Cyberattack Grounds Check-Ins at Major European Airports

▼ Summary
– A cyberattack disrupted check-in and boarding systems at several major European airports, including Brussels, Berlin, and London, forcing a switch to manual processes.
– The attack targeted the MUSE software platform from service provider Collins Aerospace, a third-party vendor used by multiple airports and airlines.
– While the impact was contained with minimal flight cancellations, the incident caused significant delays and passenger frustration due to lengthy manual check-in procedures.
– Cybersecurity experts highlighted that the attack exposed vulnerabilities in the aviation industry’s reliance on shared digital systems and third-party platforms.
– The origin of the attack remains unclear, with experts suggesting it could be the work of hackers, criminal organizations, or state actors, and may have been an act of vandalism rather than extortion.
A significant cyber incident over the weekend forced several of Europe’s busiest airports to revert to manual check-in processes, causing notable delays and flight cancellations. The attack did not target the airports or airlines directly but instead breached the systems of a third-party service provider that supports passenger check-in and boarding operations. This event underscores a critical vulnerability within the aviation sector’s extensive digital supply chain.
Initial reports of disruptions emerged from major hubs including Brussels Airport, Berlin’s Brandenburg Airport, and London’s Heathrow. The problem originated with Collins Aerospace, a prominent aviation technology company. The company confirmed a “cyber-related disruption” affecting its MUSE (Multi-User System Environment) software, which is used for self-service kiosks that handle passenger check-in, boarding pass printing, and baggage tagging. This forced ground staff to process travelers manually, a much slower procedure that led to long queues and passenger frustration.
Travel analyst Paul Charles described the incident as “a very clever cyberattack,” noting its sophistication in targeting a core system shared by multiple carriers and airports simultaneously. He expressed deep concern that a company of Collins Aerospace’s stature, which typically maintains highly resilient systems, could be compromised in such a way. The attack’s broad reach, affecting operations across different countries from a single point of failure, highlighted a severe systemic risk.
By mid-morning on Saturday, the full impact began to crystallize. Brussels Airport reported nine canceled flights, four diversions to other airports, and at least fifteen delays exceeding an hour. A spokesperson for the airport indicated it was unclear how long the disruptions would persist. Meanwhile, Berlin’s airport authority stated they had proactively severed connections to the compromised systems to prevent further issues, reporting no cancellations directly linked to the attack at that time. Heathrow, Europe’s busiest airport, characterized the impact as “minimal,” with no flights canceled as a direct result, though they declined to specify the number of delays.
The situation on the ground was challenging for travelers. With automated systems offline, the limited number of staffed check-in counters became overwhelmed. Passengers like Maria Casey, who was traveling from Heathrow to Thailand, reported spending three hours in line because baggage tags had to be written out by hand at only two operational desks. The incident revealed how the industry’s shift toward self-service and reduced traditional counter staffing can exacerbate problems during technical failures.
Collins Aerospace, a subsidiary of RTX Corp., assured customers that it was actively working to restore full system functionality. The company emphasized that the issue was confined to electronic check-in and baggage drop, a process that can be mitigated with manual operations. Despite this, cybersecurity experts pointed to the broader implications. Charlotte Wilson of Check Point Software Technologies explained that the aviation industry’s heavy reliance on shared digital platforms makes it an attractive target. She noted that attacks often penetrate through the supply chain, and when a single vendor is compromised, the ripple effects can cause immediate, widespread disruption across borders.
The motivation behind the attack remains unclear. Some experts, like Professor James Davenport from the University of Bath, suggested the incident resembled an act of vandalism more than a financially motivated extortion attempt, based on the initial information available. As investigations continue, the event serves as a stark reminder of the vulnerabilities inherent in interconnected digital infrastructures and the potential for a single point of failure to cause significant operational chaos across the global aviation network.
(Source: Security Week)