How airport system attacks shift thinking on cyber-physical risk for CISOs

Welcome reader to a 🔒 pro subscriber-only deep dive 🔒.

Brought to you by:

👣 Smallstep – Secures Wi-Fi, VPNs, ZTNA, SaaS and APIs with hardware-bound credentials powered by ACME Device Attestation

 📊 LockThreat – AI-powered GRC that replaces legacy tools and unifies compliance, risk, audit and vendor management in one platform

Forwarded this email? Join 70,000 weekly readers by signing up now.

#OpenToWork? Try our AI Resume Builder to boost your chances of getting hired!

—

Get lifetime access to our deep dives, weekly cyber intel podcast report, premium content, AI Resume Builder, and more — all for just $799. Corporate plans are now available too.

Executive Summary

Airport cyberattacks in 2024 and 2025 have fundamentally altered how CISOs approach cyber-physical risk management. The September 2025 ransomware attack on Collins Aerospace's MUSE system, which disrupted check-in operations across major European airports including Heathrow, Berlin Brandenburg, and Brussels, demonstrated that a single third-party compromise can cascade into continent-wide physical disruption.¹ The August 2024 Seattle-Tacoma International Airport incident, which caused four days of operational chaos affecting baggage systems and passenger processing, further confirmed that cyber threats now directly translate to physical operational failure.²

The aviation sector experienced a 600% surge in cyberattacks between 2024 and 2025, with 71% of incidents involving credential theft and unauthorized IT infrastructure access.³ This acceleration reflects a broader shift: cyber-physical convergence is no longer theoretical but operational reality. CISOs must now prioritize resilience over traditional perimeter defense, recognizing that operational stability depends fundamentally on third-party security posture.

Three critical insights emerge from recent incidents. First, supply chain risk is now operational risk. The Collins Aerospace breach proved that upstream IT vendor compromise creates systemic "single points of failure" that efficiently translate digital failures into physical chaos.¹ Second, the velocity of threats demands immediate Zero Trust adoption. Third, risk stratification must pivot from protecting data alone to securing Tier 1 operational functions like Air Traffic Control and Flight Management Systems, whose failure leads directly to catastrophic safety and availability losses.

This whitepaper examines how these attacks are reshaping CISO thinking, organizational structures, and investment priorities for cyber-physical environments.

Subscribe to CybersecurityHQ Newsletter to unlock the rest.