Cyberattack on airport check-in systems disrupts flights across Europe

Major airports in Europe, including Heathrow in London, Brussels, and Berlin, are facing widespread flight cancellations and delays after a significant cyberattack targeted the MUSE check-in and boarding system software supplied by Collins Aerospace. The incident, which began over the weekend, has underlined the escalating threat cybercrime poses to critical infrastructure with ripple effects across the continent's interconnected aviation sector.

Airports were forced to revert to manual check-in systems as IT specialists and airport staff scrambled to restore services. Brussels Airport took the unprecedented step of requesting that airlines cancel half of Monday's scheduled departures due to the system remaining offline. The impact of the attack was felt beyond airport terminals, with thousands of passengers stranded and broader travel plans thrown into disarray.

Cybersecurity analysts are now warning that the true scale and cause of the disruption may take weeks or months to uncover.

Jeff Wichman, Director of Incident Response at Semperis, provided further insight into the operational dynamics of such attacks. "Ransomware attacks against airlines and airports often fly under the radar but are no less disruptive than attacks on healthcare organisations and our food suppliers. The reality today is that ransomware attacks on airlines don't just cause IT downtime, they often cascade into grounded planes, stranded passengers and millions of dollars in losses." Wichman revealed that attackers often exploit identity systems such as Active Directory, with most incidents targeting organisations during weekends and holidays, precisely when security staffing is typically reduced.

Geopolitical dimensions are also being considered. Tom Kellermann, Vice President of Cyber Risk at HITRUST, linked the attack to broader tensions between Russia and NATO. "It is my belief that this was a Russian cyberattack against NATO countries as an escalation that ran in tandem with their recent incursions into NATO airspace. Geopolitical tension is spilling over. The aviation industry faces a systemic cyber threat of island hopping," he noted, urging organisations to intensify monitoring of third-party systems and reassess vendor management.

The nature of the supply chain in aviation adds layers of complexity and vulnerability, says Gary Cannon, transport practice lead at NCC Group. "Airports sit at the intersection of critical infrastructure and international travel, making them attractive for the level of disruption cyber attacks can cause. As we've witnessed, the European aviation ecosystem is heavily interconnected and attacks on its shared stakeholders have a knock-on effect across borders." Cannon cautioned that reliance on single suppliers for key systems intensifies the risk, and without prioritising cybersecurity on par with physical safety, the sector could face cascading failures impacting trust, operations, and passenger safety.

The role of supply chain security was also highlighted by Rob Demain, CEO of e2e-assure. "The attack on Collins Aerospace is yet another example of the risks posed by supply chain/third-party cyber-attacks and the cascading results of interconnected infrastructure." He noted the necessity for companies to integrate cyber resilience into business continuity planning, calling for regular drills and coordinated responses beyond basic data backups to ensure a rapid and effective reaction.

Edward Lewis, CEO of CyXcel, echoed these sentiments, stating, "This disruption shows how fragile critical infrastructure can be when third-party suppliers are hit. Airports invest heavily in their own defences, but if shared technology is compromised, the impact ripples across multiple sites." He emphasised that putting efficiency ahead of security is no longer sustainable and called for resilience and security to be treated as equal priorities within the aviation industry.

Bernard Montel, EMEA Technical Director and Security Strategist at Tenable, observed, "This is a live and developing situation so the full details of the exact nature of the disruption is not yet known. That said, the fact that multiple international airports are impacted serves as a sharp reminder of the profound risks that vulnerabilities and insecure configurations in third-party systems can create." He highlighted that while the identity and motives of the perpetrators remain secondary at this stage, the incident underscores the necessity for organisations to proactively secure the digital foundations of critical services. "Truly robust security begins with a strong foundation: identifying the systems that underpin our most vital services and proactively mitigating the vulnerabilities that attackers are most likely to exploit. This is the only way to effectively neutralise the risk," Montel stated.

While work continues to bring affected airport operations back to normal, industry voices agree the incident stands as a stark warning. The aviation sector, whose digital infrastructure now underpins every aspect of its operations, must implement robust cybersecurity measures and foster a culture of preparedness. As the investigation unfolds, the incident may serve as a pivotal moment, prompting the industry to rethink and strengthen its cyber defences in an ever-evolving threat landscape.