Totally free real time breaking news alerts sent straight to your inbox enroll to our breaking news emails
Enroll to our free breaking news emails
When a routine Air Canada flight got here in to land at San Francisco on a July evening in 2017, it missed a lethal disaster by just 13 feet.
Unaware that one among the airport’s runways was closed, the pilot – exhausted after 19 hours awake – had attempted to land on a taxiway on which 4 other planes were lined up awaiting liftoff.
Had he not noticed his error and pulled up in time, the crash might have been more deadly than the 1977 Tenerife Airport disaster, by which two Boeing 747s collided on a foggy runway, killing 583 people.
Technically, the pilot had been warned in regards to the closure of the runway. However the warning had been buried on page eight of a 27-page briefing written in all capital letters in a bizarre, Byzantine code via the US government’s Notice To Air Missions (NOTAM) system, a widely resented institution with some components 30 years old.
This incident illustrates just how much the developed world depends upon fragile, outdated or simply plain janky software systems that run our critical infrastructure behind the scenes – from air travel to water treatment plans to postal services.
The risks of that situation were underlined last week when NOTAM spectacularly imploded, depriving pilots of significant details about potential hazards along their routes and consequently cancelling or delaying nearly 12,000 flights.
Nor was it the primary such glitch. Over Christmas, the US air carrier Southwest Airlines suffered a multi-day meltdown that union leaders blamed partly on unwieldy software that collapsed under the load of historic winter storms.
Outdated or inadequate software has also been blamed for an attempted cyber-attack on a water treatment plant in Florida in 2021, and road deaths as a result of defective electronic throttle systems in Toyota cars.
“These aren’t just teaching moments, these are entire university curriculum moments that must be studied, examined and addressed,” says Henry Harteveldt, president of the Atmosphere Research Group consultancy, referring to the issues with NOTAM and Southwest.
“This does expose a number of the vulnerabilities, and after all the largest vulnerability everybody fears is a cyber-attack. What really concerns me is: do any of those events illustrate weaknesses inside the systems that may very well be used to cause a completely catastrophic, almost doomsday-like scenario?”
’Devastating effects on human life’
In 2011, the prolific Silicon Valley enterprise capital firm Andreessen Horowiz declared that “software is eating the world”. A decade and alter later, the world has been thoroughly digested.
Now, as then, every major infrastructure service depends upon software, and most rely upon a fancy network of interlocking systems, any one among which might go improper.
The tech industry has a plethora of piquant terms for the issues that may afflict large coding projects: “spaghetti code”, “software rot”, or “dependency hell”, to call just a couple of.
One of the dangerous for giant institutions is “technical debt”, meaning the fee paid tomorrow for coding decisions taken yesterday. Organisations with heavy technical debt might be trapped in reliance upon ageing software that isn’t any longer fit for its purpose, yet without the resources – or, more commonly, the determination by senior managers – to repair it.
“Technical debt often goes hidden, but there isn’t any doubt it’s having an impact on the reliability and quality of critical national infrastructure,” says Junade Ali, a British computer scientist and expert on technical debt who has worked on the UK’s road signalling network and Google and Apple’s Covid exposure notification system.
“Unmanaged technical debt can have devastating effects on human life, from miscarriages of justice to death. [It] also reduces the agility of a business by slowing its ability to check latest features in the true world, get user feedback and iterate rapidly…
“As software is becoming increasingly complex and more of the world depends on software, the challenge is ever-growing.”
Consider, as an example, a pc accounting system called Horizon built for the British Post Office at the fee of around £700m in taxpayer money. Between 1991 and 2015, 918 employees were successfully prosecuted for supposed financial discrepancies recorded by the system, in some cases reportedly resulting in bankruptcy, divorce and even suicide.
As early because the 12 months 2000, nevertheless, there have been allegations that Horizon was riddled with errors. A series of external reviews and court judgements backed that up, and today most of the prosecutions have been overturned or their targets paid compensation.
