Cybersecurity for International Airport

A unique cybersecurity challenge

The customer is one of the 10 busiest airports in the world; an important regional transshipment center and passener hub. With over 50,000 employees and flights by hundreds of operators to destinations around the world. The airport has dozens of SCADA systems and OT networks in place that cover every aspect of airport operations - from check-in and baggage handling to electricity generation and A/C.

Security & CommunicationMechanical

Operation & Maintenance

Electrical

LogisticsAviation

Converged IT/OT Network

Airport OT Systems

SCADAShield CASE STUDY

Insecure by design

As with many critical infrastructure organizations, the airport’s OT and IT networks were insecure by design as they were built primarily to ensure availability, rather than to be secure. This means the architecture was flat, with minimal internal segregation, authentication controls were lacking, and patching was simply not a priority. Like all major airports, they have numerous OT assets and protocolsin place including:

• TIM luggage handling and security

• Siemens baggage handling

• TIBCO Fast Data technology stack

• TIBCO Enterprise Service Bus (ESB)

• StreamBase Complex Event Processing (CEP)

• Live Datamart business rules engines

• Inductive Automation’s Ignition SCADA

• SITA/ARINC (international protocol for information)

• Luggage carousels

• Electricity generation and control

• Climate control

• AirTrain (FMSS)

All major transportation hubs are high-value targets for cyber attackers motivated by financial gain or sponsored by nation-states. The most menacing threat is APT (advanced persistent threats) in which hackers gain network access and stay inside, undetected, for an extended period of time carrying out stealthy reconnaissance and data collection. In this case, the massively complex, highly-distributed and interconnected airport operational computing environment left numerous security blind spots open to potential attackers. These included switches and routers supplied by top-tier vendors frequently targeted by hackers, infrastructure running legacy operating systems, and OT systems left exposed to the Internet via VPN and other online maintenance channels.

The airport then used SCADAShield to conduct an extensive vulnerability audit. This process included identifying suspicious traffic, unencrypted protocols, unpatched systems and old system versions – as well as risk assessment and remediation prioritization.

Cyberbit then remediated the issues discovered. Without interrupting operations, SCADAShield patched high-risk assets, strengthened vulnerable assets and protocols, upgraded outdated versions, and segregated the networks in accordance with the Purdue Model for Control Hierarchy.

Moreover, SCADAShield provides continuous scanning and automatically builds and enforces network and operation policies. It provide the airport with continuous security monitoring – detecting zero-day attacks, monitoring risk levels, and enabling ongoing OT network change management to maintain a high level of security.

The solution

The airport chose Cyberbit’s SCADAShield platform to map, monitor and continuously protect its OT networks against cyberthreats. The first step was to leverage SCADAShield’s network mapping capabilities to create an up-to-date map of all network assets. This visualization helped network managers understand all the IT/OT touch points and identify vulnerabilities such as unpatched devices, insecure protocols, unidentified hosts and other configuration issues.

The airport was able to quickly gain deeper visibility and granular insights into its OT assets – including vendors, models, software versions, OS, roles, and types. This mapping clearly demonstrated significant IT/OT touchpoints - meaning that any attack coming from an infected IT endpoint (like a workstation becoming infected via a phishing email sent to an employee) could immediately threaten mission-critical OT networks, too.

Cyberbit provides a consolidated detection and response platform that protects an organization’s entire attack surface across IT, OT and IoT networks. Cyberbit products have been forged in the toughest environments on the globe and include: behavioral threat detection, incident response automation and orchestration, ICS/SCADA security, and the world’s leading cyber range. Since founded in mid-2015 Cyberbit’s products were rapidly adopted by enterprises, governments, academic institutions and MSSPs around the world. Cyberbit is a subsidiary of Elbit Systems (NASDAQ: ESLT) and has offices in Israel, the US, Europe, and Asia.

ABOUT CYBERBIT™

PROPRIETARY INFORMATIONThe information in is proprietary and includes trade secrets of Cyberbit Ltd. It shall not be utilized other than for the purpose for which it has been provided.

sales@cyberbit.com | www.cyberbit.com

The benefits

With SCADAShield, the airport is protected against cyberthreats and the OT network is monitored; creating alerts about potential security threats and additional non-security related operational malfunctioning. By providing visibility over the entire airport network – including assets, communications and processes – SCADAShield measurably improved the airport’s mass transportation management from routing, baggage handling, check-in and beyond.

About Cyberbit SCADAShieldCyberbit SCADAShield is the world-leading OT security platform, chosen by critical infrastructure organizations to protect ICS/SCADA networks, electric grids, transportation networks, manufacturing lines, smart buildings and data centers. SCADAShield provides unprecedented OT asset discovery and visibility, detects known OT threats, unknown OT threats and anomalies, as well as deviations from operational restrictions, by using 7-layer deep packet inspection (DPI).

Real-Time Asset Discovery and VisibilityA real-time, up to date visual mapping of your entire network, including IP and non-IP devices (Fieldbus, serial).

Detect Known and Unknown ThreatsDetect both known vulnerability exploits (CVEs) and undocumented, "zero-day" attacks.

Detect Operational RisksReduce downtime by enforcing operational policies and detecting violations, malfunctions and misconfigurations.

Comply with RegulationsComply with industry regulations including NERC CIP, NIST 800-82 and ISA/IEC 62443.

US3571 Far West Blvd #168 Austin, TX 78731 | Tel: +1.737.717.0385

UK103 Kingsway London WC2B 6QX | Tel: +44.(0)2032.069400

Israel22 Zarchin St. Ra’anana 4310602 Israel | Tel: +972.(0)9.779.9831

GermanyMies-van-der-Rohe-Str.880807 Munich Germany | Tel: +49-89-215416-22

SingaporeTemasek Avenue Centennial Tower, #21-23 Singapore 039190 | Tel: +65.6679.5771