The Federal Aviation Administration (FAA) late Wednesday pinned the blame for a major system outage earlier in the day on a damaged database file and said it saw “no evidence of a cyber attack” causing the problem.
Early on Wednesday morning, FAA reported that it paused all commercial flights nationwide following an outage to its Notice to Air Missions (NOTAM) system. That system alerts pilots before they fly to closed runways, equipment outages, and other potential hazards along a flight route.
Because of the NOTAM outage, FAA had to pause commercial air travel “to validate the integrity of flight and safety information,” the agency said. The outage caused the delay of thousands of flights in the U.S. on Wednesday morning.
In its latest statement on Wednesday night, FAA said it was “continuing a thorough review to determine the root cause” of the NOTAM system outage, and that its “preliminary work has traced the outage to a damaged database file.”
“At this time, there is there is no evidence of a cyber attack,” FAA said.
The agency said it was “working diligently to further pinpoint the causes of this issue and take all needed steps to prevent this kind of disruption from happening again.”
Secretary of Transportation Pete Buttigieg said Wednesday afternoon that while the safety system’s operations are now “fully restored,” he has “directed an after-action process to determine root causes and recommend next steps.”
Moody’s Investors Service commented late Wednesday that the while the system outage has not been tied to a cyber attack, the situation “highlights how the minute-to-minute operations of US airports and the US aviation sectors rely on systems that are outside of their control and are exposed to cyber risks.”
“FAA and airline staffing systems influence a flight’s take-off and landing, and airlines and the Transportation Security Administration systems, including its passenger screening system, are a second example of a third-party’s information technology system on which airport and airline operations rely,” Moody’s said.
“US airports rarely have passenger data and do not actively provide operational support for processing aircraft,” the ratings agency said. “Airports have been exposed to nuisance attacks like distributed denial-of-service (DDoS) on their websites, which do not sell tickets, or tampering with a terminal’s variable message boards that announce flight and gate arrival and departure.”