One other case of allegedly deadly code involved Toyota, which was forced to recall cars and settle a string of lawsuits after claims that its throttle software caused sudden and unintended acceleration which will have led to as many as 89 deaths and 57 injuries. In 2013, a jury in Oklahoma found it had shown “reckless disregard” for public safety, although Toyota settled that too without admitting responsibility.
Michael Barr, a software testing expert who undertook a confidential review of 1 Toyota throttle system, testified that it had multiple problems that might have caused a 2007 crash. In a later presentation, he said Toyota software had suffered from “spaghetti code” (which implies just what it seems like) and an absence of proper safety systems that might detect and forestall errors as they occurred.
Other cases cited by Barr include a pc glitch in a US Army Patriot missile launcher through the first Gulf War in 1991 that caused it to disregard an incoming Iraqi missile – resulting in 28 deaths and 100 injuries – and errors that caused a radiotherapy machine within the Eighties to present out lethal overdoses of radiation.
That is just not to say the many occasions on which an inappropriate reliance on Microsoft Excel spreadsheets has caused crucial systems to interrupt down, including on the bank JP Morgan Chase and at Britain’s public health agency through the Covid-19 pandemic.
Accidental errors may make these systems vulnerable to cyber-attacks, especially in an age when state-sponsored skilled hacking groups prowl the web while winning attack strategies are bought and sold on the dark web.
“Much of the critical infrastructure that we depend on today was established long before the suitable software – and even the concept of cybersecurity – got here along,” says John Fokker, head of intelligence on the cybersecurity firm Trellix.
“Often based on legacy operating systems that were arrange a long time ago, these organisations are using software that is never updated – if in any respect. A successful attack could have a potentially devastating impact.”
How US air travel imploded this Christmas
It isn’t clear exactly what the basis reason behind last week’s NOTAM outage was. The Federal Aviation Administration (FAA), which maintains the system, has said there’s “no evidence” of a cyber-attack, as an alternative blaming an engineer contractor who allegedly damaged a key data file by failing to follow procedures.
In that case, the FAA has inquiries to answer about how one mistake was enough to disrupt the entire system to the extent that officials were forced to reboot the whole lot to get it up and running.
What we do know is that the system has long been criticised for its obtuseness and fragility. The present iteration is a patchwork of older and newer software layers that must interact with one another, and prior to the outage it was not as a result of be upgraded for a minimum of six years.
In truth, in line with OpsGroup, a pugnacious grassroots association of air industry professionals, NOTAM still uses a text encoding format that dates back to 1924, designed for telegraph machines and incapable of displaying lowercase letters.
That is an element of the explanation why NOTAM messages are written in a nigh-on inscrutable sigils reminiscent of: “A0290/21 NOTAMN. Q) VHHK/QNMAU/IV/NBO/AE/000/999/2219N11355E005. A) VHHH. B) 2105252130 C) 2105252329. E) SIU MO TO DVOR/DME ‘SMT’ 114.80 MHZ/CH95X NOT AVBL DUE MAINT.”
Worse, everyone from Ops Group to the then head of the US national Transportation Safety Board (NTSB) agrees that NOTAM – in theory reserved for essential updates about real hazards – is utterly clogged with superfluous or irrelevant notices, making it easy to miss actually necessary information.
The International Civil Aviation Organisation (ICAO), which is attempting to reform NOTAM, has said that around 20 per cent of the energetic notices are older than 90 days. In Albania, there’s reportedly an energetic NOTAM from the 12 months 2000 offering advice to pilots in regards to the Millennium Bug.
OpsGroup has also documented examples of dueling NOTAMs issued by the governments of Turkey and Greece, disputing one another’s right to issue NOTAMs regarding territory rights claimed by each nations.
One former airline pilot has even claimed that on the day that Malaysia Airlines Flight MH17 was shot down over Ukraine, killing 298 people, there was a cryptic but critical NOTAM issued for that area, which may need averted disaster if it had been clearer.
No wonder NTSB head Robert Sumwalt said in a 2018 hearing that NOTAMS “are only a bunch of garbage that no one pays any attention to”. This 12 months’s NOTAM failure is now being investigated by Congress.
