I was mid-flight from LAX to Austin when my phone started buzzing with alerts about European airports going dark. Heathrow, Brussels, Berlin—all experiencing massive delays and cancellations. By the time I landed, 140 of 276 scheduled flights had been canceled, and passengers were standing in manual check-in lines that stretched around terminals.
The culprit? It is confirmed that ransomware was deployed against Collins Aerospace’s MUSE software—and suddenly airports across multiple countries couldn’t process passengers.
The Vendor Dependency We Don’t Talk About
Collins Aerospace, owned by RTX (formerly Raytheon Technology Companies), provides MUSE software that handles “single pane of glass” check-in systems across major airports. One vendor, one piece of software, supporting critical operations from London to Dublin to Berlin.
When MUSE went down, it wasn’t just one airport that suffered. The failure cascaded across continents because these airports had built their passenger processing around a single software dependency. No redundancy. No isolation. Just a shared point of failure that attackers exploited perfectly.
This is the supply chain vulnerability that keeps me up at night. Not the theoretical risks we discuss in boardrooms, but the practical reality that our most critical operations depend on vendors we can’t fully control.
Security Questionnaires Won’t Save You
Every organization has vendor risk management processes. Security questionnaires. SOC 2 reports. ISO certifications. Penetration test results. We collect them, file them, and assume we’re protected.
But static assessments don’t capture dynamic risk. That SOC 2 report from six months ago? It doesn’t tell you about the vulnerability that got introduced last Tuesday. The security questionnaire you required during procurement? It can’t predict what happens when a vendor’s security team gets hit with budget cuts.
Architecture That Fails Gracefully
The European airport incident reveals a fundamental architectural problem: when check-in software fails, why does everything else break with it?
Network segmentation should have isolated MUSE from other critical airport systems. Zero trust principles should have prevented lateral movement from passenger processing to flight operations. But instead, we saw system-wide disruption that forced airports to abandon digital processes entirely.
Instead of just piling on Collins Aerospace or the affected airports, the point is in recognizing that if one vendor system can cascade failures across your entire operation, your architecture is fundamentally at risk.
Real vendor risk management requires continuous monitoring. Software bill of materials tracking. Real-time vulnerability scanning of vendor systems. Not just during onboarding, but throughout the entire relationship.
Manual Recovery Exposes Planning Gaps
Watching airports revert to completely manual check-in and baggage handling processes told me everything I needed to know about their continuity planning. These weren’t deliberate failover procedures—they were desperate improvisations.
True business continuity planning means testing what happens when your primary systems disappear entirely. Not graceful degradation to backup systems, but complete loss of digital capabilities. How long does manual processing take? Do you have enough staff? Are the procedures even documented?
The chaos at European airports suggests these questions weren’t adequately answered before the incident.
The Real Resilience Test
Every organization today depends on vendors that will eventually get compromised. It’s simple statistics. The question isn’t whether your vendor dependencies will fail, but how you’ll respond when they do.
Resilient organizations don’t prevent all vendor incidents. They design systems that limit blast radius when incidents occur. They test continuity procedures regularly. They build redundancy not just in technology, but in processes and people.
Yes, the European airport disruption was a failure of cybersecurity. But it was an even larger failure of resilience architecture. And the next time your critical vendor gets hit—because there will be a next time—your recovery speed will depend entirely on decisions you make today, while everything is still working.
__
Jeremy Ventura is Field CISO at global systems integrator Myriad360,, where he helps organizations navigate complex security challenges across cloud, API security, and emerging technologies. Follow Jeremy on LinkedIn.
Join our LinkedIn group Information Security Community!
