Why Legacy Systems are Amplifying Cyber Threats in Aviation
A ransomware assault on Collins Aerospace’s check-in and boarding systems – which paralysed key hubs in Heathrow, Brussels and Berlin – has not only caused major disruption across Europe and beyond, but exposed deeper systemic vulnerabilities in critical aviation infrastructure.
Experts from across the cybersecurity sector are now stressing that while the immediate crisis was unusually disruptive, the broader lessons go far beyond fixing what was broken.
Exposing aviation’s supply chain risks
Cody Barrow, CEO of EclecticIQ, frames the attack as a demonstration of the fragile dependency aviation operators have on a limited number of third-party providers.
“By targeting a single vendor, attackers were able to disrupt airports across multiple countries,” he points out, describing the event as a textbook case of supply chain risk in action.
Cody calls on aviation stakeholders and regulators to treat cyber resilience with the same intensity historically reserved for physical safety.
He adds: “That means building redundancy, running realistic contingency exercises and ensuring threat intelligence flows quickly between partners.
“We should expect incidents like this to become more frequent and the sector must treat cyber resilience with the same urgency as physical safety.”
The fallout also highlights the ageing technology landscape that underpins modern air travel, according to Matt Saunders, Field CTO at Adaptavist.
“When the entry point of a major cyber attack is still unknown, scrutiny will inevitably fall on weak spots in the everyday systems used by millions of passengers and whether their personal data has been involved,” Matt shares.
“Copycat attacks are almost guaranteed to follow, as seen this year, with JLR and M&S facing significant downtime and financial loss following social engineering cyber breaches.
“The aviation sector is particularly exposed as it leans heavily on ageing, legacy systems never designed for today’s cyber threatscape.
“They are an open target and we’ve already seen the attack start to spread across Europe.”
As investigations continue to pinpoint the attack’s entry point, his advice is a stark reminder for IT teams across industries: prioritise social engineering defences, maintain timely patches and prepare for follow-on assaults.
The critical role of contingency planning
On the ground, this incident emphasises how heavily reliant airports and airlines are on digital convenience.
Mantas Sabeckis, a white hat hacker and infosec researcher, says the reversion to manual operations and paper-based backups – such as handwritten boarding passes and manifests – proved a critical safety net amid digital outages.
āThis past weekend, millions of travelers faced a modern nightmare: delays, cancellations and chaos,ā he says.
āItās very much the reality of todayās hyperconnected infrastructure. This shows how hidden cyber risks can be.
āIt also shows how unprepared many important systems are for these kinds of threats.ā
Although deemed ācrude,ā these fallback measures were essential in enabling continued operations under duress.
Matas stresses the importance of vendorsā security practices, from swift patch management to transparent vulnerability disclosures, highlighting that true protection requires end-to-end supply chain vigilance beyond just internal IT hardening.
He continues: āThis hack blew up the digital convenience airports pride themselves on: automated check-ins, seamless boarding.
āA flaw in one vendorās software can cascade through the global transportation ecosystem, unleashing disruption across an entire continent.
āThe lesson here is that just making your own computers and firewalls stronger isnāt enough.ā
Other leaders in cybersecurity emphasise how this incident underscores evolving cyber conflict dynamics, with terrorism law watchdog Jonathan Hall KC suggesting that state-sponsored actors cannot be ruled out given geopolitical tensions and the strategic value of airports as targets.
This heightens the need for aviation cybersecurity not only as a technical challenge but also as a national and international security priority.
The need for collaborative resilience
From a regulatory and strategic perspective, James Griffin, CEO of CyberSentriq, doubles down that this attack should be a wake up call to move beyond viewing resilience as a compliance checkbox.
He welcomes upcoming frameworks like the UK’s Cyber Security and Resilience Bill, aiming to extend oversight to suppliers and service providers.
However, James argues that regulatory measures alone won’t suffice without an industry mindset shift towards collective responsibility – where every organisation rigorously manages vendor risk, tests incident plans and shares threat intelligence across sectors.
“The disruption at Europe’s airports proves that cyber resilience is not an abstract concept, it is a business and societal necessity,” he says.
“However, regulation alone is not a silver bullet. The industry itself must embrace collective responsibility, where every organisation takes ownership of its role in safeguarding data, services and ultimately, trust.
“Too few businesses actively monitor or assess their suppliers’ cyber resilience – this creates blind spots attackers can exploit with devastating efficiency, as has been seen this last week.
“However, the airline sector is not an outlier – similar flaws exist across government, finance, healthcare and retail. A single exploited flaw can cascade into widespread disruption.
“Companies must map and continuously review their vendors and demand evidence-based security assurances from third parties and test backup and incident response plans.”
Dominic Ryles, Sales and Alliance Director at Exertis Cybersecurity, reinforces this message, describing the disruption as a stark example of systemic vulnerability when trusted third parties are compromised.
His firm advocates a comprehensive approach combining vendor risk assessments, continuous monitoring, incident response readiness and robust backup practices.
He says: “For many organisations, the infrastructure they rely on isn’t fully under their control. That means a weakness somewhere in your supply chain or a vendor’s software can be just as dangerous as a breach inside your own network.
“When things go wrong, every minute of downtime costs more than just money – it damages trust.”
