Cyberattack hits KLIA, klia2?
IS the systems disruption at both terminals of the Kuala Lumpur International Airport (KLIA) the outcome of an Internet test that has gone awry or network switches crippled by a malicious software?
Experts on network security and transport management approached by the New Straits Timesbelieve technical glitches that disrupted operations at the two terminals in Sepang near here were caused by the latter.
They base their conclusion on a statement by Malaysia Airport Holdings Bhd (MAHB) that it is in the process of rectifying the situation, including “the replacement of hardware equipment”.
A network security analyst believes that MAHB is referring to core switches, which are hardware devices that channel incoming data from multiple input ports to specific output ports.
“I believe two core switches are brand new, whose lifespan could extend up to 15 years.
“It is not normal if the two new switches fail at the same time, as if it was intentional and caused by a cyberattack.
“The failure of these core switches affected the Total Airport Management System (TAMS) network, which is the heart of the two terminals,” the analyst, who spoke on the condition of anonymity, said.
When TAMS failed, the software could not communicate with other systems at the terminals, such as the baggage handling, flight information display, check-in counters and WiFi connection.
Universiti Teknologi Malaysia Centre for Innovative Planning and Development director Associate Professor Dr Muhammad Zaly Shah Muhammad Hussein said it would be a priority for the airport authority and its stakeholders not to leave any stone unturned while carrying out their probe into the incident.
“As long as the forensic report is not complete, I am sure the authorities will not exclude any possible causes, be it sabotage, hacking, equipment malfunction.
“If there is proof of subversive elements, the authorities could get CyberSecurity Malaysia involved in the investigation.
“Though I cannot state opinions on the exact cause at this time, I hope it is just an equipment malfunction, lack of maintenance or human error.
“I hope there is no cyber criminal element involved because that would be quite serious, and it would involve issues with passenger and airline data, and the security of the terminal,” Zaly said.
He urged MAHB to find the cause of the incident and quickly rectify the situation, which included preparing a mitigation plan so that such a thing did not recur.
However, the urban planning and transportation expert said no system was 100 per cent fail-proof.
He said any infrastructure system with international status such as that in KLIA, and mission-critical systems such as TAMS, should be equipped with a back-up system that could take over in the event of a failure with the main system.
“The vendor should be at the facility 24 hours a day, seven days a week and 365 days a year to operate such a mission-critical system together with MAHB.”
In this regard, he said, it was disappointing that Malaysia’s air transport sector received publicity for the wrong reasons.
“The TAMS failure affected the comfort of passengers, and their journey plans were disrupted because of the flight delays, cancellations and late baggage claims and check-ins.
“The huge number of passengers affected by the KLIA glitch will cause a drop in the level of services and quality. We do not want visitors to take home such a bad memory of Malaysia,” said Zaly.
MAHB denied the systems disruption at the terminals was caused by the failure of TAMS.
The airport operator rubbished claims that the failure of the core switches was due to cyberattack as “totally untrue”.
Operations at KLIA descended into chaos as systems disruption led to almost two dozen flights being delayed on Thursday.
MAHB on Thursday said a team was working to rectify the situation, and that “among the solutions that are being employed include the replacement of hardware equipment, which was delivered to the airport and had undergone testing last night (Thursday)”.
Nearly 1,000 staff members were deployed to assist passengers and airlines.
MAHB advised passengers to reach the airport at least four hours before their departure time and to check flight schedules with their airlines.
Passengers were encouraged to check-in via the airlines’ mobile app or website.
The flights affected on Thursday were those bound for Narita, Japan; Perth, Sydney and Melbourne, Australia; Jakarta, Indonesia; London, the United Kingdom; and Hong Kong, China.
It was reported that the information counter was deluged by passengers at noon on Thursday due to the incident, and that the disruption to the airport’s TAMS had slowed the check-in process.
By Ahmad Fairuz Othman, Adib Povera, Sarah Rahim – August 24, 2019 @ 8:30am