In the context of SATIE, the following airport assets were investigated with respect to their interoperability and possible vulnerabilities: Airport Operations Data Base, (AODB), Resource Management System (RMS), Flight Information Display System (FIDS), Air Traffic Management (ATM), Baggage Handling System (BHS), check-in or boarding area and the passenger controls. These systems have been replicated or connected utilising their real set-up to a simulation platform, which itself was needed to be developed. The connected systems, i.e. the target infrastructure, were investigated looking at their responses and interaction when attacked by adversaries. In order to achieve this, SATIE has invented five different scenarios consisting of realistic, imaginable and high sophisticated attack vectors.
The simulation set up provided for and by SATIE includes a remarkable number of detailed copies of real systems utilised in the airport cyber-physical environment. These digital twins of real systems can be attacked with a bunch of cyber-attacks ranging from Denial of Service (DoS) over Brute Force Attacks to very specific small but harmful attacks like exchange of baggage tags on the conveyor belt of a Baggage Handling System (BHS).
The airports have replicated their Information Technology (IT) and Operational Technology (OT) networks for the simulation purposes and the partners have deployed their security systems on the simulation platform. The Security Operation Centre (SOC), which was included in the simulation, supervises all systems, the network, the servers, databases, the access control, etc. The SOC correlates the received information to detect cyber physical threats and warns the different stakeholders. The system therefore proved its capacity to respond to airport threats in a secure (simulated) environment.
The recommendations based on the Privacy by Design principles have allowed improving the methodology used for the assessment of data protection of end-users and travellers within the complex security systems. This is achieved and maintained through integrating new conceptual tools contributing to minimization of social and economic impact while assuring compliance with active regulations where the use of personal data is involved. This in turn, translated significant findings into dissemination activities and materials, including scientific papers with relevant recommendations for future research and innovation projects.