Cybersecurity News in Asia

Features
- Featured
  
  How AI is supercharging state-sponsored threat actors in Asia Pacific
  
  Wednesday, January 14, 2026, 4:06 PM Asia/Singapore | Features
- Featured
  
  Leveraging digital twins to combat rising AI-powered threats
  
  Thursday, January 8, 2026, 1:58 PM Asia/Singapore | Features
- Featured
  
  Editor's pick: Cybersecurity trends in 2026
  
  Wednesday, January 7, 2026, 10:36 AM Asia/Singapore | Cyberthreat Landscape, Features, Newsletter
Opinions
Tips
Whitepapers
Awards 2025
Directory
E-Learning

Heathrow outage exposes multi-level human errors and infrastructure flaws

By CybersecAsia editors | Monday, April 21, 2025, 10:59 AM Asia/Singapore

If it was not a fire,some other major incident would have sooner or later laid bare poor leadership and management.

In preliminary post-incident investigations of the recent outage at Heathrow Airport, several factors have been identified as causes that could have led to delays in mitigation and resumption of operations from a fire.

Critical infrastructure vulnerabilities had led to the disruptions of power and backup systems, the latter being key factors of system resilience.

The incident has highlighted vulnerabilities in Heathrow’s power infrastructure, particularly its reliance on a single substation. While backup systems, including diesel generators and uninterruptible power supplies, have worked for critical tasks such as landing aircraft, they could not support the airport’s full operations due to its high energy needs, comparable to a small city.

Prior warnings about substation vulnerabilities have come to light, with Nigel Wicking, CEO, Heathrow Airline Operators’ Committee, mentioning concerns raised days before the incident.

The Heathrow outage draws parallels with past incidents, such as the 2018 Schiphol Airport outage due to a regional power failure, which also highlighted the importance of robust backup systems and emergency responses.

Key takeaways from the incident

Both cases underscore the need for airports to have contingency plans for extended power outages. According to one Verizon Business data breach report referencing Vocabulary for Event Recording and Incident Sharing (VERIS) system data to analyze incidents for cyber trends for FY 2024, the following general lessons are worth noting:

Maintaining backups of data and documents is crucial for recovering from device loss or intrusions. It is not only information that is at stake, but also the corporate business itself. Organizations need to mandate key practices such as regular offline backups to avoid large financial losses and maintain business continuity.
The human element remains a significant factor, as some 68% of breaches (based on the firm’s own data) globally have been due to human error.
In the Heathrow case, in addition to poor oversight of backups and disaster recovery, the root causes linked to human error are summarized in the following table:

Errors in human judgment/manage in the Heathrow Outage

Error	Description	Impact on outage handling
Ignoring substation warnings	Failure to act on concerns raised days before the fire	Increased vulnerability to power loss
Inadequate backup systems	Underinvestment in backups capable of full operations	Prolonged closure and delayed recovery
Underestimating recovery complexity	Misjudging logistical challenges of restoring operations	Extended disruptions and backlogs
Communication/Accountability gaps	Disputes over warnings, and lack of stakeholder coordination	Hindered pre-incident and recovery efforts