Enabling The Smart Airport
Protecting Airport Infrastructure From Evolving Cyber Threats
Customer/ Partner:
A Major European International Airport Hub.
Customer Requirement:
Enable real-time visibility of operational data while protecting ATC, runway operations and safety, baggage handling and cargo systems and flight information display systems from threats emanating from the interconnection of these systems to less-trusted IT networks.
Waterfall’s Unidirectional Solution:
Secure the operational network perimeter from external threats and provide real-time enterprise monitoring – Unidirectional Security Gateways protect all operational systems with an impassable physical barrier to external network threats.
Unidirectional Network Protection For Airport Infrastructure
Cyber attacks on civil airport systems and infrastructures can lead to catastrophic consequences. Airports rely on SCADA and industrial control systems for utilities, baggage systems, radar systems, runway operations and safety systems for safe and reliable passenger travel. Waterfall Unidirectional Security Gateways and related products replace firewalls on industrial networks to enable safe IT/OT integration while physically preventing online and remote attacks on airport operations networks.
The challenge
To protect safe, reliable and continuous operation of airport infrastructure operational systems and safety networks from cyber threats emanating from less trusted IT networks and the Internet. At the same time provide realtime access to operational data for the airport enterprise and the public, as well as periodic and on-demand inbound access for updates and vendors.
Waterfall solution
A Waterfall Unidirectional Gateway provides safe IT/OT integration, connecting the operations control system network to the Enterprise network. The gateway replicates process historian and Syslog servers from the control network to the enterprise network. Enterprise clients interact normally and bi-directionally with these replicas in real- time. A Waterfall FLIP, a hardware-enforced Unidirectional Security Gateway whose orientation is reversible, permits disciplined, scheduled updates of operations systems. By schedule, or by exception, an independent control mechanism triggers the FLIP hardware to change orientation, allowing specific updates to flow back into the protected control system network as needed.
Results & benefits
100% Security: Having replaced the IT/ OT firewall with hardware-enforced physical protection in the form of a Unidirectional Gateway and a FLIP, airport control networks are now physically protected from online attacks originating on IT, Internet or other external networks.
100% Visibility: Existing airport systems continue to operate normally. Instead of accessing servers on the critical operational network through a vulnerable firewall, users on the enterprise network now access realtime data from the replica process historian for all informational and security requirements.
100% Compliance: This architecture facilitates compliance with even the most rigorous industrial cybersecurity standards and regulations, world-wide.
Theory of Operation
Waterfall Unidirectional Security Gateways replace firewalls in industrial network environments, providing absolute protection to control systems and industrial control networks from attacks emanating from external less-trusted networks. Unidirectional Gateways contain both hardware and software components. The hardware components include a TX Module, containing a fiber-optic transmitter/laser, and an RX Module, containing an optical receiver, but no laser. The gateway hardware can transmit information from an industrial network to an external network, but is physically incapable of propagating any virus, DOS attack, human error or any cyber attack at all back into the protected industrial network. The Gateways enable vendor monitoring, industrial cloud services, and visibility into operations for modern enterprises and customers. Unidirectional Gateways replicate servers, emulate industrial devices and translate industrial data to cloud formats. As a result, Unidirectional Gateway technology represents a plug-and-play replacement for firewalls, without the vulnerabilities and maintenance issues that accompany firewall deployments.
Global Certifications And Compliance
Certified: Common Criteria EAL 4+, ANSSI CSPN, NITES Singapore
Assessed by: US DHS SCADA Security Test Bed & Japanese Control Systems Security Center Bed, Idaho National Labs, Digital Bond Labs, GE Bently Nevada Systems Labs, and NISA Israel
Complies with: Global ICS Standards & Regulations, Single European Sky (SESAR), NERC CIP, IEC 62443, NRC 5.71, NIST 800-82r2, CFATS, ISO, IIC SF, ANSSI, and many more
Unidirectional Security Gateways Benefits:
Safe, real-time continuous monitoring of airport critical infrastructure and operational control systems
Absolute protection from remote attack consequences, including unscheduled downtime, equipment damage and threats to workers, and public safety
Simplified audits, change reviews, and security system documentation
Real-time process historian server data and functionality are available to business network users and applications
Disciplined, on-demand and scheduled updates of airport systems, without the vulnerabilities that always accompany firewall deployments
Share
Trending posts
Impressions of Cyber-Informed Engineering
Top 10 Cyberattacks on Industrial and Critical Infrastructure of 2024
Stay up to date
Subscribe to our blog and receive insights straight to your inbox