Cyber Attack on European Airports: The (Limited) Impact on Italy on September 20, 2025

September 20, 2025, is a date that will remain in the annals of European airport cybersecurity. A massive cyber attack struck the check-in and boarding systems of several airports across the continent, causing significant disruption, delays, and cancellations, particularly at hubs like London Heathrow, Brussels, and Berlin.

The Core Problem: Collins Aerospace's MUSE Software

The attack, which is still under investigation to determine its precise origin and nature (speculation points to ransomware or a state-actor operation), targeted the IT systems of Collins Aerospace, specifically its MUSE software, which is used by many airlines for ground operations like passenger registration and baggage handling.

The malfunction rendered the automated platforms unusable, forcing ground staff to resort to manual procedures for check-in and boarding. This necessity inevitably slowed operations, creating long queues and a cascading effect of delays across various European routes.

The Situation at Italian Airports: A Sigh of Relief

Fortunately, the impact on Italian airports was limited or non-existent. Hubs like Milan Linate and Malpensa, managed by SEA, reported no anomalies detected and maintained full operational capacity.

Although the threat put the entire sector on high alert, the architecture of the Italian airport IT systems seems to have resisted, or not been directly involved in the specific target of the cyber attack that crippled the external supplier's services.

Lessons to Be Learned

This incident once again underscores the vulnerability of critical global infrastructures, such as air transport, which are interconnected through a complex ecosystem of service providers (the so-called supply chain). While air safety and air traffic control were not compromised, the chaos in ground operations proves that a targeted attack on a weak link in the chain can have significant consequences for passenger traffic and the industry's reputation.

The episode pushes the Italian government and European authorities to further strengthen cyber defenses, making digital resilience an absolute priority for the future of civil aviation.