Cyberbit SCADAShield for International Airport

Additional information

Source: Web-site of vendor

The project has been delivered on schedule

The budget has not been exceeded

Functionality complies with task

Description

About company The customer is one of the 10 busiest airports in the world; an important regional transshipment center and passener hub. With over 50,000 employees and flights by hundreds of operators to destinations around the world. The airport has dozens of SCADA systems and OT networks in place that cover every aspect of airport operations - from check-in and baggage handling to electricity generation and A/C.

The challenge
As with many critical infrastructure organizations, the airport’s OT and IT networks were insecure by design as they were built primarily to ensure availability, rather than to be secure.
This means the architecture was flat, with minimal internal segregation, authentication controls were lacking, and patching was simply not a priority. Like all major airports, they have numerous OT assets and protocolsin place including:
  • TIM luggage handling and security
  • Siemens baggage handling
  • TIBCO Fast Data technology stack
  • TIBCO Enterprise Service Bus (ESB)
  • StreamBase Complex Event Processing (CEP)
  • Live Datamart business rules engines
  • Inductive Automation’s Ignition SCADA
  • SITA/ARINC (international protocol for information)
  • Luggage carousels
  • Electricity generation and control
  • Climate control
  • AirTrain (FMSS)
All major transportation hubs are high-value targets for cyber attackers motivated by financial gain or sponsored by nationstates. The most menacing threat is APT (advanced persistent threats) in which hackers gain network access and stay inside, undetected, for an extended period of time carrying out stealthy reconnaissance and data collection. In this case, the massively complex, highly-distributed and interconnected airport operational computing environment left numerous security blind spots open to potential attackers. These included switches and routers supplied by top-tier vendors frequently targeted by hackers, infrastructure running legacy operating systems, and OT systems left exposed to the Internet via VPN and other online maintenance channels.

The solution The airport chose Cyberbit’s SCADAShield platform to map, monitor and continuously protect its OT networks against cyberthreats. The first step was to leverage SCADAShield’s network mapping capabilities to create an up-to-date map of all network assets. This visualization helped network managers understand all the IT/OT touch points and identify vulnerabilities such as unpatched devices, insecure protocols, unidentified hosts and other configuration issues. The airport was able to quickly gain deeper visibility and granular insights into its OT assets – including vendors, models, software versions, OS, roles, and types. This mapping clearly demonstrated significant IT/OT touchpoints - meaning that any attack coming from an infected IT endpoint (like a workstation becoming infected via a phishing email sent to an employee) could immediately threaten mission-critical OT networks, too. The airport then used SCADAShield to conduct an extensive vulnerability audit. This process included identifying suspicious traffic, unencrypted protocols, unpatched systems and old system versions – as well as risk assessment and remediation prioritization. Cyberbit then remediated the issues discovered. Without interrupting operations, SCADAShield patched high-risk assets, strengthened vulnerable assets and protocols, upgraded outdated versions, and segregated the networks in accordance with the Purdue Model for Control Hierarchy.
Moreover, SCADAShield provides continuous scanning and automatically builds and enforces network and operation policies. It provide the airport with continuous security monitoring – detecting zero-day attacks, monitoring risk levels, and enabling ongoing OT network change management to maintain a high level of security

The benefits With SCADAShield, the airport is protected against cyberthreats and the OT network is monitored; creating alerts about potential security threats and additional non-security related operational malfunctioning. By providing visibility over the entire airport network – including assets, communications and processes – SCADAShield measurably improved the airport’s mass transportation management from routing, baggage handling, check-in and beyond.

Details

Business tasks

Ensure Security and Business Continuity

Manage Risks

Problems

Inability to forecast execution timelines

Unauthorized access to corporate IT systems and data

Risk or Leaks of confidential information

Low quality of customer service

Risk of attacks by hackers

Risk of data loss or damage

Risk of lost access to data and IT systems