Future-proofing airports: cyber resilience to safeguard the digital frontier

On September 19, 2025, passengers arriving at London Heathrow, Berlin Brandenburg, and Brussels airports faced chaos. A cyberattack on Collins Aerospace's MUSE check-in and boarding software — used widely across Europe — brought automatic check-in systems to a halt.

The ransomware attack forced airports to revert to manual processing, triggering massive delays, long queues, and flight cancellations. At Brussels Airport alone, half of all departures were cancelled. Thousands of passengers were stranded. Airlines and airports lost money through refunds, compensation, and operational disruptions that lasted for days.

Just months earlier, in March, Kuala Lumpur International Airport (KLIA) suffered a similar fate when a ransomware attack crippled systems for over ten hours. Staff resorted to manual processing while hackers demanded a US$10 million ransom.

In such a tightly connected ecosystem, where supply chains are both critical to operations and vulnerable to attack, even a single disruption can trigger ripple effects costing the aviation industry millions.

The increasing challenge for airport cyber security

Cyber threats are accelerating at an alarming rate with attacks on the aviation sector surging by more than 600% between 2024 and 2025. Each digital touchpoint — from passenger check-in to aircraft navigation — now represents a potential entry point for an attack.

Worse, these aren't isolated incidents affecting obscure targets. They're sophisticated, coordinated attacks hitting the nerve centres of global aviation.

In an industry where safety is paramount, cybersecurity has become inseparable from operational reliability.

From inconvenience to nightmare

Not all cyberattacks are the same. Some are relatively minor disruptions; others represent severe safety risks. Website disruptions, while inconvenient, rarely ground aircraft. For example, in December 2024, pro-Russian group NoName057(16) targeted Milan's Malpensa and Linate Airports with DDoS attacks, taking their websites offline temporarily.

But some attacks can be far more serious. Many technologies underpinning modern flight, including GPS, radar, and VHF radio, were designed long before cybersecurity defences were a consideration. GPS spoofing — once confined to military contexts — has become increasingly common.

Even breaches that don't impact physical safety can shatter passenger confidence and prove costly. The 2025 Qantas cyberattack targeted customer data stored on external systems. While no financial information was exposed, breaches like this chip away at passenger trust.

Regulation and action

This growing threat is prompting governments to intervene. In Australia, airports are designated as critical infrastructure under the Security of Critical Infrastructure (SOCI) Act 2018 and significant cyber incidents must be reported within 12 hours.

The challenge for airports today is that they are operating digital ecosystems with multiple layers of technology and safety. Underneath a check-in kiosk lies a complex web of aging systems that interact with each other, and each one needs to be secured.

These challenges are complex, but airport operators cannot ignore them without risking severe operational disruption and reputational harm. They must protect and monitor every part of their digital ecosystem, ensuring the confidentiality of operational and personal information, the integrity of their data and systems, and the availability of the critical technologies that keep airports running safely and efficiently.

These pillars must be engineered into every layer of aviation's digital infrastructure.

Greenfield vs brownfield

If you're developing a new airport or major infrastructure project, you have a critical advantage: the opportunity to incorporate cybersecurity into your strategy from the outset.

Greenfield projects allow airports to design with security embedded at every level — from network architecture to vendor selection, from operational technology choices to staff training programs.

Brownfield airports face steeper challenges. These facilities must secure existing infrastructure while maintaining operations, often working with legacy systems that predate modern security standards and frameworks like Zero Trust.

The complexity is daunting: interconnected systems from different eras and vendors, operational technologies that can't be easily replaced, and the constant pressure to keep flights moving while implementing security upgrades.

The challenge requires a strategic, phased approach that prioritises the most critical vulnerabilities first while building toward comprehensive resilience over time.

These airports must conduct comprehensive risk assessments, segmenting and isolating critical systems to prevent cascading breaches. They also need to implement robust monitoring and incident response protocols where early detection can mean the difference between minor disruption and catastrophic shutdown.

As cyber threats evolve, airports find themselves in a race they can't afford to lose. The next generation of airport resilience will be measured by the robustness of the digital systems underpinning their operation.