Tens of thousands of holidays are ruined. BA IT staff couldn’t get their system fully up and running for a whole weekend. The airline does not believe that a cyber-attack caused the issue. I tend to believe them. A conventional cyber-attack from the outside wouldn’t be able to crash their system this way. But what if it was an inside job?
However, early signs indicate some major differences. First of all, these systems always have backup power supplies which automatically kick in during power failures. Even if the backup power supply fails, and as a consequence the database crashes, there would normally be a failover site where the system could be brought back online at most in a few hours.
Among many others an article in the FT mentions the BA IT jobs which were outsourced to India last year as a possible contributing factor to this outage. Until the airline comes up with a better explanation I tend to believe that this is the most probable cause of the disruption.
It only takes one person inside an IT department to cause enormous damage to the system. All they need to know is a few commands and a privileged user account password to wipe out a whole database.
The turnover rate of IT staff in India is much higher than in the UK. While the vast majority of them are obviously dedicated professionals, I believe the BA system is extremely vulnerable to a single person with a malicious intent inside IT.