Fast Facts

• Check-in systems at major European airports crashed Friday due to a cyberattack on Collins Aerospace’s MUSE software.
• Passengers faced long queues, manual boarding passes, and over a dozen flight delays and cancellations.
• No passenger data theft reported, but the investigation is ongoing.
• The attack disrupted operations at Brussels, Heathrow, Berlin, Dublin, and Cork airports.
• Similar attacks on transport infrastructure have surged globally, targeting both operators and their tech vendors.

When Digital Wings Are Clipped

It began as a ripple - a few blinking screens, a line that wouldn’t budge. By midday, the ripple had swelled into a wave, stranding thousands in Europe’s busiest terminals as check-in desks reverted to manual methods not seen since the last century. At Brussels, staff scribbled baggage tags by hand; in Heathrow and Berlin, the normally swift ballet of passenger processing slowed to a crawl. For many, the digital age of air travel came to a screeching halt.

The Target: MUSE, the Airport’s Digital Heartbeat

At the center of the chaos: Collins Aerospace’s MUSE platform - a software backbone quietly powering check-in and boarding for dozens of airlines across continents. MUSE is like a shared power grid for airports: rather than each carrier running its own system, they tap into this central hub to manage passenger flow, baggage, and boarding. This efficiency, however, also means that a single blow to the system can knock out dozens of carriers at once.

The attack forced airports to fall back on manual processes - printing boarding passes, hand-writing luggage tags, and slowing passenger throughput to a crawl. While security and air traffic systems remained untouched, the disruption underscored just how interconnected, and fragile, modern airport operations have become.

A Pattern of Digital Sabotage

This incident is the latest in a growing list of cyberattacks targeting transport infrastructure worldwide. Just this week, UK authorities arrested suspects linked to the Scattered Spider group for a damaging attack on London’s transit systems. In recent years, ransomware gangs and state-backed hackers have zeroed in on critical service providers - often exploiting the weakest digital link in a complex supply chain.

While officials have yet to name the perpetrators behind the airport attack or reveal how they breached MUSE, experts warn that the aviation sector’s reliance on shared platforms like MUSE is a double-edged sword: it streamlines operations but creates tempting, high-impact targets for cybercriminals. For now, there’s no evidence of stolen passenger data, but the investigation continues.

Global Stakes and Digital Resilience

The market for airport IT is dominated by a handful of global vendors, making their systems the digital glue of international travel. As geopolitics increasingly plays out in cyberspace, attacks on these platforms risk not just inconvenience, but economic and reputational damage across borders. With air travel rebounding post-pandemic, the stakes for digital resilience have never been higher.

WIKICROOK

• MUSE (Multi: MUSE is a shared software platform that lets multiple airlines use the same airport check-in, boarding, and baggage systems efficiently.
• Supply Chain Attack: A supply chain attack is a cyberattack that compromises trusted software or hardware providers, spreading malware or vulnerabilities to many organizations at once.
• Manual Operations: Manual operations are tasks completed by humans without digital tools or automation, often used when systems fail or for extra oversight.
• Critical Infrastructure: Critical infrastructure includes key systems - like power, water, and healthcare - whose failure would seriously disrupt society or the economy.
• Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.