The suspected cyber attack affecting several international airports could be a ‘test’ for a far bigger sabotage, an expert has said.
Several airports, including Heathrow and Brussels, were plunged into chaos following a ‘cyber issue’ relating to check in and boarding systems on Saturday.
A large part of Dublin airport was also evacuated on Saturday because of concerns over safety.
The issue involved a software called Muse, provided by Collins Aerospace, which is used by airlines at shared check in desks, boarding gates and other infrastructure.
Carriers were forced to turn to manual systems to process passengers amid the ongoing chaos.
Sign up for all of the latest stories
Start your day informed with Metro’s News Updates newsletter or get Breaking News alerts the moment it happens.
But an expert has suggested that given Muse is an ‘industry standard’ used across some 150 airports worldwide, criminals could be using the current disruption as a showcase for a far larger attack that would cripple systems globally.
Professor Alan Woodward, visiting professor of computing at the University of Sussex said the lack of transparency around the incident implied the system had been targeted by criminals or possibly state actors.
He told Metro: ‘Criminals do these things for money. They’re in their networks and they’re saying we could close down all sorts of parts of your network unless you pay us.
‘This was a tester.’
Professor Woodward said that the lack of clear information on the nature of the incident made it more likely it was some form of malicious act.
He asked: ‘If so many airports are using it, why are we only hearing about three?
‘It’s not clear whether they did some kind of update, in which case why did others not have the same malware?
‘It raises more questions than it answers. Everyone’s being very quiet about it. They are just not saying anything.’
He added that a lesson taken from previous cyber attacks affecting large firms, from Jaguar Land Rover to Marks and Spencer, was ‘be open and honest and transparent as you can and as often as you can’.
Previous companies targeted by criminals often didn’t grasp the severity of the issue until it was too late, he said.
Who are Collins Aerospace?
You may have never heard of it, but Collins Aerospace provides many of the systems vital for getting you on your journey and your plane in the air.
It provides a range of services, from ground handling software to technology onboard aircraft.
The cyber issue on Saturday related to its check-in and boarding software, known as Muse.
Muse (which stands for Multi-user System Environment) is a system used by airlines at shared check-in desks, bag drop kiosks and boarding gates.
‘The pattern seems to have developed recently where they think they’ve been attacked and they think nothing’s been affected and suddenly they look a little deeper and things are a bit worse than they thought and they start uncovering a few rocks.
‘That’s what we’ve seen at Jaguar Land Rover.’
Cleaning the whole system out could involve shutting it down completely, he added, which could further disrupt passengers’ journeys.
‘If they have to turn the whole system off out of an abundance of caution, then that is going to affect an enormous number of airports and potentially millions of passengers’, he said.
Some believe the attackers could be state sponsored.
Colonel Philip Ingram, a former military intelligence officer, said it was plausible that the Kremlin could be connected to today’s events.
‘It does have all the hallmarks of being something where the Russians would be behind it’, he told the Daily Mail.
The incident also raises questions about so-called ‘supply chain attacks’ which target whole industries, and simultaneously impact several companies.
Collins is owned by RTX, the world’s largest aviation and defence company, and counts the UK government among its customers.
Travel expert Paul Charles said it was ‘deeply worrying’ that such a large organisation had been affected in this way.
‘There will be deep concerns that their systems have been tampered with in such a way’, he said.
Professor Woodward said the incident shows that firms need ‘defence in depth’ to withstand potential cyber attacks.
He said: ‘You have to assume that all systems will be broken into and penetrated at some point. You have to know as soon as you’ve been broken into and penetrated. You have to be able to stop them getting any further.
‘It’s a bit like a castle, you have an outer wall, an inner wall, all the way through to the inner keep. The architecture of your software and your security has to be really specific.
‘Most people assume now that everything will be attacked and will be targeted.’
Metro has contacted Collins Aerospace for comment.
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.
