iscover
Airports across Europe experienced widespread disruptions over the weekend following a cyber-attack on a check-in systems provider.
A cyber attack targeting Collins Aerospace, the maker of boarding and check-in systems used by a raft of major European airports, led to widespread disruptions, flight cancellations, and hundreds of late flights over the weekend.
This content is available exclusively to Australian Aviation members.
A monthly membership is only $5.99 or save with our annual plans.
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Unlimited access to all Australian Aviation digital content
- Access to the Australian Aviation app
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Access to our Behind the Lens photo galleries and other exclusive content
- Daily news updates via our email bulletin
- Unlimited access to all Australian Aviation digital content
- Access to the Australian Aviation app
- Australian Aviation quarterly print & digital magazines
- Access to In Focus reports every month on our website
- Access to our Behind the Lens photo galleries and other exclusive content
- Daily news updates via our email bulletin
RTX, the owner of Collins Aerospace, stated that it was aware of a “cyber-related disruption” affecting the company’s software at several European airports, with Heathrow Airport, Dublin Airport, Berlin Airport, and Brussels Airport all reporting some level of disruption.
According to reports from the airports affected by the incident, recovery operations are still underway.
“Work continues to resolve and recover from an outage of a Collins Aerospace airline system that impacted check-in. We apologise to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate,” Heathrow Airport said in a September 22 passenger notice on its website.
“We encourage passengers to check the status of their flight before travelling to Heathrow and to arrive no earlier than three hours for long-haul flights and two hours for short-haul.”
No threat actor has yet claimed responsibility for the incident, though one UK politician called for an investigation into possible Russian involvement.
“After the flagrant violation of Estonian airspace, the government needs to urgently establish if Vladimir Putin is now attacking our cyber systems,” MP Calum Miller, Foreign Affairs Spokesperson for the Liberal Democrats, said.
Three Russian MiG-31s violated Estonian airspace on the weekend, days after Russian drones were shot down over Poland earlier last week.
Here in Australia, however, the incident should be taken as an opportunity to test our own readiness for such an attack, according to Professor of Practice Nigel Phair of Monash University’s Department of Software Systems & Cybersecurity, Faculty of Information Technology.
“The flight delays arising from the outage at Heathrow and other European airports for the electronic check-in and baggage drop show how technically interconnected flying is,” Professor Phair said.
“It highlights the importance of third-party systems connecting airlines, airports and the IT integrators that keep operations running.
“While this hasn’t yet impacted any Australian airports, it demonstrates the need for Australian airlines to redouble their cyber security controls; especially after the recent Qantas data breach.
Professor Phair said that Australian airports need to work on their business continuity plans and rehearse for outages such as this.
Darren Guccione, CEO and Co-founder, Keeper Security, said the incident highlighted that the dependence on shared digital infrastructure has become a dangerous issue.
“A technical incident with a single provider can quickly cascade across multiple airports, which is why resilience, security and visibility are critical in modern infrastructure,” Guccione said.
“Adversaries understand that targeting widely used technology services can result in outsized impact, as demonstrated in countless damaging supply chain attacks. Organisations that rely on third-party systems and vendors need to ensure that every point of access is secured, every connection is monitored, and no user or system is automatically trusted.”
