The European Union's ENISA cyber security agency and the UK's National Cyber Security Centre (NCSC) have activated their resources in response to a devastating ransomware attack on the systems of Collins Aerospace, a leading supplier of business and commercial aviation services. The attack, which was first detected late on Friday, 19 September, caused widespread disruption across Europe, resulting in flight cancellations and delays at major airports including Heathrow, Berlin Brandenburg, Brussels, and Dublin.
As staff fell back on manual procedures to mitigate the disruption, passengers were left facing significant delays and inconvenience. According to a spokesperson for Collins Aerospace, neither the company nor its parent organization, RTX, have disclosed any further information beyond confirming that they are responding to a cyber incident. However, it is understood that the attack was first detected late on Friday, 19 September, and continued into Saturday.
On Monday, 22 September, ENISA confirmed that the disruption was caused by ransomware. In a statement circulated to media, a spokesperson said: "ENISA is aware of the ongoing disruption of airports' operations, which were caused by a third-party ransomware incident. At this moment, ENISA cannot share further information regarding the cyber attack." A spokesperson for the NCSC added: "We are working with Collins Aerospace and affected UK airports, alongside Department for Transport and law enforcement colleagues, to fully understand the impact of an incident. All organisations are urged to make use of the NCSC's free guidance, services, and tools to help reduce the chances of a cyber attack and bolster their resilience in the face of online threats."
A spokesperson for Heathrow Airport issued a statement saying: "Work continues to resolve and recover from an outage of a Collins Aerospace airline system that impacted check-in. We apologise to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate." The spokesperson advised passengers to check the status of their flight before travelling to Heathrow and to arrive no earlier than three hours for long-haul flights and two hours for short-haul.
According to ESET global cyber security advisor Jake Moore, when the supply chain is attacked in the aviation industry, the disruption can have a damaging global scale. Moore said: "Since the outage stems from a third-party provider for check-in and boarding systems, it shows how a single point of failure can ripple quickly across multiple countries, causing widespread problems. Like any industry, airports and airlines must ensure they can fall back on manual or alternative systems smoothly, but this is made more difficult with such a preciously managed environment."
Moore also emphasized the need for regulators to tighten standards even further for critical aviation IT suppliers, highlighting that the impact of the attack demonstrates how fragile such systems can be in a digitally focused world. He added: "Whether this was a deliberate disruption attack, a financially motivated ransom or a major technical failure, the impact demonstrates how fragile such systems can be in a digitally focused world."
The recent cyber attack on Collins Aerospace has highlighted the vulnerability of critical aviation IT systems to disruption and cyber threats. As the aviation industry continues to navigate the complexities of digitalization, it is clear that vigilance and resilience are essential for mitigating these risks. By working together with regulators, airlines, and other stakeholders, we can ensure that such disruptions are minimized in the future and air travel remains safe and efficient.