Civil Aviation Authority systems down – malicious actor not ruled out

Servers operated by the South African Civil Aviation Authority (SACAA) have been down for most of the week after management was alerted to suspicious activity on its systems — and the agency is now probing whether a malicious actor may have been involved.

TechCentral learnt from two pilots on Friday that the servers have been down since Monday, affecting the ability of aviation users to transact with the authority electronically. One pilot said the systems are often used to send hazard and safety reports. Messages on online bulletin boards frequented by pilots suggested the authority’s systems may have been compromised by hackers.

The SACAA is a public entity established in 1998 and is charged with promoting, regulating and enforcing civil aviation safety and security. It is an agency of the national department of transport.

“On the morning of Monday, 1 July 2019, the SACAA learnt that some of its ICT systems did not launch and operate as per the norm. On closer inspection by the relevant ICT personnel, it was noted that some files had suspicious characteristics, which are regarded as anomalies from an ICT perspective,” authority spokesman Kabelo Ledwaba told TechCentral via e-mail in response to questions about the incident. “Upon conducting a preliminary investigation, it was decided that some servers should be disconnected from the network in order to address these anomalies.”

Ledwaba said the SACAA “does not take matters such as this lightly”. Management ordered an internal investigation and notified state security authorities for their “consideration, analysis and possible investigation”.

Only after investigations have been concluded will the SACAA know “with absolute certainty” if there was an individual, or individuals, who may have “deliberately attempted to disrupt the SACAA’s services”, Ledwaba said.

‘Precautionary decision’

“Management took a precautionary decision not to restore some ICT services to ensure that proper investigations are conducted, and all anomalies addressed.”

He assured aviation users that the situation is “under control” and the authority is continuing to provide services to the industry, albeit slower than normal as many of these services are now being offered manually.

“It must be emphasised that the perception that there is a total shutdown of services is absolutely not true,” Ledwaba said. “Moreover, the decision to shut down the servers has no bearing on the SACAA’s ability to oversee a safe and secure air transport network.”

Asked if client or agency data had been compromised or lost, Ledwaba said: “Preliminary indications are that the data has not been negatively affected; the SACAA has business continuity plans which include multiple backups. As soon as it is deemed safe to restore all servers, our customers and all stakeholders will be notified.”

He apologised to clients for the “slowness” in its services as a result of the downtime but said the precautionary action taken by management was warranted.  — © 2019 NewsCentral Media