top of page
Search

The need for digital resilience

Andrew H

The recent National Air Traffic Service (NATS) downtime has caused severe disruption to travellers in the UK and highlights the need for digital resilience.


In cyber security, the CIA triad (confidentiality, integrity, and availability) is commonly referred to, but resilience is a critical factor in overall security.


More than a quarter of flights were cancelled in and out of UK airports on Monday (28 August). 24 hours later and 5% of flights were still being impacted.


NATS confirmed the interruption was not likely caused by a cyber-attack, inferring either they had an early diagnosis of the fault but withheld it, or they did not have any indications of a cyber incident – such as a security log detected by their cyber security team.


The technical issue with air traffic services was fixed within hours, however the cause of the fault is still not known (at time of writing).


The ensuing downtime of NATS was long enough to cause vast disruption, with aircraft and crew displaced as a result, and passengers left with reorganising their journeys with their airlines.


A media frenzy ensued, with various claims circulated – including that a French airline could have caused the UK’s air traffic control shutdown.


Whatever the cause of the fault, it does raise interesting questions about how digitally resilient our critical national infrastructure is.





What is meant by digital resilience?


Being digitally resilient effectively means you can deliver business as usual through other means if a system or service fails. When designing digital systems or services, you factor in elements that can go wrong and have more than one system to provide back up. For example, geographic dispersal of systems in the event of major weather events – therefore if your datacentre is taken out in London, you have another one elsewhere in the country. Thus, you reduce the risk of both being taken out by the same event.


This theory is applicable in datacentres too – by separating servers you reduce the risk of a single point of failure.


Technology diversity is another way to build resilience, by using different platforms, solutions, and vendors, you reduce the risk of complete system failure. Others may argue this is common sense, however by designing services like this you increase the size of the supply chain, complexity of maintaining BAU, and crucially you increase the cost (which is likely to be a significant issue for companies).


In the case of NATS, throughout the pandemic the airline industry in the UK saw a 99% drop in passenger numbers (equating to £250bn in 2021).


It is hard not to look past the fact that there are huge budgetary pressures on the airline industry (and the UK as a whole), which will influence how board rooms prioritise their investments.


The cost of inaction is a harder sell to the board, than a return on investment. However, in the case of NATS the reputational damage and cost of this incident is highly likely to outweigh any digital resilience investment (but hindsight is a wonderful thing).


If you want to find out more about cyber security or digital resilience, please contact us.

13 views0 comments

Recent Posts

See All

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating

Interested in finding out more?

A member of the team will contact you shortly

bottom of page