What do we know about the airport security disruptions?
A cyberattack last Friday (September 19) has caused significant disruption to a number of European airports, most notably Berlin, Brussels and London Heathrow.
The EU’s cybersecurity agency, ENISA, said on Monday that a third-party ransomware attack targeted check-in and boarding systems on a widely-used software known as MUSE, operated by US company Collins Aerospace.
Brussels airport canceled half of its flights on Sunday and there were cancelations and delays in Berlin and London with the effects still being felt on Monday. Professor Alan Woodward, a cybersecurity expert, told DW, that this may not be the end of it.
“People will accept delays, but they want to be kept informed. One of the things that frustrates people is sitting in an airport not knowing what on earth is going on. Is this going to affect flights in two, three, four days?”
What problems are the airport cyberattacks causing?
While Collins said that delays to check in and baggage drop “can be mitigated with manual check-in operations” the widespread cancelations show the knock-on effects of staff having to manually write out baggage tags and perform checks usually done online. It also highlights the reliance of major global infrastructure on IT systems that can be compromised.
Cyberattack causes chaos at European airports
To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video
Woodward said some firms under-invest in IT, adding there is legitimate concern that other airports may yet be targeted in this attack. “If it was a ransomware attack, why were only three airports affected?” he said. Collins’ services are used in more than 150 airports worldwide.
For Woodward, who advised the EU’s police agency Europol and has worked for the UK government on such matters, the answer may be that those affected were the ones who installed a compromised update on Friday or, more troublingly, that the attackers are using those breaches we know about as leverage.
“This could now be a case of Collins trying to get out a version they can be sure is clean of any malicious software. Or it could be the attackers are still in some central system that everybody uses and they’re trying to extort Collins by saying: ‘There was our proof of concept. We took three major airports out. If you don’t pay us money, it’s going to spread.'”
What is the latest?
All the airports involved are still impacted to some degree. A BBC report on Monday said an internal memo to Heathrow staff outlined that more than 1,000 computers may have been “corrupted” and most of the work to bring them back online has to be done in person and not remotely. In Brussels, 140 of Sunday’s 276 scheduled outbound flights were binned while Berlin Airport’s website still warns of “longer waiting times” due to an “outage at a service provider.”
The same report claims that a system reboot by Collins was not sufficient to resolve the issue, with hackers still found in the system, adding weight to Woodward’s theory. Collins are still referring to a “cyber incident” rather than an attack and say they are updating their systems.
Who might be behind the airport ransomware attacks?
There has been very little official information so far, particularly on who may be targeting Collins and, by extension, the airports.
Woodward, the cybersecurity expert, said it’s possible that “the usual suspects” of countries, like China, Iran, and North Korea, could potentially be behind such an attack, possibly utilizing criminal gangs as proxies. But one stands out. “If there is a nation state behind this, then they’re playing fast and loose and being very aggressive. And the ones that normally do that, and have the capability, are Russia.”
Woodward stressed that, without any official information, this was somewhat speculative and that “it could be a group of teenagers in their bedrooms for all we know.”
Given the major disruption to people’s lives, he called for greater transparency from those companies involved. “Are they silent because they don’t know, and they’re desperately trying to find out? After 72 hours, are they still none the wiser as to what’s happened? That would be almost more worrying.”
What might the economic impacts of airport cyberattacks be?
In the immediate term, there will be financial hits for the airports and the airlines in the form of refunds, compensation, reductions in footfall and reduced payments to airlines from airports due to the reduced service.
How much are hackers making?
To view this video please enable JavaScript, and consider upgrading to a web browser that supports HTML5 video
Longer term, there may be more serious issues for Collins, owned by the American RTX corporation, which makes weapons and aircraft engines as well as dealing in cybersecurity. “Everybody’s going to be looking at Collins for recompense. That could end up in a horrible court case about who’s actually responsible for this,” said Woodward.
It is unclear at this point whether any personal data has been breached in the attack. If it has, added Woodward, that could be more serious still. “Ransomware attacks tend to not just gum up the works, but they also steal the data and take it away. So even if you repair your system, they say, ‘Well, we’ve still got your data, but we’re holding that to ransom.'”
Fines for breaches of GDPR (General Data Protection Regulation) are levied by individual countries and can be huge. In 2023, Meta, the company that owns Facebook, was fined a record €1.2bn ($1.4 billion) by Ireland’s Data Protection Commission for a breach of GDPR regulations and also paid out vast sums in other countries.
Edited by: Rob Mudge
