A System Failure with Global Consequences

Brussels Airport experienced major disruptions starting Saturday, 20 September, and escalating into Sunday, when 50 of its 257 scheduled departures were cancelled. The problem wasn’t confined to Belgium. Delays and operational disruptions were reported at various European airports across the same weekend, London Heathrow among them, along with Berlin Brandenburg and Dublin.

The disruption stemmed from a cyberattack on the Collins Aerospace MUSE platform, a software system used for check-in, baggage handling, and boarding processes. The very failure of this core system precipitated airports reverting to manual processes, affecting thousands of passengers and causing delays throughout.

Evading attribution to any known groups or actors, the attack has made glaringly known the vulnerabilities of digital systems that underpin international aviation.

Inside the Disruption

Saturday saw 25 cancellations out of 234 departures at Brussels. By Sunday, that figure had doubled. The airport was forced to issue advisories asking airlines to cancel half of their outbound flights. Recovery was slow, and by Monday, passengers were still advised to expect delays. Similar scenes played out across other European cities, with airports scrambling to maintain service continuity.

Disruptive was the effect on airline-critical software. While self-service kiosks and mobile check-ins were somewhat available, in-person check-in passengers faced long waits and uncertainty.

Airport personnel got redirected to manual processes, slowing down boarding and check-ins themselves. There were flight delays for hours at least, some with indefinite delays expected, with limited rebooking options due to cascading effects across the European network.

How Travellers Can Prepare

Digital vulnerabilities in air travel systems are no longer a hypothetical scenario. The disruption offers several lessons for passengers who want to be more prepared in a digitally fragile travel environment.

Checking in online before heading to the airport is a first step. During the Brussels disruption, passengers who arrived with mobile boarding passes were more likely to board their flights, even as check-in counters stalled. Equally important is storing boarding passes and essential travel documents offline, either saved to a mobile device or printed.

As the check-in systems had been compromised, early arrivals became crucial. Most airports suggest that passengers must arrive two hours before departure for short-haul flights and three hours for long-haul flights. Those who had followed these instructions had a greater chance of finding workarounds or rebooking via the airline counters before the capacity ran out.

Airline apps and social media channels proved to be valuable tools. In some cases, updates via Twitter or push notifications reached passengers before airport announcements. Keeping a portable charger, backup snacks, and any medication on hand helped those stuck in lengthy queues navigate the wait with fewer issues.

Another key strategy was the quick rebooking. Many passengers who waited for in-person help missed out on those few available seats. Getting on an alternate flight through the airline’s app or website while waiting in line or being on hold for support greatly enhanced the chances of a faster recovery.

Rights, Insurance, and the Limits of Preparedness

Passengers travelling within or from the EU are covered under EC Regulation 261/2004, which may entitle them to rebooking, meals, accommodation, or compensation depending on the cause and duration of the delay. Still, not all disruptions qualify under the same rules, particularly if attributed to third-party software or cyber incidents.

Travel insurance policies differ widely when it comes to the treatment of cyber-related delays. Many such policies haven’t been formulated to cover the myriad scenarios. Travellers, therefore, should review policy terms to determine if an outage resulting from an infrastructure failure or cyberattack is covered.

A Wider Systemic Issue

While the spotlight was on Brussels, the broader issue is structural. The reliance on a limited number of third-party systems across international aviation creates potential single points of failure. MUSE is used in over 170 airports globally. When one of these systems goes down, its effect ripples far beyond the location of the breach.

No confirmed timeline was issued for the full restoration of MUSE, and Collins Aerospace had yet to release a secure update by the end of the weekend. This left airports in reactive mode, applying local patches and manual procedures to keep flights moving.

Why It Matters Beyond Europe

The digital backbone of aviation is interconnected. What affects Brussels today can impact transit through Dubai, Singapore, or New York tomorrow. For global travellers, the implication is clear: even routine trips are vulnerable to unseen, systemic digital failures.

What stands out is the speed with which such an event escalated from a technical issue into a full-blown operational disruption. For travellers, this raises pressing questions about personal preparedness, real-time information access, and the ability to adapt when things go offline.

Governments and aviation authorities are now being urged to review standards for digital redundancy and cyber resilience. Yet, systemic reforms take time. In the interim, travellers are left to develop their own strategies.

Whether it’s saving your boarding pass offline, tracking your flight through multiple channels, or having an alternate plan for accommodation, your response determines how well you cope when the system fails.