When the airport ransomware disruption Europe faced on 20 September hit the headlines, the immediate stories were all about delayed departures, handwritten boarding passes, and lost baggage. But look past the chaos in terminal queues, and there’s a harder truth: airlines are dangerously dependent on outsourced airport systems, and the resilience of those systems varies wildly depending on which terminal you happen to fly from.
At the heart of the disruption was Collins Aerospace’s vMUSE check-in platform, a workhorse behind shared desks, kiosks, and baggage belts at airports across the continent. When ransomware paralysed its European nodes, carriers had little choice but to revert to manual processes. Brussels collapsed under the pressure, cancelling half its schedule. Berlin Brandenburg clogged up with queues that stretched through the concourse. Heathrow was hit too, but Terminal 5 carried on smoothly – because British Airways had invested in a back-up system that bypassed the Collins outage. That contrast should set alarm bells ringing.
Why was Europe so badly affected compared to the US or Asia? Market share and infrastructure choices. Collins’ system has deep penetration in European hubs, where airlines frequently share check-in counters. In America, the big three carriers run largely proprietary technology. In Asia, the field is more diverse, with Amadeus, SITA, and local systems providing a patchwork of resilience. Europe, meanwhile, put too many eggs in Collins’ basket – and when that basket was kicked, half the airport industry went tumbling.
The uncomfortable takeaway is that this was less about a sophisticated cyber offensive, and more about poor disaster recovery. The ransomware variant was described by security researchers as “incredibly basic.” Yet it still managed to shut down check-in at some of the world’s busiest airports for days. If Collins was slow to contain it, the airports themselves seemed paralysed. Manual fallbacks should be a stopgap, not the sole defence when systems fail.
That’s where the airlines come in. They are the customers paying airports and ground handlers for passenger processing. British Airways proved at Terminal 5 that it’s possible to maintain service continuity even when a major supplier fails. The obvious question: why weren’t Brussels or Berlin prepared with something similar? It’s time carriers challenged airports to provide more robust redundancy and stop hiding behind outsourced IT contracts.
The second lesson is for governments. This wasn’t an air traffic control failure, but it was a matter of national interest. Long queues, stranded passengers, and cancelled flights aren’t just inconvenient; they have economic and reputational costs. Regulators are quick to mandate safety drills, but rarely ask how airports would cope with a ransomware hit. Perhaps they should. If Friday’s events proved anything, it’s that too many European airports would struggle to pass that test.
The airport ransomware disruption Europe endured has already prompted finger-pointing at Collins Aerospace, and rightly so. But focusing only on the vendor misses the bigger issue. If a single contractor can paralyse half a continent’s airport check-in desks, then the airports themselves have failed in their duty to plan for disruption. Heads may need to roll, not just in a supplier’s IT department, but in the C-suites of the airports that left their airlines exposed.
Passengers will remember the queues and cancellations – those impacted should follow our guide Your Flight Was Cancelled: Know Your Rights. Airlines will remember the lost revenue. And regulators should remember the warning shot. Because unless Europe – and specifically its Cybersecurity agency – starts demanding stronger cyber resilience in airport systems, it won’t be the last time passengers find themselves queuing for a handwritten boarding pass. The next airport ransomware disruption Europe experiences could be worse – and this time, there’s no excuse for being unprepared.
Leave a Reply