It is being widely reported that a number of American Airlines flights were delayed yesterday (Tuesday) evening when pilots were unable to view flight plans on their iPads because of a software glitch. The number of planes affected is unclear, and the delays appear not to have been too severe; but it is a great example of how technological innovation brings with it new risks. It seems clear that the move to a paperless cockpit (which American Airlines completed in 2013) brings great efficiency benefits but, as with any other change, it is important to identify what new risks are introduced along with the technology. As with any IT system, one should look at risks under three headings:
- Confidentiality – keeping sensitive data from those who should not have access to it;
- Integrity – ensuring that the data is not corrupted; and
- Availability – ensuring that data is available to those who need it, when they need it.
The acronym “CIA” is a useful pnemonic. Yesterday’s incident was clearly an issue of availability, but airlines (AA is certainly not unique in going paperless) also need to satisfy themselves that risks to confidentiality and data integrity have been identified and, where appropriate, mitigated.