Other air travel technologies have also suffered outages in the previous couple of years. An air traffic control system called ERAM has failed seven times since 2014, most recently on 2 January this 12 months. In 2021, a personal sector reservation system called SABRE suffered an outage too.
Then there’s the Southwest meltdown, which the Southwest Airlines Pilots Association (SWAPA) has blamed partly on a custom-built automated crew scheduling system called SkySolver.
Southwest’s “point to point” flight network depends upon a fancy dance of planes and staff moving from city to city, being in the best place at the best time for his or her next project. When one flight is delayed or cancelled, SkySolver reportedly finds a method to resolve the issue and reassigns planes and staff as needed.
But SWAPA says that it could only handle as much as 200 to 300 scheduling changes at a time, meaning it was completely overwhelmed when freezing weather blanketed much of the US, driving the variety of individual pilot reassignments as high as 600 per hour.
Amid the chaos, SWAPA claims, SkySolver repeatedly created solutions that simply didn’t work in practice, and didn’t bear in mind the quickly evolving situation. The group says only 15 per cent of SkySolver solutions between 20 December and 29 December were actually flown, with 85 per cent made obsolete before they may fly.
Staff were left stranded in hotels while they waited for brand new assignments, invisible to the software system and unable to get through to the human schedulers at a call centre who were manually attempting to fix the mess. “We have now crews stuck, and scheduling doesn’t know where they’re,” SWAPA head Casey Murray told The Wall Street Journal.
SWAPA also says this led planes and crew being flown from city to city purely to place them in the best position, despite the fact that there have been actually enough staff available to legally take passengers. Since the scheduling system didn’t know where these employees were, and so they couldn’t reach the scheduling team, they may not be reassigned, and the planes flew empty.
So as to add insult to injury, the group’s data shows greater than 500 incidents where these “position ferries” were flown on the identical routes where passenger flights were cancelled.
In response to questions from The Independent, a spokesperson for Southwest said that it has been spending roughly $1bn on IT upgrades and maintenance annually. He said the corporate replaced its reservations system in 2017, its technical operations record system in 2021, and its “human capital management system” in 2022.
Although Southwest chief executive Bob Jordan has apologised and accepted responsibility for the incident, he downplayed the role of software, telling The Latest York Times: “There’s been confusion over ‘well, your technology failed.’ The technology didn’t fail; it worked as designed. Our processes worked as designed; they only were all hit by overwhelming volume.”
He added that in 2022, eight latest versions of SkySolver were released.
Hackers are probing America’s water treatment system
In February 2021, a water treatment plant employee in Florida noticed his mouse cursor dancing across the screen by itself.
Before his eyes, the cursor opened up various programmes that controlled the water treatment process and boosted the extent of sodium hydroxide – a toxic substance commonly referred to as lye, which is utilized in drain cleaner and in small amounts to remove metals from drinking water – to 100 times its normal level.
The sabotage was swiftly reversed, and the plant had physical safety systems that may have stopped lye-rich water from being piped into anyone’s home. Yet the incident illustrated how America’s roughly 50,000 community water systems, often run by local governments and without their very own dedicated cybersecurity staff, may very well be tempting targets for hackers.
This was removed from the primary or the one incident. Between 2019 and 2021, cyber-attacks struck water and wastewater institutions in California, Maine, Nevada, Latest Jersey, Kansas and beyond, in line with the US Cybersecurity and Infrastructure Security Agency (CISA).
One other study found 25 incidents reported by US water utilities in 2015 alone, noting that there could also be others never reported.
CISA also warned that water treatment plants “commonly use outdated control system devices or firmware versions, which expose [them] to publicly accessible and remotely executable vulnerabilities.”
Outdated software was actually guilty within the Florida case, where investigators found multiple off-site computers running old versions of Microsoft Windows, sharing a single password to access a distant access programme that had been replaced about six months beforehand but never actually removed.
