While three major airports in Europe were the main victims of a cyberattack over the weekend, the fallout has hit airports of all sizes with cancelled flights and wider concerns around cybersecurity.
London Heathrow (LHR), Berlin Brandenburg (BER) and Brussels (BRU) were the three airports primarily affected by the cyberattack on third-party provider Collins Aerospace. However, other airports including Dublin have also been affected, although the impact has been described as “minor” at these smaller airports.
The attack affected check-in and baggage systems with the three airports having to resort to manual check-in and boarding processes.
Cyberattack on Collins
RTX, the parent company of Collins Aerospace, said it was “aware of a cyber-related disruption to its MUSE software at “select airports.” It also said it was working to resolve the issue as quickly as possible.
According to aviation analytics firm, Cirium, on Saturday 20 September a total of 35 departures and 25 arrivals were cancelled across London Heathrow (LHR), Berlin Brandenburg (BER) and Brussels Airport (BRU).
Brussels saw the highest number of flight cancellations (15), followed by Heathrow (13) and Berlin (7).
Sunday saw an increase in cancellations with 38 departures and 33 arrivals cancelled across the three airports.
Cirium’s data showed that in total there were 673 departures scheduled from LHR on Sunday 21 September, 256 from Brussels and 270 from Berlin.
While the European Commission confirmed that aviation safety and air traffic control were unaffected the attack still had a wide-reaching impact beyond the three primary hubs with cancelled flights impacting those travelling to/ from other airports across Europe.
Although Collins is thought to be in the final stages of completing updates to help restore full functionality to its systems, airports and their passengers still faced disruptions to services on Monday 22 September. One report for AP News said that Brussels Airport had asked airlines to cancel half of the 276 scheduled departing flights on Monday, because “Collins Aerospace is not yet able to deliver a new secure version of the check-in system.”
Digital disasters increasingly common
Aviation and travel expert Paul Charles told Sky News he was “surprised and shocked” by the “very clever attack”. He also noted there will be concerns at the vulnerability of such systems, with this latest cybersecurity threat coming amid a rise in such attacks on the aviation industry.
Due to the vast amounts of data being processed and reliance on shared systems, airports and airlines are an increasingly attractive target for cyber criminals.
According to Tara Spielhagen, co-founder and CEO at Swiipr, “Digital disasters are becoming more common, and the financial effects these have on airlines [and airports] can be huge.”
She added: “Passengers affected by delays are unlikely to be eligible for compensation payments, as the cyberattack will almost certainly be an extraordinary event. But under UK regulations, airlines still have a duty of care towards customers during significant disruptions.
Even as normal operations resume, airlines and airports will still be under pressure to reschedule flights, meet regulatory requirements and support their customers.
With Swiipr a payment partner to many airlines, including those operating out of Heathrow, Spielhagen said she is anticipating a “large number of payments” for passengers following this recent attack.
“When last year’s global IT outage grounded thousands of flights, we saw a 200 per cent rise in payments to passengers from airlines on the first day alone,” she revealed.
Charlotte Wilson, Head of Enterprise Sales at Check Point Software, reiterated: “The aviation industry has been under sustained pressure from cybercriminals for several months, with attacks rising both in frequency and intensity.”
She also noted that Check Point has found that Transport and Logistics sector has consistently ranked among the world’s top ten most attacked industries, with each organisation facing an average of 1,143 cyberattacks per week in recent months.
“This relentless targeting underscores how the aviation industry has become an increasingly attractive target for cybercriminals due to its heavy reliance on shared digital systmes. These attacks often strike through the supply chain, exploiting third party platforms that are used by multiple airlines and airports at once. When one vendor is comprmomised the ripple effect can be immediate and far-reaching, causing widespread disruption across borders,” she added.
To mitigate the threat of a cyberattack, companies must “rigorously patch and update software to close vulnerabilities,” continued Wilson. She also emphasised this challenge cannot be addressed in isolation. “On a European scale, better information-sharing between governments, airlines and technology providers is essential. Cyberattacks rarely stop at national borders, so the faster one country can identify and report an attack, the faster others can take action to contain it. A joined-up defence will be far more effective that siloed responses.”
Cybersecurity is about more than prevention, it’s about resilience
While the organisation behind the cyberattack on Collins’ software and its reasons for doing so are yet to be confirmed, the impact will be felt widely by airports and airlines alike as they look to tighten their cybersecurity belts.
As Pablo Trevino Llorens, Director at Pablosec and network security expert said in a Linkedin post: “When critical infrastructure depends on centralised systems, a single point of failure becomes a crisis…. Cybersecurity isn’t only about prevention, it’s about resilience. When things break, they should degrade gracefully, not collapse entirely.”
Photo: London Heathrow
