Cyberattack on check-in software causes chaos at major European airports 

Several of Europe’s busiest airports including Heathrow, Brussels and Berlin have spent the last few days frantically trying to restore normal operations, following a cyberattack on Friday that disrupted the automatic check-in and boarding software used by the airports. 

The European Union Agency for Cybersecurity (ENISA) told the BBC that on Monday they had identified malicious software as being used to scramble automatic check-in systems. 

Brussels airports asked airlines to cancel nearly 140 of their 276 scheduled outbound flights for Monday, according to Associated Press. 

Half of airlines, including British Airways, that were due to be flying from Heathrow were back online in some form on Sunday, following an implementation of a backup system on Saturday.  

Meanwhile, in Berlin, officials told the BBC that some airlines are still boarding passengers manually and they had no indication on how long the electronic outage would last. 

The fallout is not limited to the several European airports, with many of the cancelled or delayed flights to major European hubs such as Paris, Lisbon and Amsterdam. 

Media reports are saying that the target was the software, ARNIC MUSE (Agent-Assisted Check-In Multi-User System Environment) that is owned by Collins Aerospace, an aviation and defence company.  

The software provides airlines with the systems needed to check passengers in and organise boarding. Collins is a subsidiary of RTX, formerly known as Raytheon. 

Cyberattacks have long been a concern for those involved in the aviation sector, particularly as it is regarded as being a part of critical infrastructure. Cyberattacks in the aviation sector have increased by 600% over the past year, according to Thales, a French aerospace company. 

The cyberattack according to cybersecurity expert, Vykintas Maknickas, CEO of NordVPN’s travel eSIM app, Saily, speaking to the Independent, “highlights the increasing vulnerabilities within the aviation sector as airports and airlines continue to rely on the interconnected systems for operations”. 

The incident, in Russell’s view, highlights the issue of Connected Risk, in particular 4th party risk or the suppliers of my partners. This is apparent in the Aerospace sector that is over reliant on third-party providers such as Collins Aerospace.  

Events like this one, or even last year’s event involving CrowdStrike, show that when they are targeted, they impact multiple organisations within the sector, who have an indirect or direct relationship with the supplier. 

Therefore, because of the connected nature of these events, what needs to be understood from corporates and insurers’ perspective, is that the outcomes of these events are protected.