Work continues to recover after cyber attack hit Heathrow and other airports
Terror law watchdog Jonathan Hall KC said it was possible the attack could have been carried out by hackers from a foreign state.
Passengers at Heathrow could face another day of disruption after a cyber attack affected several major European airports.
Terror law watchdog Jonathan Hall KC said it was possible state-sponsored hackers could be behind the attack on Collins Aerospace, which operates check-in and boarding systems.
On Monday morning Heathrow said work was continuing to “resolve and recover” from the “outage” in the system.
Mr Hall, the independent reviewer of terrorism legislation, said attributing the attack would not be easy.
Asked if a state like Russia could have been responsible for the attack, he told Times Radio “anything is possible”.
He said: “Yes, it’s possible that this is carried out directly by a state, but it’s equally possible to be carried out by a private entity that is, sort of, allowed to operate and does it for a combination of public and private reasons.”
That meant attacks were “deniable” for states, even if hackers were based there.
He said: “There are some very capable private entities, let’s say, in Russia or China, who won’t necessarily be being directed by Russia or China.
“So it’s not as if a member of the GRU (the Russian military intelligence agency) is necessarily going into a company and saying that ‘you’ve got the capability of knocking out some UK infrastructure, please go and do it now’.
“It’s also possible, in this ecosystem that exists in some of these countries, that a company, an entity, carries out a hack and simply does it for patriotic reasons, or does it because they want to curry favour, or maybe there’s some sort of informal relationship with them.
“So although we think, understandably, about states deciding to do things it is also possible for very, very powerful and sophisticated private entities to do things as well.”
The attack caused disruption at Heathrow, Brussels and Berlin over the weekend.
In a statement on Monday morning, Heathrow said: “Work continues to resolve and recover from an outage of a Collins Aerospace airline system that impacted check-in.
“We apologise to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate.”
Passengers should check their flight status before travelling to the airport and arrive no earlier than three hours before long-haul flights and two hours for short-haul.
Brussels Airport said it was expecting disruption to continue on Monday with delays and cancellations.
The European Union’s cybersecurity agency Enisa confirmed on Monday that the disruption was caused by a “third party” ransomware cyber attack, but gave no further details.
It was reported that law enforcement bodies are investigating.
Downing Street said the National Cyber Security Centre was involved in the response to the attack but would not be drawn on who was believed to be behind it.
“We have cyber experts working with Collins Aerospace and affected UK airports to fully understand the impacts and we’ll continue to work with them to address the ongoing issues,” the Prime Minister’s official spokesman said.
Shares in London-listed airline companies were lower on Monday morning as a result.
British Airways owner International Consolidated Airlines Group (IAG), which has primary bases at Heathrow and Gatwick airports, saw shares slide by 1.3% in early trading.
Elsewhere, budget rivals EasyJet and Wizz Air saw their shares drop by 1.3% and 1.5% respectively.