What Happened Today
On the morning of September 20, multiple major European airports — including Brussels, London Heathrow, and Berlin — were hit by a massive cyberattack. The disruption originated from Collins Aerospace, a U.S. provider of airport IT systems.
The attackers targeted “Muse”, Collins’ core platform responsible for electronic check-in, gate allocation, and baggage handling. As a result, check-in counters and kiosks across several hubs went offline, forcing airlines to switch to manual operations.
The impact has been severe:
Brussels Airport reported the highest number of cancellations and long passenger queues.
London Heathrow saw widespread delays and some flight cancellations.
Berlin Brandenburg experienced partial disruptions, with longer waiting times at check-in.
Rome Fiumicino and other Italian hubs confirmed only minor delays, but remain on high alert.
Who Is Behind the Attack?
While Collins Aerospace has acknowledged the breach, investigations are ongoing. Early intelligence from European cybersecurity units suggests the involvement of a Russian-speaking cybergang known for ransomware campaigns.
Key points:
Attackers likely exploited a known vulnerability in Muse’s middleware, enabling them to disrupt service continuity.
Indicators point toward ransomware, though no official ransom demand has been confirmed.
The scale suggests either a state-sponsored group or a highly organized criminal gang with resources to coordinate attacks across multiple countries simultaneously.
Why Airports Were So Vulnerable
The incident highlights a critical weakness in the aviation supply chain:
Third-party dependency → A single vendor’s compromise had cascading effects across multiple nations.
Legacy integration → Many airport systems rely on older software modules that struggle with patching and monitoring.
Centralized architecture → Muse’s centralized data flows became a single point of failure, lacking sufficient regional redundancy.
This mirrors past supply-chain attacks (e.g., SolarWinds 2020, Kaseya 2021) but with immediate, real-world consequences for travel and safety.
Immediate Consequences
Flight Operations: Hundreds of flights delayed or canceled across Europe.
Passenger Experience: Long queues, missed connections, increased stress at airports.
Airline Costs: Millions in potential compensation, rebooking, and customer service.
National Security Concerns: Aviation is classified as critical infrastructure; this breach exposes weaknesses that adversaries could exploit in more targeted ways.
Long-Term Implications
Resilience Planning
Airports and airlines must build manual fallback procedures and conduct regular stress tests for scenarios where digital systems go offline.Vendor Audits
Critical infrastructure operators will need deep audits of third-party vendors, ensuring compliance with EU NIS2 Directive standards on cybersecurity.Geopolitical Risks
If attribution to a Russian-linked cybergang is confirmed, this could escalate already tense EU-Russia cyber relations. Sanctions, indictments, or counter-cyber operations may follow.Tech Innovation
Expect rising demand for zero-trust architectures, distributed cloud systems, and AI-based anomaly detection to spot and mitigate intrusions before they cripple entire networks.
Lessons Learned
This cyberattack is not “just another IT glitch.” It is a wake-up call for Europe’s critical infrastructure:
Redundancy matters: airports must diversify suppliers and ensure backup solutions.
Transparency matters: passengers deserve real-time communication when disruptions occur.
Preparedness matters: cybersecurity drills must move beyond theory and simulate high-impact outages.
As one European security official told Sky TG24: “We cannot allow a ransomware gang to dictate whether planes take off or not. This is about sovereignty and resilience.”
