Enabling The Smart Airport

Protecting Airport Infrastructure From Evolving Cyber Threats
Enabling The Smart Airport
Customer/ Partner:

A Major European International Airport Hub.

Customer Requirement:

Enable real-time visibility of operational data while protecting ATC, runway operations and safety, baggage handling and cargo systems and flight information display systems from threats emanating from the interconnection of these systems to less-trusted IT networks.

Waterfall’s Unidirectional Solution:

Secure the operational network perimeter from external threats and provide real-time enterprise monitoring – Unidirectional Security Gateways protect all operational systems with an impassable physical barrier to external network threats.

Unidirectional Network Protection For Airport Infrastructure

Cyber attacks on civil airport systems and infrastructures can lead to catastrophic consequences. Airports rely on SCADA and industrial control systems for utilities, baggage systems, radar systems, runway operations and safety systems for safe and reliable passenger travel. Waterfall Unidirectional Security Gateways and related products replace firewalls on industrial networks to enable safe IT/OT integration while physically preventing online and remote attacks on airport operations networks.

The Challenge icon
The challenge

To protect safe, reliable and continuous operation of airport infrastructure operational systems and safety networks from cyber threats emanating from less trusted IT networks and the Internet. At the same time provide realtime access to operational data for the airport enterprise and the public, as well as periodic and on-demand inbound access for updates and vendors.

Waterfall solution - icon
Waterfall solution

A Waterfall Unidirectional Gateway provides safe IT/OT integration, connecting the operations control system network to the Enterprise network. The gateway replicates process historian and Syslog servers from the control network to the enterprise network. Enterprise clients interact normally and bi-directionally with these replicas in real- time. A Waterfall FLIP, a hardware-enforced Unidirectional Security Gateway whose orientation is reversible, permits disciplined, scheduled updates of operations systems. By schedule, or by exception, an independent control mechanism triggers the FLIP hardware to change orientation, allowing specific updates to flow back into the protected control system network as needed.

Results and benefits - icon
Results & benefits

100% Security: Having replaced the IT/ OT firewall with hardware-enforced physical protection in the form of a Unidirectional Gateway and a FLIP, airport control networks are now physically protected from online attacks originating on IT, Internet or other external networks.

100% Visibility: Existing airport systems continue to operate normally. Instead of accessing servers on the critical operational network through a vulnerable firewall, users on the enterprise network now access realtime data from the replica process historian for all informational and security requirements.

100% Compliance: This architecture facilitates compliance with even the most rigorous industrial cybersecurity standards and regulations, world-wide.

vertical red line
Theory of Operation
Click to enlarge

Waterfall Unidirectional Security Gateways replace firewalls in industrial network environments, providing absolute protection to control systems and industrial control networks from attacks emanating from external less-trusted networks. Unidirectional Gateways contain both hardware and software components. The hardware components include a TX Module, containing a fiber-optic transmitter/laser, and an RX Module, containing an optical receiver, but no laser. The gateway hardware can transmit information from an industrial network to an external network, but is physically incapable of propagating any virus, DOS attack, human error or any cyber attack at all back into the protected industrial network. The Gateways enable vendor monitoring, industrial cloud services, and visibility into operations for modern enterprises and customers. Unidirectional Gateways replicate servers, emulate industrial devices and translate industrial data to cloud formats. As a result, Unidirectional Gateway technology represents a plug-and-play replacement for firewalls, without the vulnerabilities and maintenance issues that accompany firewall deployments.

Global Certifications And Compliance

Certified: Common Criteria EAL 4+, ANSSI CSPN, NITES Singapore

Assessed by: US DHS SCADA Security Test Bed & Japanese Control Systems Security Center Bed, Idaho National Labs, Digital Bond Labs, GE Bently Nevada Systems Labs, and NISA Israel

Complies with: Global ICS Standards & Regulations, Single European Sky (SESAR), NERC CIP, IEC 62443, NRC 5.71, NIST 800-82r2, CFATS, ISO, IIC SF, ANSSI, and many more

vertical red line
Unidirectional Security Gateways Benefits:

arrow red right Safe, real-time continuous monitoring of airport critical
infrastructure and operational control systems

arrow red right Absolute protection from remote attack consequences, including
unscheduled downtime, equipment damage and threats to
workers, and public safety

arrow red right Simplified audits, change reviews, and security system

arrow red right Real-time process historian server data and functionality are
available to business network users and applications

arrow red right Disciplined, on-demand and scheduled updates of airport
systems, without the vulnerabilities that always accompany
firewall deployments


Stay up to date

Subscribe to our blog and receive insights straight to your inbox