The FAA Outage and the “Cyber Resiliency Gong” That Businesses Need to Hear

Avatar photo
Art Ocain

 

Airiam Field CISO and CIO Art Ocain discusses yesterday’s FAA outage in this short clip. In the video, he looks at how the situation illustrates the dangers of technical debt building up, complex legacy systems, poor documentation, improper backup management, and lack of cyber resiliency planning.

Danger of Technical Debt

In recent years, there have been a number of methodologies developed such as site reliability engineering, devops, and cyber resiliency engineering that could have helped the FAA reduce its risk. It is worth noting that the FAA likely had a significant amount of technical debt. Technical debt refers to outdated and fragile systems that are not properly documented or set up. Often, these systems are neglected because individuals are too busy working on new projects. However, these systems still require maintenance, updates, and changes, and they may be crucial to the infrastructure. This neglect can create a vulnerability if there is a failure in the hardware or software and it is not addressed. The FAA outage is an example of how technical debt can impact an organization and its operations.

Backups and Resilience

The FAA outage highlights the need for appropriate resilience strategies. It is apparent that the FAA did not have a plan in place to handle the outage, lacking redundancy, automation, and proper documentation. The slow and difficult recovery process suggests inadequate documentation, damage assessment, monitoring, and root cause analysis capabilities, as well as a lack of simplicity. Simplicity is crucial for resilience as it makes recovery easier in case of an incident. Furthermore, it seems that the FAA had no effective immutable backup or restore methods in place or the restore method was too slow, making it a last resort for recovery rather than a reliable solution.

Learn From the FAA Outage

What impacted aviation in a massive way yesterday should not be seen as an outlier. These issues also plague small and medium sized businesses. This means the lessons learned from the FAA situation can be applied to other organizations too. Organizations should allocate resources towards addressing technical debt, and ensure resilience for fragile systems, critical infrastructure, and key assets of the organization. It is crucial for organizations to objectively evaluate what is most important to them and build resiliency in those areas.

In Airiam’s first-ever live webinar on February 1st, Art will cover the ways companies can improve their cyber resilience and be ready. Do not let your operation suffer an outage like the FAA’s. Register for the webinar now to get started.

New Resources In Your Inbox

Get our latest cybersecurity resources, content, tips and trends.

Other resources that might be of interest to you.

E-Greetings or E-Threats? The Era of Holiday E-Cards

E-Greetings or E-Threats? It’s the holiday season! This means sweet treats, lights and ornaments, and holiday cards with well wishes. Unless you’ve been living under a rock, sending and receiving holiday greetings has evolved from traditional paper car
Vivian Lee
>>Read More

Rebuild Your Business After an Attack: Threat Actors Webinar

 Rebuild Your Business: Webinar Summary Airiam and MOXFIVE wrapped up the second of our Threat Actors webinar series! Art Ocain and Ben Hartwick were great hosts walking us through a ton of information on how to rebuild your business after an attack.
Vivian Lee
>>Read More

Top Managed Detection and Response (MDR) Solutions in 2025

Cyberattacks now cost businesses an average of $4.35 million per breach, and that figure is climbing. But perhaps even more telling is this: 60% of small-to-medium businesses suffered a cyber attack in the past year, and nearly half of them couldn’t st