Cascading Failures and Systems Thinking
9–22–2025 (Monday)
Hello, and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for middle market companies, their investors, and executive teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Monday, September 22, 2025, and we are going to talk today about cascading failures, the value of systems thinking, and the fragility of our modern existence. You know, keep it light here on Monday morning.
Cascading Failures and Systems Thinking
If you were anything like me, you spent some time over the weekend watching in real time as travel in major European air hubs like London Heathrow and Berlin ground to a halt over the weekend as their checkin systems were taken offline.
Reuters has a good report on the attack on a system called vMUSE, was developed by American company Collins Aerospace, a Raytheon subsidiary, and its outage forced manual checkin and and boarding at these airports that use this system.
The EU’s Cyber Agency, the Europe an Union for Cybersecurity, told the BBC this morning that it was, in fact, ransomware and that it has been identified and passed along to law enforcement.
While airlines are insisting that the impact is minimal, the BBC article notes that officials at Heathrow “have asked airlines to cancel nearly 140 of their 276 scheduled outbound flights for Monday.”
What we’re seeing here is cascading failures and the challenges of tightly integrated systems. Instead of focusing on the third-party risk element of this - since we know we have very little control over our vendors - it’s worth putting our “systems thinking” hats on and looking at these challenges in new ways.
In fact, this systems thinking lens would also apply to the ongoing outage at Jaguar Land Rover, who continue to suffer fallout from their August ransomware attack.
The latest reporting this morning asks when production will re-start, and the answer the article gives us is “No one actually knows.” While they struggle to restart production and have a reported 200,000 workers idle, their suppliers are facing even more existential challenges.
A Wired article published today called it a “supply chain disaster” - and noted that multiple suppliers are already being forced to layoff workers as their orders for JLR continue to be zero.
The complexity that we find ourselves navigating, and often using technology to navigate, can create these high impact scenarios even when the likelihood is low. Single points of failure are always a risk, of course, but it can be difficult for IT and security teams to look beyond their own horizon.
Situating your own business in the context in which it operates - whether you have a massive supply chain behind you or are operating as just one small part of a larger chain - can help with both contingency planning when manual operations are needed, or diversification to ensure that low likelihood events aren’t fatal.
As always, controlling those things within your sphere of influence is a good place to start, but don’t forget the context in which we’re all operating.
Fundraising
From a fundraising perspective, we noted more than $27B in newly committed capital last week, led by Advent International, who raised $20b for its latest flagship fund, per a report from Bloomberg.
This brings our Q3 total to just over $161B, a little behind the last few quarters, not surprising given the macro state of uncertainty. We’ll be keeping a close eye on this indicator in Q4 as a way to get a sense of how others are seeing the risk and opportunity in the larger environment.
A reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and now sign up for our monthly newsletter, the Intentional Dispatch.
We’ll see you next week for another edition of the Intentional Brief.
Links
https://www.bbc.com/news/articles/cqjeej85452o
https://en.wikipedia.org/wiki/Systems_thinking
https://www.wired.com/story/jlr-jaguar-land-rover-cyberattack-supply-chain-disaster/