Cyberattack on European Airports: Defense Firm Targeted After NATO Deal

A cyberattack on Collins Aerospace’s Muse software disrupted airport operations across Europe on 20 September, causing widespread flight delays and cancellations in Brussels, London Heathrow and Berlin Brandenburg. The incident forced airports to revert to manual check-in and baggage procedures after electronic systems were disabled overnight.

Airports confirmed that passengers faced long queues and slower processing as staff issued paper boarding passes and baggage tags. Brussels Airport acknowledged the disruption as a “cyberattack” with “a major impact on the flight schedule,” while Heathrow and Berlin attributed the issue to a “technical problem” with their service provider. Indirect delays were also reported at Madrid and Barcelona due to flights linked to the affected hubs.

Targeted Software and Company Response

The attack was directed at Collins Aerospace’s Muse platform, which allows multiple airlines to share check-in counters and boarding gates. The U.S.-based company, a subsidiary of RTX, confirmed the incident, stating it had detected “a disruption related to cyber issues in our Muse software at selected airports.”

Collins Aerospace added that the impact was limited to “electronic check-in of customers and baggage delivery” and could be mitigated with manual procedures. The company is working with airports and airlines to restore normal operations. British Airways was largely unaffected, according to the BBC, because it uses an alternative system for check-in and boarding.

Flight Cancellations and Delays

The disruption had a significant impact on Saturday’s flight schedules. Heathrow reported 29 cancellations among departures and arrivals by midday, while Brussels confirmed around 10 cancellations alongside extensive delays. Berlin Brandenburg recorded prolonged waiting times, though fewer flights were cancelled. Airports urged passengers to verify flight status with their airlines before traveling.

Dublin and Cork airports in Ireland reported minor impacts, while major hubs such as Paris Charles de Gaulle, Zurich and Frankfurt indicated they were unaffected. The scope of the disruption underlined the reliance of airports on third-party software providers for passenger processing.

Defense Industry Links and NATO Contract

The incident gained wider attention because of Collins Aerospace’s position within the defense sector. The company recently announced a contract with NATO’s Communications and Information Agency (NCIA) to provide integrated electronic warfare planning and battle management software. The system is designed “to plan, direct, coordinate, synchronize and assess electromagnetic warfare activities,” according to a company statement.

Ryan Bunge, Vice President and General Manager for Command, Control, Communications, Computers, Intelligence and Autonomy at Collins Aerospace, said the tool is “crucial for visualizing electronic warfare threats and automating the use of jammers and sensors.” The agreement, announced just days before the cyberattack, highlighted Collins Aerospace’s close partnership with NATO on defense technology.

As a subsidiary of RTX, Collins Aerospace also provides cybersecurity support and services to aerospace and defense clients worldwide. Analysts noted that the targeting of a dual-use software provider underscores the vulnerability of civilian infrastructure when tied to defense-related firms.

Unclear Origin of the Attack

Authorities have not identified the source of the cyberattack. No group has claimed responsibility, and officials have not confirmed whether the incident was state-sponsored or criminal in nature. For now, investigations are focused on restoring operations and assessing potential security implications.

The attack came amid heightened tensions between NATO and Russia, with recent reports of Russian military aircraft and drones entering airspace near Poland, Romania and Estonia. The timing of the cyberattack, following Collins Aerospace’s announcement of the NATO contract, has fueled speculation about possible geopolitical motives, though no evidence has been presented.

Impact on Travelers

Passengers traveling through Brussels, Heathrow and Berlin faced the longest delays, with some waiting more than an hour to check in. Manual systems slowed boarding, baggage delivery and security coordination, creating bottlenecks across terminals. Some airlines opted to cancel flights rather than attempt to absorb the delays into already congested schedules.

Airports and airlines issued advisories urging passengers to confirm flight status online before heading to departure points. The fallback to manual processing is expected to remain in place until Collins Aerospace resolves the disruption in its Muse software.

The cyberattack underscored the growing dependence of global air travel on interconnected digital systems. While airports maintain contingency plans for technical outages, the event highlighted how quickly an attack on a single vendor can cascade into delays across multiple countries. For travelers, the disruption serves as a reminder of the ongoing risks to aviation infrastructure posed by cyber threats.

As of Saturday evening, no timeline had been provided for full restoration of Muse software systems. The incident remains under investigation as passengers, airlines and airports adapt to the operational challenges caused by the attack.

Photo Credit: Frame Stock Footage / Shutterstock.com