Travellers at Heathrow, Brussels and Berlin-Brandenburg reported long queues as automated systems went down. Airlines were forced to revert to manual check-in and boarding, leading to delays, missed connections and some cancellations. The outage rippled across multiple airports simultaneously, underlining the systemic nature of the failure.
The disruption was traced to Collins Aerospace’s Multi-User System Environment (MUSE), a platform relied upon worldwide for passenger processing. The company, part of US defence and aerospace group RTX, confirmed a “cyber-related disruption” to MUSE but did not provide technical details. Investigations are ongoing, and no hacking group has yet claimed responsibility.
The lack of attribution leaves open whether the incident was a criminal ransomware attack, a state-sponsored intrusion or a targeted exploit of the vendor’s systems. European aviation and cybersecurity regulators are monitoring the situation closely, according to reports.
For the aviation sector, the attack highlights how digitalisation has increased efficiency but also created new points of failure. A single vendor outage cascaded into a continent-wide disruption, grounding airlines’ digital operations much like a cut subsea cable can disrupt internet traffic.
Telecoms operators face similar challenges through reliance on a small number of hyperscale cloud providers, subsea cable operators and OSS/BSS vendors. Both sectors must plan not only for hardware outages but also for the possibility of cyber compromise in core systems.
While airports were able to fall back on manual processes, continuity options in telecoms and data infrastructure are more limited.
The European aviation industry has accelerated digital transformation in recent years, introducing 5G-enabled operations and IoT-based baggage handling. But security has not always kept pace with adoption. Investigations into the source of the attack remain ongoing.
According to David Mound, head of research and community at Shinobi Security, the disruption at Heathrow, Brussels and Berlin isn’t surprising – it’s a textbook supply chain attack.
‘The airports weren’t directly compromised, a weak link in their technology ecosystem was exploited, which is a stark reminder that security is only as strong as the most vulnerable vendor in your supply chain,’ he said.
‘More frequent penetration testing would almost certainly have helped. A once-a-year test is no longer fit for purpose when adversaries are probing 24/7. High-value targets like Collins Aerospace should face continuous red teaming and simulated supply chain attacks to expose and shut down entry points before they’re exploited.’
Mound says this is a a ‘systemic failure in third-party risk management, and it it’s no longer enough to accept a vendor’s security statement at face value’.
He adds that airports must demand independent testing, adopt Zero Trust principles, and ensure vendors only get the minimum access required.
‘Contingency plans also need to be sharper, manual check-in used to be a feasible work around, but the scale of disruption here showed a lack of preparedness.’
‘The aviation industry runs on an intricate web of legacy systems and providers, making it an inevitable target – but inevitability shouldn’t mean acceptance. Cybersecurity is not just an IT issue; it’s a critical business risk with global ripple effects. One breach has disrupted tens of thousands of passengers – if that doesn’t put cybersecurity on the boardroom agenda, nothing will.’
RELATED STORIES
