Skip to main content

Security of Air Transport Infrastructure of Europe

Periodic Reporting for period 1 - SATIE (Security of Air Transport Infrastructure of Europe)

Reporting period: 2019-05-01 to 2020-04-30

The twenty-first century experiments a digital revolution that simplifies flight and cross-border movements. Digitalization contributes to leverage information sharing, reduce exploitation costs and improve travel experience, but it also blurs the lines between virtual world and reality with serious security matters. In the meanwhile airports face a daily challenge to ensure business continuity and passengers’ safety. SATIE adopts a holistic approach about threat prevention, detection, response and mitigation in airports, while guaranteeing the protection of critical systems, sensitive data and passengers.
Critical assets are usually protected against individual physical or cyber threats, but not against complex scenarios combining both categories of threats. In order to handle these aspects, SATIE develops an interoperable toolkit which improves cyber-physical correlations, forensics investigations and dynamic impact assessment at airports, considering not only the protection of cyber and physical assets, but also the critical business processes that utilise those assets. Security practitioners and airport managers collaborate more efficiently to achieve the resolution of a crisis, when having a shared situational awareness. Emergency procedures can be triggered simultaneously through an alerting system in order to reschedule airside/landside operations, notify first responders, cybersecurity and maintenance teams towards a fast recovery.
SATIE integrates innovative solutions on a dedicated simulation platform in order to improve their interoperability and to validate their efficiency. Three demonstrations will be conducted at different locations in Europe (Croatia, Italy and Greece) in order to evaluate the solutions in operational conditions. Results and best practices will be widely disseminated to the scientific community, standardization bodies, security stakeholders and the aeronautic community.
The 12 predominant objectives of SATIE are to (1.) identify main areas of security improvements and to improve
o (2.) Risk assessment methods to address complex attack scenarios.
o Cyber threat (3.) prevention and (5.) detection.
o (4.) Physical threat prevention and detection.
o (6.) Correlation of cyber and physical threats to facilitate human analysis and decision-making.
o (7.) Incident response and impact mitigation for a unified and fast response.
o (9.) Dynamic airport security standards and harmonise emergency and security-incident related approaches.
The above is completed by the objectives to (8.) carry out operational demonstrations and to (11.) provide efficient and cost effective solutions while (12.) ensuring compliance with ethics, privacy and regulations. Last but not least SATIE will continuously and extensively (10) disseminate project results.
SATIE aims to pave the way to a new generation of Security Operation Centres that will be included in a comprehensive airport security policy.
In order to achieve the objectives a series of milestones have been defined throughout the entire project duration. The milestones which were fulfilled during the 1st reporting period are:
o State of the Art (SoA) and risk analysis conducted.
o Impact propagation and decision support models definition established.
o Threat detection systems (1st versions) are connected to the simulation platform.
o The simulation platform is available.
o Ethics and privacy requirements and recommendations are shared.
The project aims to provide a flexible simulation environment capable of hosting a variety of different assets available and applied in the critical infrastructure of airports. In order to achieve this, the beneficiaries conducted a review of the available state of the art. Starting from pre-defined scenarios, the affected assets have been identified, which will be put at risk through cyber-physical attacks and combined threats. The project established a ranking of vulnerabilities and got this list verified and rated by end-users with respect to their likelihood and severity. In parallel the consortium has set up a simulation platform which is intended to host all systems, prototypes, digital twins of systems and network set-ups which are provided to the project by the beneficiaries.
The preparatory work has already helped some partners to develop their innovation further than expected. Some intermediate results can therefore be deemed as valuable achievements.
Airports represent a complex conglomeration of assets, facilities and systems that all must collaborate effectively to provide the appropriate air transportation services. For airports the impact of cyber and physical attacks, either stand-alone or combined, can have effect in disservice, organizational, reputational and financial loss. Thus, it is crucial for airports to implement a system of detection, correlation and response proportional to the threats.
In the context of SATIE, the following airport assets are investigated with respect to their interoperability and possible vulnerabilities when considered as a system of systems: Airport Operations Data Base, (AODB), Resource Management System (RMS), Flight Information Display System (FIDS), Air Traffic Management (ATM), Baggage Handling System (BHS), check-in or boarding area and the passenger controls. These systems have been replicated or connected utilising their real set-up to a simulation platform, which itself was needed to be developed. The connected systems, i.e. the target infrastructure, are currently under investigation looking at their responses and interaction when attacked by adversaries. In order to achieve this, SATIE has invented five different scenarios consisting of realistic, imaginable and high sophisticated attack vectors.
The simulation set up provided for and by SATIE includes a remarkable number of detailed copies of real systems utilised in the airport cyber-physical environment. These digital twins of real systems can be attacked with a bunch of cyber-attacks ranging from Denial of Service (DoS) over Brute Force Attacks to very specific small but harmful attacks like exchange of baggage tags on the conveyor belt of a Baggage Handling System (BHS).
The airports have replicated their Information Technology (IT) and Operational Technology (OT) networks for the simulation purposes and the partners have deployed their security systems on the simulation platform. The Security Operation Centre (SOC), which is included in the simulation, supervises all systems, the network, the servers, databases, the access control, etc. The SOC correlates the received information to detect cyber physical threats and warns the different stakeholders. The system therefore can demonstrate its capacity to respond to airport threats in a secure (simulated) environment.
The recommendations based on the Privacy by Design principles have allowed improving the methodology used for the assessment of data protection of end-users and travellers within the complex security systems. This is achieved and maintained through integrating new conceptual tools contributing to minimization of social and economic impact while assuring compliance with active regulations where the use of personal data is involved. This will in turn, translate significant findings into future dissemination activities and materials, including scientific papers with relevant recommendations for future research and innovation projects.
Overview of an AOC - UC3
Project Goal - Project Technical Overview
Airbus' Cyber Range Example