As CISA’s then head Chris Krebs wrote, “Unfortunately, that water treatment facility is the rule quite than the exception.”
Trellix, the cybersecurity firm, says its research has found that many critical infrastructure institutions are “extremely vulnerable to attack” because they don’t follow cybersecurity best practices reminiscent of keeping software up so far.
“Given the FAA outage last week, it is obvious that outdated security systems and siloed legacy architectures are not any longer fit for purpose,” says John Fokker.
“A successful attack could have a potentially devastating impact. It could halt operations which could have a far-reaching and widescale effect – not only on the organisation itself, but staff members, customers, and even on society as a complete.”
Why do software glitches go unfixed?
In lots of these cases, there have been ample warnings. OpsGroup and ICAO have been lobbying to repair NOTAM for years, while the FAA has long been working to modernise the system.
Meanwhile, SWAPA has referred to SkySolver as “a house of cards”, claiming that Southwest has ignored its entreaties about “quite a few and ever-increasing meltdowns”.
So why do technical debt and other software hang-ups persist?
For water systems, the issue is straightforward: hundreds of small institutions run by often under-funded local governments, often sharing their IT staff with other departments.
“When an organisation is struggling to make payroll and to maintain systems on a generation of technology created within the last decade, even the fundamentals in cybersecurity often are out of reach,” wrote Krebs in 2021.
CISA also noted: “[Water] facilities are inconsistently resourced municipal systems – not all of which have the resources to employ consistently high cybersecurity standards… [they] are likely to allocate resources to physical infrastructure in need of alternative or repair (eg pipes) quite than It infrastructure.”
Harteveldt says there’s the same problem within the aviation industry, which suffers from an unusual combination of heavy tech dependence and poor tech investment. “While you talk over with an airline CEO about an investment, they are going to let you know they’d quite buy an airplane, because they know that is what makes them money – quite than take half the cash an airplane would cost and invest it in IT, [which could take years to start out showing a return.”
Mockingly, he argues, the industry launched essentially the primary e-commerce business back within the Sixties when it created a computerised nationwide booking system. Today, nevertheless, its high costs and low profit margins mean firms tend to speculate around one to 2 percentage points less of their annual revenue in IT than other sectors.
For the FAA and other state agencies, there are the normal problems of taxpayer funding: budgets getting used as a political football, bureaucratic inertia and, within the US, a persistent legislative gridlock that has left the FAA still run by a brief acting administrator, with no everlasting chief confirmed by Congress.
“In the event you are a hotshot IT skilled and you must work in an environment where you have got state-of-the-art technology, and leadership that appreciates the importance of technology, you almost certainly will not be going to hunt down a profession either on the FAA or at an airline,” says Harteveldt.
Junade Ali’s research has also found basic problems shared across various sectors. “I spent much of the early a part of my profession successfully coping with egregious levels of technical debt. I’m afraid the road to addressing it requires persistence and the success rate for many is low,” he says.
Constructing genuinely resilient software – let alone unwinding past technical debt – is usually slow, complex and expensive work, requiring serious investment, commitment from leadership and specialised practices reminiscent of constructing automated tests to catch errors and monitor software while it’s running.
“Estimates vary, but most research converges on the statistic that only one-third of digital transformation efforts ultimately find yourself being successful,” he concludes.
For the air industry, Harteveldt is optimistic, saying: “I believe the Southwest event, along frankly with the NOTAM event, will probably be a catalyst for plenty of airlines, not only within the US but all over the world… if the final result of it is a recognition by airline leadership that they should do a a lot better job of investing in technology than they’ve, then ultimately these catastrophes won’t have occurred in vain.”
If not, Harteveldt fears the implications. “The FAA collapse is alarming since it illustrates the fragility of the FAA’s systems, and air travel within the US is mission critical to how our country functions,” he says.
“Imagine if an air traffic controller was giving misinformation because someone had hacked the tower system, giving approval to 1 aircraft to do one thing and one other aircraft to do something else, and it resulted in a collision… I believe that is the thing that everyone who works with aviation technology fears most.”