Periodic Reporting for period 2 - SATIE (Security of Air Transport Infrastructure of Europe)
Período documentado: 2020-05-01 hasta 2021-10-31
The twenty-first century experiments a digital revolution that simplifies flight and cross-border movements. But digitalization also blurs the lines between virtual world and reality with serious security matters. Airports face a daily challenge to ensure business continuity and passengers’ safety. The impact of cyber and physical attacks on airports, can have effect in disservice, organizational, reputational and financial loss. Thus, it is crucial for airports to implement a system of detection, correlation and response proportional to the threats. SATIE adopts a holistic approach about threat prevention, detection, response and mitigation in airports, while guaranteeing the protection of critical systems, sensitive data and passengers.
Critical assets are usually protected against individual physical or cyber threats, but not against complex scenarios combining both categories. SATIE developed an interoperable toolkit which improves cyber-physical correlations, forensic investigations and dynamic impact assessment at airports, by not only protecting cyber and physical assets, but also the business processes that utilise those assets. Security practitioners and airport managers collaborate more efficiently to achieve the resolution of a crisis, when having a shared situational awareness like provided by SATIE. Emergency procedures can be triggered simultaneously through an alerting system in order to reschedule airside/landside operations, notify first responders, cybersecurity and maintenance teams towards a fast recovery.
SATIE achieved interoperability of innovative solutions and validated their efficiency in three demonstrations at different locations in Europe (Croatia, Italy and Greece) under operational conditions. SATIE improved risk assessment methods to address complex attack scenarios and improved the cyber and physical threat prevention and detection as well as the correlation of cyber and physical threats to facilitate human analysis and decision-making. Also, the incident response and impact mitigation for a unified and fast response was fostered. Finally, dynamic airport security standards were developed and emergency and security-incident related approaches were harmonised. This was completed by operational demonstrations. SATIE provides efficient and cost-effective solutions while ensuring compliance with ethics, privacy and regulations. SATIE paves the way to a new generation of Security Operation Centres that can be included in a comprehensive airport security policy.
Critical assets are usually protected against individual physical or cyber threats, but not against complex scenarios combining both categories. SATIE developed an interoperable toolkit which improves cyber-physical correlations, forensic investigations and dynamic impact assessment at airports, by not only protecting cyber and physical assets, but also the business processes that utilise those assets. Security practitioners and airport managers collaborate more efficiently to achieve the resolution of a crisis, when having a shared situational awareness like provided by SATIE. Emergency procedures can be triggered simultaneously through an alerting system in order to reschedule airside/landside operations, notify first responders, cybersecurity and maintenance teams towards a fast recovery.
SATIE achieved interoperability of innovative solutions and validated their efficiency in three demonstrations at different locations in Europe (Croatia, Italy and Greece) under operational conditions. SATIE improved risk assessment methods to address complex attack scenarios and improved the cyber and physical threat prevention and detection as well as the correlation of cyber and physical threats to facilitate human analysis and decision-making. Also, the incident response and impact mitigation for a unified and fast response was fostered. Finally, dynamic airport security standards were developed and emergency and security-incident related approaches were harmonised. This was completed by operational demonstrations. SATIE provides efficient and cost-effective solutions while ensuring compliance with ethics, privacy and regulations. SATIE paves the way to a new generation of Security Operation Centres that can be included in a comprehensive airport security policy.
SATIE provides a toolkit for cyber-physical threat prevention, detection and mitigation for airport operators. The platform combines tools which can be tailored for different airport categories and sizes to collect information about various systems such as passenger and baggage data, speaker recognition in controller-pilot radio communication, existing vulnerabilities, how threats can propagate through the assets, suspicious network activity, face recognition when requesting authentication through access control, and many others. With this information combined into one system, cyber-physical security personnel can more easily have a full situation awareness of the airport. This allows for quick detection of a potential attack occurring, identification of affected assets and what kind of attack or suspicious activity is happening. For all project outputs a Privacy and Societal Impact Assessment is conducted. The innovative aspect of this toolkit is to bring diverse information together, particularly correlating physical and cyber information. The solution is ideally used by its operators to not only see alerts as they arise, but also be able to quickly send the alert information to the relevant first-responders, including direct feeds to cameras in the area. Today there are no other mature solutions to combine situational awareness for cyber and physical security at airports. The SATIE toolkit does not only create one, but demonstrates how it greatly increases the efficacy and efficiency of safety and security personnel to predict and react and potentially save human lives.
