After FBI Warning, Alaska Airlines Grounded; Salt Typhoon Suspected

Forbes

21-07-2025

Alaska Airlines grounded its jets during a sudden systemwide halt in operations, highlighting ... More growing concerns over aviation cybersecurity and digital infrastructure resilience.
Late Sunday evening on July 21, 2025, Alaska Airlines grounded all of its mainline aircraft due to what it described as a 'technology issue.' Operations halted at approximately 8 p.m. Pacific Time and resumed just before 11 p.m., but delays rippled into Monday morning, a peak travel period across U.S. airports. Horizon Air, its regional partner, was also impacted. The timing, the scale and the abruptness of the incident set off alarm bells across both aviation and cybersecurity communities.
On June 27, 2025, the FBI issued a chilling warning that America's airlines are under active cyber threat. That warning now appears increasingly justified. The Alaska Airlines outage, while not officially confirmed as a cyberattack, bears the hallmarks of the kind of disruption federal agencies have been cautioning against: targeted, sudden and systemwide.
This was not an isolated glitch in airline, aviation or airport systems. It was the latest and most visible example of the growing digital fragility that now defines modern infrastructure. It may also be the clearest signal yet that the airline industry must be treated as critical infrastructure, not just in policy but in cybersecurity investment, threat modeling and coordinated response planning.
The Cracks Are Widening
This is not the first time Alaska Airlines has faced operational turbulence linked to technology. In April, a weight and balance software failure led to a full fleet grounding. In January 2024, a door plug detached mid-flight, exposing deep flaws in inspection protocols. And in August 2024, a major cyber incident at Seattle-Tacoma International Airport, Alaska's primary hub, triggered a temporary airport shutdown. Flights were delayed, baggage systems failed and communication networks were severely disrupted. The breach was later attributed to a foreign adversary targeting airport infrastructure, and although no lives were lost, the impact on travel, commerce and public confidence was significant.
These incidents may differ in origin, but they reveal an industry with the same underlying vulnerability, and increasingly dependent on digital systems with limited resilience and redundancy. Airlines today are digital-first operations. Every flight dispatch, crew assignment, maintenance record and gate assignment depends on software. When that software fails or is compromised, the damage is not measured in lost productivity alone. It affects lives, safety and the stability of national infrastructure.
Likely Culprit? Salt Typhoon And The Expanding Cyber Battlefield
Although Alaska Airlines has not formally attributed this latest disruption to a cyberattack, many in the cybersecurity community are watching closely. One name that continues to surface is Salt Typhoon.
Salt Typhoon is a Chinese state-sponsored threat actor linked to the Ministry of State Security. It has built a reputation for targeting telecom networks, government systems, and infrastructure operators across the United States and allied nations. In 2024, the group successfully infiltrated nine major American telecom providers, gaining access to surveillance routers, administrative credentials and internal metadata flows.
Even more alarming was Salt Typhoon's breach of a U.S. Army National Guard unit. That intrusion began in March 2024 and remained undetected until December. The attackers quietly exfiltrated sensitive configuration files, administrator credentials, internal network diagrams and personnel rosters. According to federal briefings, the attackers had access to virtual private network appliances and domain controllers. That level of penetration enabled not just espionage, but the potential for real-world disruption of military readiness.
The Department of Homeland Security responded with a chilling warning: all U.S. military units must now operate under the assumption that their networks are compromised. This is not theoretical. It is a national security posture shift.
Salt Typhoon's specialty lies in stealth and persistence. Its tools are designed for long-term access, manipulation of edge infrastructure, and preparation for future sabotage. They do not need to launch a full-scale attack immediately. They simply need a foothold. And they are increasingly gaining those footholds in the same types of routers, VPNs and network layers that civilian airlines rely on every day.
The fact that Salt Typhoon has demonstrated the ability to compromise military networks for nearly a year without detection should raise serious questions about the aviation sector's preparedness. Because in today's threat landscape, the line between military and civilian infrastructure is thinner than ever.
Airlines Critical Infrastructure Soft Targets
The Alaska Airlines incident may not ultimately be confirmed as a cyberattack. But the conditions are absolutely ripe for one. Commercial aviation checks every box for high-value critical infrastructure and yet remains one of the most exposed sectors.
To make matters worse, support from the federal government is diminishing. Recent cuts at the Cybersecurity and Infrastructure Security Agency have left fewer resources to assist or intervene. That pushes more responsibility onto private carriers without the tools or funding to keep pace.
Airlines are essential. They are everywhere. And they are underprepared. Unless aviation is treated like the critical infrastructure it is, the next outage may not be a warning. It may be a wake-up call too late.
Responsibility Is Shifting To Private Sector
As federal cybersecurity resources tighten, the private sector must step forward. Airlines, airports, maintenance providers and travel technology companies must now act as if they are on the front lines of national defense. Because they are.
We are entering a new era where IT outages can serve as camouflage for cyberattacks. Where a grounded fleet may be the canary in the coal mine. And where securing our skies will require more than airport screenings and reinforced cockpit doors.
This situation is not unprecedented. The defense industrial base has already faced similar vulnerabilities. In response, the Department of Defense created the Cybersecurity Maturity Model Certification, to establish a scalable and certifiable framework for cybersecurity across contractors.
Airlines would benefit from adopting a similar model. CMMC principles offer a structured path forward:
Cybersecurity in aviation can no longer be viewed as optional. A single weak link in the chain is all it takes to compromise a fleet. The only path forward is a unified industry-wide commitment to resilience, accountability and protection.
A Wake-Up Call At Thirty Thousand Feet
The Alaska Airlines outage is not just another IT incident. It is a warning. A fragile digital backbone. A growing global threat. A clear sign of unpreparedness across one of the nation's most essential industries.
It is time to formally designate airlines as critical infrastructure. It is time to implement cybersecurity frameworks like CMMC across the aviation ecosystem. And it is time to invest in the tools, talent and systems required to protect not just networks but lives.