A suspected cyber-attack targeting a third-party software supplier has caused major flight cancellations and delays at several European airports over the weekend.
London’s Heathrow Airport and terminals in Brussels, Berlin and Dublin are among those that continue to be impacted by the incident.
US aerospace and defense giant RTX told the BBC that its Muse software was targeted by threat actors. The software helps airlines to digitally check in passengers, validate boarding passes and tag baggage – enabling them to share desks and gates rather than requiring their own.
As such, the outage forced some airlines at certain European airports to check in and board passengers by pen and paper.
Read more on aviation security: Scattered Spider Actively Targeting Airlines, FBI Warns.
“Work continues to resolve and recover from an outage of a Collins Aerospace airline system that impacted check-in. We apologize to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate,” read a notice on the Heathrow Airport website on Monday morning.
“We encourage passengers to check the status of their flight before travelling to Heathrow and to arrive no earlier than three hours for long-haul flights and two hours for short-haul.”
Brussels Airport posted a similar message on its website, but referred to the incident as a “cyber-attack” rather than an outage. It urged passengers to only come to the airport if their flight is confirmed, and to check-in online before they arrive.
Aviation Under Attack
Javvad Malik, lead security awareness advocate at KnowBe4, argued that building cyber resilience requires a focus on people, process and communications as much as security controls.
“Air travel depends on shared systems, so a failure in a common check‑in platform quickly cascades into missed connections, accessibility shortfalls, and staff forced into manual workarounds,” he added.
“It’s why it is important to build in graceful failure by assuming the primary system will go down and rehearsing manual operations, offline boarding, and accessible contingencies, with cross‑trained staff and basic tools ready.”
Charlotte Wilson, the head of enterprise business at Check Point, explained that attacks on aviation targets are increasing in frequency and intensity.
“These attacks often strike through the supply chain, exploiting third-party platforms that are used by multiple airlines and airports at once,” she said.
“To build resilience, aviation companies must take a layered approach: rigorously patching and updating software to close vulnerabilities, continuously monitoring for unusual activity that could indicate an intrusion, and implementing clear, well-tested backup systems that ensure airports and airlines can keep operating even if critical digital tools are knocked offline.”
Improved information-sharing between governments, airlines and technology providers is also vital to accelerate incident response across borders, Wilson argued.
