Updated on August 14, 2018 by UpGuard
Several of the world's leading airlines are getting the travel season off to a rocky start: last week, American Airlines and Alaska Airlines resolved a technical glitch causing reservation/check-in and delays across 15 flights. With the holidays approaching, can airlines weather mounting losses caused by their aging computer systems and IT infrastructures?
This is the second outage in less than a month caused by technical glitches in Sabre's reservation systems. In October, a glitch impacted multiple carriers' booking services; Southwest Airlines, Virgin America and JetBlue were all affected. Unfortunately, Sabre comprises much of the airline and hospitality industry's information backbone, and the system—introduced by American Airlines and IBM in 1964—is not likely to be overhauled any time soon.
Sabre is certainly not to blame for all of the recent airline outages. In August, a power outage at Delta's Atlanta operations center resulted in 5 hours of computer system downtime, resulting in $150 million in losses and 2,000 canceled flights. In fact, most of the main carriers use this same reservation system built on top of an IBM-developed mainframe OS called Transaction Processing Facility (TPF). Like Sabre, it was designed in the 1960s, with the last major OS update occurring about a decade ago.
The original Sabre program. Source: ibm.com.
Keeping these antiquated systems running smoothly is one thing, integrating them with newer, mission critical systems is another. In Delta's case, the power outage prevented the system from syncing up with new technologies built around it, resulting in the extended downtime. Most large carriers also rely on TPF, including American, United, and Southwest—who also suffered a disruption in July that resulted in 2,000 canceled flights and $54 million in losses.
Cyber Resilience for Airlines
Unplanned outages and business continuity are just a few of the challenges faced by today's airline carriers in the midst of mass digitization. Combating cyber threats is certainly of equal if not greater concern—this year, Asiana Airlines and United Airlines both suffered massive security compromises that resulted in the theft of sensitive data. Like all enterprises, airlines must adopt a strong cyber resilience posture to ensure that outages and data breaches don't bring all operations to a screeching halt.
According to a study by Computer Economics, U.S. and Canadian airlines are projected this year to spend an average of 3% of revenue on IT expenditures. In contrast, commercial banks and healthcare firms are projected to spend 8% and 4%, respectively. An initial step for airlines to achieve cyber resilience may be simply to spend more money when it comes to technology—and in the right areas. This may eventually mean redeveloping aged reservation systems from the ground up, but in the interim—significant expenditures for layered security and better infrastructure integrity are a must. Mobile apps, computerized check-in kiosks, and in-flight wifi are convenient amenities, but most passengers would likely prefer to just get to their destinations on time, in one piece.
UpGuard's resilience platform was designed to ensure that mission-critical systems are always highly available and configured as expected. Our platform monitors your entire environment for quality issues and security gaps, enabling you to remediate vulnerabilities and misconfigurations before they lead to unplanned outages or data breaches.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.