SATIE also provides training material on the full-scale SATIE Toolbox for airport security practitioners and best practices for updating airport security policy (this was highly appreciated, reviewed and updated by several European standardisation and regulation institutions). The methodology and tools utilised for establishing the exploitation plan of SATIE include market analysis, the competition matrix, the Lean Business Model Canvas, a SWOT analysis, and the Innovation Roadmap. Partners have recorded their Key Exploitable Results (KER), defined the IPR model, recognized risks and constraints and focused on the key success factors of the SATIE Solution. The Lean Business Model Canvas was concluded for SATIE and reported in D7.4 - Exploitation plan.
Some partners developed their innovation even further than expected.
SATIE also provides training material on the full-scale SATIE Toolbox for airport security practitioners and best practices for updating airport security policy (this was highly appreciated, reviewed and updated by several European standardisation and regulation institutions). The methodology and tools utilised for establishing the exploitation plan of SATIE include market analysis, the competition matrix, the Lean Business Model Canvas, a SWOT analysis, and the Innovation Roadmap. Partners have recorded their Key Exploitable Results (KER), defined the IPR model, recognized risks and constraints and focused on the key success factors of the SATIE Solution. The Lean Business Model Canvas was concluded for SATIE and reported in D7.4 - Exploitation plan.
Some partners developed their innovation even further than expected.
In the context of SATIE, the following airport assets were investigated with respect to their interoperability and possible vulnerabilities: Airport Operations Data Base, (AODB), Resource Management System (RMS), Flight Information Display System (FIDS), Air Traffic Management (ATM), Baggage Handling System (BHS), check-in or boarding area and the passenger controls. These systems have been replicated or connected utilising their real set-up to a simulation platform, which itself was needed to be developed. The connected systems, i.e. the target infrastructure, were investigated looking at their responses and interaction when attacked by adversaries. In order to achieve this, SATIE has invented five different scenarios consisting of realistic, imaginable and high sophisticated attack vectors.
The simulation set up provided for and by SATIE includes a remarkable number of detailed copies of real systems utilised in the airport cyber-physical environment. These digital twins of real systems can be attacked with a bunch of cyber-attacks ranging from Denial of Service (DoS) over Brute Force Attacks to very specific small but harmful attacks like exchange of baggage tags on the conveyor belt of a Baggage Handling System (BHS).
The airports have replicated their Information Technology (IT) and Operational Technology (OT) networks for the simulation purposes and the partners have deployed their security systems on the simulation platform. The Security Operation Centre (SOC), which was included in the simulation, supervises all systems, the network, the servers, databases, the access control, etc. The SOC correlates the received information to detect cyber physical threats and warns the different stakeholders. The system therefore proved its capacity to respond to airport threats in a secure (simulated) environment.
The recommendations based on the Privacy by Design principles have allowed improving the methodology used for the assessment of data protection of end-users and travellers within the complex security systems. This is achieved and maintained through integrating new conceptual tools contributing to minimization of social and economic impact while assuring compliance with active regulations where the use of personal data is involved. This in turn, translated significant findings into dissemination activities and materials, including scientific papers with relevant recommendations for future research and innovation projects.
The simulation set up provided for and by SATIE includes a remarkable number of detailed copies of real systems utilised in the airport cyber-physical environment. These digital twins of real systems can be attacked with a bunch of cyber-attacks ranging from Denial of Service (DoS) over Brute Force Attacks to very specific small but harmful attacks like exchange of baggage tags on the conveyor belt of a Baggage Handling System (BHS).
The airports have replicated their Information Technology (IT) and Operational Technology (OT) networks for the simulation purposes and the partners have deployed their security systems on the simulation platform. The Security Operation Centre (SOC), which was included in the simulation, supervises all systems, the network, the servers, databases, the access control, etc. The SOC correlates the received information to detect cyber physical threats and warns the different stakeholders. The system therefore proved its capacity to respond to airport threats in a secure (simulated) environment.
The recommendations based on the Privacy by Design principles have allowed improving the methodology used for the assessment of data protection of end-users and travellers within the complex security systems. This is achieved and maintained through integrating new conceptual tools contributing to minimization of social and economic impact while assuring compliance with active regulations where the use of personal data is involved. This in turn, translated significant findings into dissemination activities and materials, including scientific papers with relevant recommendations for future research and innovation projects.