Several of the world's leading airlines are getting the travel season off to a rocky start: last week, American Airlines and Alaska Airlines resolved a technical glitch causing reservation/check-in and delays across 15 flights. With the holidays approaching, can airlines weather mounting losses caused by their aging computer systems and IT infrastructures?
This is the second outage in less than a month caused by technical glitches in Sabre's reservation systems. In October, a glitch impacted multiple carriers' booking services; Southwest Airlines, Virgin America and JetBlue were all affected. Unfortunately, Sabre comprises much of the airline and hospitality industry's information backbone, and the system—introduced by American Airlines and IBM in 1964—is not likely to be overhauled any time soon.
Sabre is certainly not to blame for all of the recent airline outages. In August, a power outage at Delta's Atlanta operations center resulted in 5 hours of computer system downtime, resulting in $150 million in losses and 2,000 canceled flights. In fact, most of the main carriers use this same reservation system built on top of an IBM-developed mainframe OS called Transaction Processing Facility (TPF). Like Sabre, it was designed in the 1960s, with the last major OS update occurring about a decade ago.
The original Sabre program. Source: ibm.com.
Keeping these antiquated systems running smoothly is one thing, integrating them with newer, mission critical systems is another. In Delta's case, the power outage prevented the system from syncing up with new technologies built around it, resulting in the extended downtime. Most large carriers also rely on TPF, including American, United, and Southwest—who also suffered a disruption in July that resulted in 2,000 canceled flights and $54 million in losses.
Cyber Resilience for Airlines
Unplanned outages and business continuity are just a few of the challenges faced by today's airline carriers in the midst of mass digitization. Combating cyber threats is certainly of equal if not greater concern—this year, Asiana Airlines and United Airlines both suffered massive security compromises that resulted in the theft of sensitive data. Like all enterprises, airlines must adopt a strong cyber resilience posture to ensure that outages and data breaches don't bring all operations to a screeching halt.
According to a study by Computer Economics, U.S. and Canadian airlines are projected this year to spend an average of 3% of revenue on IT expenditures. In contrast, commercial banks and healthcare firms are projected to spend 8% and 4%, respectively. An initial step for airlines to achieve cyber resilience may be simply to spend more money when it comes to technology—and in the right areas. This may eventually mean redeveloping aged reservation systems from the ground up, but in the interim—significant expenditures for layered security and better infrastructure integrity are a must. Mobile apps, computerized check-in kiosks, and in-flight wifi are convenient amenities, but most passengers would likely prefer to just get to their destinations on time, in one piece.
UpGuard's resilience platform was designed to ensure that mission-critical systems are always highly available and configured as expected. Our platform monitors your entire environment for quality issues and security gaps, enabling you to remediate vulnerabilities and misconfigurations before they lead to unplanned outages or data breaches. Give it a spin today—it's free for up to 10 nodes.
If you're one of its 140 million cardholders around the globe, American Express wants you to know that your data is safe. The data breach recently announced by the U.S.' second largest credit card network reportedly involved a partner merchant and not Amex itself.
Read Article >
You’ve spent months with your team designing your company’s security strategy-- you’ve demoed and chosen vendors, spent money, and assured your users that this investment will pay off by keeping their business safe.
Read Article >
The following is a list of 11 online retailers who really should know better when it comes to security.
Read Article >