What happened
On the afternoon of 23 June 2015, New Zealand's domestic air traffic control services experienced a sudden, unexpected interruption lasting approximately four minutes. The outage originated at the national air traffic management centre in Christchurch, where sector controllers lost both radar surveillance and radio contact with aircraft under their supervision.
As the disruption unfolded, radar targets on controller screens transitioned from green to orange, indicating that the system was merely displaying interpolated positions rather than live data. Simultaneously, radio communications failed, and many controllers found that alternative radio frequencies were also non-functional. The telephone system, which links the Christchurch centre to regional airport control towers, was also disrupted.
During the outage, 42 aircraft were operating within New Zealand's airspace. While the majority of the impact was felt through 49 delayed departures and 19 flight cancellations, three aircraft were forced to hold en route. The duty manager responded by instructing all aircraft to land or follow existing flight plans while increasing vertical and horizontal separation distances.
The investigation
The Transport Accident Investigation Commission (TAIC) investigated the event, examining the digital data network that integrates New Zealand's radar, radio, and telephone services. Investigators interviewed air traffic controllers from both Christchurch and Wellington, consulted airline operators, and engaged digital network engineering specialists to analyze the failure.
Technical analysis revealed that the outage occurred during a maintenance program intended to migrate services to a different part of the digital network. The investigation focused on the behavior of the digital data network and the adequacy of the existing regulatory framework for managing aeronautical telecommunications.
Findings
The investigation established that the service interruption was caused by a broadcast storm triggered by a software code error in a network device. This storm overwhelmed the digital data network, preventing essential traffic from reaching the control centre. The disruption ceased only after the faulty device was removed from the network.
Further findings highlighted systemic vulnerabilities:
- The digital data network managed by Airways Corporation of New Zealand Ltd lacked the necessary resilience to maintain air traffic services during such an event.
- The existing Civil Aviation Rules (Part 171), which govern the management of aeronautical telecommunications networks, were outdated and did not sufficiently address modern digital network technology.
- The Civil Aviation Authority of New Zealand lacked the specific technical capability required to independently verify if the network met all necessary performance and safety requirements.
Safety action
Following the incident, Airways engaged external specialists to review its network architecture and has since implemented numerous recommendations to improve system management. The company also updated its training for network engineers to emphasize the organizational risks associated with technical tasks.
The Commission recommended that the Secretary for Transport restructure Civil Aviation Rules Part 171 to ensure the regulations are contemporary with modern software and navigation technologies, allowing the CAA to better oversee the safety of the aeronautical telecommunications network.