Building cyber resilience: Recent airport attack underlines how unprepared many systems are
September 27, 2025
Amid reports a man has been arrested in connection with the recent cyberattack on Collins Aerospace systems, experts reveal why cyberattacks on critical aviation infrastructure are fast becoming the norm.
Man arrested in connection with Collins Aerospace cyberattack
The National Crime Agency (NCA) reported on Wednesday 24 September that a 40-year-old man had been arrested in West Sussex on suspicion of Computer Misuse Act Offences. The arrest was described “as part of an investigation into a cyber incident impacting Collins Aerospace.”
The attack targeted RTX Collins Aerospace’ MUSE system. The airport platform supports check-in, baggage processing and boarding operations. Heathrow, Brussels, Berlin Brandenburg and Dublin were widely reported as the airports most disrupted by the attack.
According to the EU’s cybersecurity agency, ransomware – which is used to disrupt systems while a ransom is demanded – was deployed in the attack, knocking systems offline and causing widespread travel disruptions.
“Although this arrest is a positive step, the investigation into this incident is in its early stages and remains ongoing,” said Paul Foster, head of the NCA’s national cyber crime unit.
Aviation increasingly under threat of a cyberattack
Commenting further on the incident, Charlotte Wilson, head of enterprise at Check Point Software said the arrest shows progress, however the disruption the attack caused is part of a much bigger picture.
“We are seeing a domino effect in aviation, with aircraft and passengers ending up in the wrong places as systems fail. Airlines are on a war footing, and cyberattacks on critical infrastructure are fast becoming the new norm.”
Wilson added that the goal with this sort of attack is disruption and financial gain. “The reality is these attacks are escalating and will not respect borders,” she said. “The only way to protect aviation is constant vigilance, layered defence and faster intelligence sharing between governments, airlines and technology providers.”
Anything less, she continued, “leaves passengers at risk and global travel exposed.”
Collins Aerospace responds to “cyber intrusion”
RTX, the parent company of Collins Aerospace said it is continuing to restore its onsite passenger processing software for airlines impacted by a cyber intrusion. The company also said it had deployed all available resources to restore electronic check-ins and baggage drop operations as soon as possible.
“This is a complex incident, but we are working through the most efficient path forward,” RTX said in a statement on 24 September.
“Our efforts include proactive troubleshooting with airlines and testing with customer networks. As we complete security testing, we will scale deployment of a secure passenger processing system across the affected area.”
As of Thursday 25 September, Heathrow Airport said “the vast majority of flights are now operating as normal”. Brussels Airport also said there is now a “limited impact on airport operations.” However, Berlin Brandenburg said that despite flight operations resuming, “further disruptions are expected with check-in and boarding systems still largely manual.”
According to aviation analytics firm, Cirium, over the three day period from 20-22 September, a total of 123 departure flights were cancelled across Heathrow, Berlin and Brussels, while 94 arriving flights were cancelled.
What can airports and airlines do to protect their systems?
Mantas Sabeckis, a white hat hacker and infosec researcher, said the recent cyberattack should awaken every business relying on digital systems and the third-party vendors behind them.
Crucially, the attack shows how unprepared many important systems are for these kind of threats and how the vulnerabilityof supply chains can put businesses in trouble, said Sabeckis.“This also shows how the vulnerability of supply chains can put businesses in trouble,” said Sabeckis.
“Collins Aerospace isn’t an airport or airline but a software vendor, a third-party provider whose systems connect together vast and complex air travel operations,” he said.
The lesson here, he added is: “Making your own computer and firewalls stronger isn’t enough. Real protection means keeping a close eye on every part of your supply chain. Are vendors’ security practices robust? Do contracts demand transparent vulnerability disclosure? Is patch management swift and audited? Those questions are foundational.
“Then, there’s the often-overlooked fallback mode: manual operations. This hack blew up the digital convenience airports pride themselves on: automated check-ins, seamless boarding. The reversion to handwritten boarding passes and paper manifests was crude but necessary.”
Sabeckis concluded that this latest incident shows that being ready for cyberattacks isnt’ just about building stronger defences. “It means taking care of the entire system – making sure every part, including suppliers is secure, planning for the worst and having backup plans that keep important services running no matter what.”
