Ransomware Hits Europe’s Airports: Ex-DHS Official Warns of Risks

When a ransomware attack paralyzed Collins Aerospace’s MUSE software on September 19, 2025, flights across Europe were thrown into chaos. Brussels Airport was hit hardest, but cancellations and delays rippled through Berlin, Dublin, and Heathrow as staff reverted to manual systems. 

European airports have faced similar cyber incidents in the past. In 2023, cyberattacks on Scandinavian Airlines disrupted services in Copenhagen and Stockholm. Each case showed how one compromised system can affect millions of passengers.

Although the European Union Agency for Cybersecurity (ENISA) has confirmed to the BBC that ransomware was responsible for the Collins incident, it did not name those behind it. The attack has put aviation resilience under fresh scrutiny. To assess the risks, Techopedia spoke with Nick Reese, a former Homeland Security official and professor at NYU, who has deep experience in emerging technology and national security.

About Nick Reese

Nick Reese, NYU professor and former DHS official

Nick Reese is a former senior official at the US Department of Homeland Security, where he served as the first Director of Emerging Technology Policy. In that role, he advised the White House and Cabinet leaders on the security implications of artificial intelligence (AI), quantum computing, and space systems, and authored key strategies on AI and post-quantum cryptography

With more than 20 years of experience across the US military, intelligence community, and DHS, Reese has worked on cyber operations and national security at the highest levels. He is now a faculty member at New York University, where he teaches graduate courses on emerging technology and geopolitics.

Airport Cyberattacks Are More Than Travel Disruptions

Q: What does this incident tell us about the true resilience of Europe’s aviation infrastructure and, by extension, the broader critical systems it depends on?

A: Europe’s vulnerability to these kinds of critical infrastructure attacks is not unique. Many nations face the same threats because the systems used are the same. This incident reflects a direct security issue, but also a problem with resilience in our critical infrastructure. 

Our ability to respond to and quickly recover from cyber events like this directly contributes to the overall resilience of our critical infrastructure. The mistake here would be to think of this as another inconvenience for travelers. We need to start seeing it as an attack on critical infrastructure and responding accordingly.

Ransomware Has Moved Beyond Money

Q: Ransomware is usually framed as a profit-driven crime. In your view, how should we understand its growing use as a strategic tool for disruption and influence?

A: Ransomware initially emerged as financially motivated, but there have been multiple examples of the same tools being used for disruption without a mechanism for payment. 

There is an implied transaction in ransomware attacks, one where payment will result in the release of the ransomed system. But the ability to lock a system for disruption purposes using the same techniques is far too enticing for malicious cyber actors that are not interested in financial gain.

Ransomware attacks also have the potential to distract responders and waste their time, as such incidents often imply criminal activity rather than nation-state activity. In many ways, ransomware is an ideal strategic weapon for nation-state actors in a time when attribution is improving.

The Supply Chain Problem

Q: The Collins Aerospace breach highlighted the dangers of reliance on a single vendor. How does this kind of third-party dependency compound the risks faced by airlines and airports?

A: It has been well understood for years that the vulnerabilities of your product and service providers are inherited by you when you purchase. 

Attempts to address this issue have come in the form of software bill of materials requirements that have had a varied reception. At heart, this is an issue of complexity. The more complex we make our systems, layered together with more complex systems, the more vulnerability and risk we will face.

Security will need to take a leap forward to not simply mitigate the straightforward, linear attacks that we are used to, but the asymmetric attacks that we see more of today.

Raising the Bar on Standards

Q: If incidents like this are becoming normalized, what practical steps should policymakers and industry leaders take to harden aviation systems against repeat attacks?

A: Right now, governments and private sector companies tolerate disruptions like this. 

We haven’t collectively made the decision to stop tolerating them because there has not been significant pressure to change policies or technology standards.

One step would be to create and enforce minimum cybersecurity standards for commercial aviation that are legally enforceable. That would set a baseline. Without that, we will continue to see tolerance for disruptions and the absence of a clear incentive to fundamentally raise resilience.

The Next Era of Threats

Q: You’ve worked on AI, quantum, and space policy at the highest levels. How do you see these emerging technologies reshaping both the threats to critical infrastructure and the way we defend it?

A: Currently, many cybersecurity threats and vulnerabilities are linear. We know and understand the consequences of a ransomware attack on an airport, even though we can’t stop it or quickly recover from it. 

Emerging technologies like AI and quantum will make future threats non-linear and will invalidate our current suite of tools to combat these threats.

We will need to develop new tactics and technologies to combat these issues in the future. Resilience will mean something different in the age of AI and quantum than it does today.

The Bottom Line

The ransomware attack on Collins Aerospace may have been disruptive for some European airports, but Nick Reese argues it should be seen as an assault on critical infrastructure. 

His warnings highlight how ransomware is evolving from a criminal scheme into a potential geopolitical weapon, how supply chain dependencies magnify risks, and why governments must stop “tolerating” disruptions by enforcing stronger standards. 

He maintains that the challenge will only intensify as AI and quantum reshape both the threat landscape and the tools available to defend against it.

Read the interview here.

Next
Next

BCR Cyber Launches New Artificial Intelligence Course to its Cybersecurity Training Programs