If it was not a fire,some other major incident would have sooner or later laid bare poor leadership and management.
In preliminary post-incident investigations of the recent outage at Heathrow Airport, several factors have been identified as causes that could have led to delays in mitigation and resumption of operations from a fire.
Critical infrastructure vulnerabilities had led to the disruptions of power and backup systems, the latter being key factors of system resilience.
The incident has highlighted vulnerabilities in Heathrow’s power infrastructure, particularly its reliance on a single substation. While backup systems, including diesel generators and uninterruptible power supplies, have worked for critical tasks such as landing aircraft, they could not support the airport’s full operations due to its high energy needs, comparable to a small city.
Prior warnings about substation vulnerabilities have come to light, with Nigel Wicking, CEO, Heathrow Airline Operators’ Committee, mentioning concerns raised days before the incident.
The Heathrow outage draws parallels with past incidents, such as the 2018 Schiphol Airport outage due to a regional power failure, which also highlighted the importance of robust backup systems and emergency responses.
Key takeaways from the incident
Both cases underscore the need for airports to have contingency plans for extended power outages. According to one Verizon Business data breach report referencing Vocabulary for Event Recording and Incident Sharing (VERIS) system data to analyze incidents for cyber trends for FY 2024, the following general lessons are worth noting:
- Maintaining backups of data and documents is crucial for recovering from device loss or intrusions. It is not only information that is at stake, but also the corporate business itself. Organizations need to mandate key practices such as regular offline backups to avoid large financial losses and maintain business continuity.
- The human element remains a significant factor, as some 68% of breaches (based on the firm’s own data) globally have been due to human error.
- In the Heathrow case, in addition to poor oversight of backups and disaster recovery, the root causes linked to human error are summarized in the following table:
Errors in human judgment/manage in the Heathrow Outage
| Error | Description | Impact on outage handling |
| Ignoring substation warnings | Failure to act on concerns raised days before the fire | Increased vulnerability to power loss |
| Inadequate backup systems | Underinvestment in backups capable of full operations | Prolonged closure and delayed recovery |
| Underestimating recovery complexity | Misjudging logistical challenges of restoring operations | Extended disruptions and backlogs |
| Communication/Accountability gaps | Disputes over warnings, and lack of stakeholder coordination | Hindered pre-incident and recovery efforts |
