack on LOT Polish Airways' ground computers, which are used to issue flight plans. This cyberattack led to the grounding of around 1,400 passengers and the cancellation of 20 flights. The CEO of LOT Polish Airways mentioned that cyberattacks on aviation are an ongoing issue that the industry will continue to deal with, indicating that the failure was related to external factors such as hacking rather than internal application layer issues like bugs or operating system errors [37130]. Therefore, the failure was not related to the application layer of the cyber physical system as defined. |
| Category | Option | Rationale |
|---|---|---|
| Consequence | property, delay, non-human, theoretical_consequence, other | (a) death: People lost their lives due to the software failure - There is no mention of any deaths resulting from the software failure incident at LOT Polish Airways [37130]. (b) harm: People were physically harmed due to the software failure - There is no mention of any physical harm to individuals resulting from the software failure incident at LOT Polish Airways [37130]. (c) basic: People's access to food or shelter was impacted because of the software failure - There is no mention of people's access to food or shelter being impacted by the software failure incident at LOT Polish Airways [37130]. (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident at LOT Polish Airways resulted in the grounding of around 1,400 passengers, cancellation of 20 flights, and several delays, impacting travel plans and potentially causing inconvenience to passengers [37130]. (e) delay: People had to postpone an activity due to the software failure - Passengers at LOT Polish Airways experienced delays and cancellations of flights due to the software failure incident, causing disruptions to their travel plans [37130]. (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident at LOT Polish Airways affected the airline's IT system, leading to the inability to create flight plans and resulting in flight cancellations and delays [37130]. (g) no_consequence: There were no real observed consequences of the software failure - The software failure incident at LOT Polish Airways had observable consequences such as flight cancellations and delays [37130]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The articles discuss the potential consequences of cyberattacks on the aviation industry, including the impact on passenger confidence, economic implications, and risks associated with electronic systems in aviation [37130]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - The software failure incident at LOT Polish Airways highlighted the vulnerability of airlines to cyberattacks, the importance of cybersecurity in aviation, and the potential economic impact of disruptions in the aviation industry [37130]. |
| Domain | transportation, government | (a) The failed system in this incident was related to the aviation industry, specifically affecting LOT Polish Airways and their ability to issue flight plans for outbound flights [37130]. The incident highlighted the vulnerability of airlines to cyberattacks and the critical role of electronic systems in aviation operations. (h) The aviation industry's reliance on electronic systems for safety-critical functions was emphasized in the article, indicating that cyberattacks pose a significant risk to the industry [37130]. (l) The incident involving the cyberattack on LOT Polish Airways' IT system also had implications for government agencies such as the Federal Aviation Administration (FAA) in the United States, which requires aircraft to file flight plans for tracking and safety purposes [37130]. |
Article ID: 37130