What Can Be Learned from Cyber Attacks on Europe's Airports?

Flight cancellations and lengthy delays struck Heathrow, Brussels and Berlin airports following a coordinated cyberattack, prompting cybersecurity experts to warn of the cascading risks created when attackers target shared infrastructure.
āThis is a live and developing situation so the full details of the exact nature of the disruption is not yet known,ā says Bernard Montel, EMEA Technical Director and Security Strategist at Tenable. āThat said, the fact that multiple international airports are impacted serves as a sharp reminder of the profound risks that vulnerabilities and insecure configurations in third-party systems can create.ā
The incident demonstrates the speed at which cyberattacks can cripple essential operations by targeting the interconnected platforms that support global aviation, forcing airlines and airports alike into emergency response mode while assessing the scope of the breach.
Tenable: Disruption linked to NIS2 concerns
The incident comes as European organisations brace for stricter cybersecurity obligations under the revised NIS2 Directive, a coincidence Bernard views as evidence of the urgent link between such attacks and evolving regulatory pressures.
āThis threat vector is something that is acknowledged and tried to be addressed in the new iteration of the NIS2 Directive,ā he explains.
Airports rely extensively on third-party providers for critical functions such as baggage handling and passenger processing, a reliance that creates numerous potential entry points for attackers.
A single compromised system can trigger a chain reaction across interconnected networks, disrupting operations well beyond the original point of failure.
Bernard expects the investigation to take considerable time to unravel.
āIn the coming days, weeks and even months more information about what is behind this disruption will become clear,ā he says.
āFor now, all we see is the widespread upheaval created by targeting of critical lynchpins within our critical infrastructure.ā
KnowBe4 advocate emphasises graceful failure planning
The disruption highlights the consequences of shared systems failing without robust contingency measures in place, says Javvad Malik, Lead Security Awareness Advocate at KnowBe4.
āAir travel depends on shared systems, so a failure in a common checkāin platform quickly cascades into missed connections, accessibility shortfalls and staff forced into manual workarounds,ā Javvad observes.
Javvadās core prescription is to plan for the failure of primary systems and rehearse alternatives. āItās why it is important to build in graceful failure by assuming the primary system will go down and rehearsing manual operations, offline boarding and accessible contingencies, with crossātrained staff and basic tools ready,ā he explains.
He also stresses the importance of reducing dependency on a single provider to avoid bottlenecks. āReduce single points of failure by diversifying providers where feasible, segmenting tenants, and ringāfencing critical functions so one vendor outage doesn't halt everyone. Above all, communicate clearly and often, prioritise vulnerable passengers, and empower frontline teams to make humane decisions.ā
For Javvad, resilience goes well beyond technical safeguards. āResilience isnāt just cyber controls, itās people, process and communications to ensure ongoing availability.ā
Keeper Security CEO warns of supply chain targeting
Darren Guccione, CEO and Co-Founder of Keeper Security, sees the disruptions as clear evidence that attackers are intentionally striking widely used systems to generate maximum impact.
āAlthough information is still limited, the disruption at several major European airports highlights how interconnected global transportation has become and how dependent it is on shared digital infrastructure,ā Darren states.
He emphasises that this reflects a calculated strategy by threat actors, rather than the result of opportunistic attacks.
āAdversaries understand that targeting widely used technology services can result in outsized impact, as demonstrated in countless damaging supply chain attacks,ā he explains.
Darren advocates adopting zero trust security frameworks, where every access request is continuously verified rather than implicitly trusted.
āOrganisations that rely on third-party systems and vendors need to ensure that every point of access is secured, every connection is monitored and no user or system is automatically trusted,ā he notes.
The Keeper Security CEO also calls for integrating AI into access management systems, enabling faster and more adaptive responses to evolving threats.
āZero trust security models and privileged access management solutions play a central role in that effort. By enforcing least-privilege access and leveraging agentic AI to revoke credentials as soon as risk is detected, organisations can limit the impact of an attack and maintain public confidence in essential services.ā
- Multiple airports hit simultaneously: Heathrow, Brussels and Berlin airports all suffered disruption in a coordinated cyberattack targeting European transport infrastructure.
- Shared systems create cascade failures: Single check-in platform failures quickly spread across multiple airports due to interconnected aviation technology infrastructure.
- Zero trust security models recommended: Experts advocate privileged access management and AI-powered credential revocation to limit supply chain attack impact on critical services.
Bernard from Tenable concludes that security teams must shift from reactive incident response to proactive vulnerability management. “For cybersecurity professionals, this acts as an illustration that our focus must shift from simply reacting to incidents to proactively securing our digital ecosystem. The adversary’s identity and motivation are secondary.
“Truly robust security begins with a strong foundation: identifying the systems that underpin our most vital services and proactively mitigating the vulnerabilities that attackers are most likely to exploit. This is the only way to effectively neutralise the risk.”
