The Airport Cybersecurity Appliance (ACA)
Securing Airport OT Networks
Intelligent, Continuous, Secure, Resilient, Automated.
Just as TSA has checkpoints to screen baggage and passengers to prevent threats in secure areas, the ACA is an intelligent cybersecurity appliance that screens all data access to secure automation systems. It is important to note that at practically every airport installation, the controls network and BHS network are isolated and are NOT monitored by airport IT, but still vulnerable to attack. The ACA protects these systems by continuously monitoring access to PLC controlled systems and detecting unauthorized PLC software changes while providing security, notifications, data insights and secure remote connectivity for industrial automation systems. The device fits seamlessly into existing server racks and hardware infrastructure.
If a breach is detected, the ACA can shutdown affected systems gracefully. The device provides remote hardware controlled disconnect at every desired endpoint, having the capability of disconnecting attached devices on power loss, network loss, tamper detection and other conditions.
The United States Transportation Security Administration (TSA) has implemented new requirements to enhance cybersecurity resilience, aiming to prevent disruptions and degradation of critical infrastructure. The airport Information Technology (IT) group is responsible for providing cybersecurity compliance on the IT network but normally does not manage the Operational Technology (OT) industrial network. The following are the new TSA requirements and how the ACA satisfies the requirements for the OT network side:
» Network segmentation policies and controls must ensure that the OT system can operate safely in the event of a compromise to the IT network.
The ACA provides an air gap between the airport IT network and the OT network. In this way, the secure OT network (for example, the BHS network), functions independently of the airport IT network to ensure operational continuity regardless of the state of the airport IT infrastructure.
» Access control measures must prevent unauthorized local and remote access to critical cyber assets based on the principle of least privilege and utilizing Multi-Factor Authentication (MFA) where technically feasible.
The ACA governs all access to the OT network. External access is monitored and tracked, with MFA and other safeguards required to access the system from an external source. Role based privileges ensure only those requiring access to specific assets and systems are granted permission.
» Implementation of continuous monitoring and anomaly detection for critical cyber systems is required.
The OT network is monitored by the ACA and alerts are generated for all threats detected.
In addition, systems monitored by the ACA can be shutdown to lockout access until issues are resolved.
» Implementation of a vulnerability management program to address patch management for critical cyber systems including operating systems, applications, drivers, and firmware on critical cyber systems is required.
The ACA monitors the PLCs that run the control systems, ensuring that no programs are modified without proper access. Security updates and patches are delivered through the ACA.
In summary, the ACA provides the following benefits:
»Protection of Critical Infrastructure: Airport IT networks do not protect the OT infrastructure. The ACA fills this need by monitoring the OT network and control systems, with the ability to shut down critical components before damage is done.
»Operational Continuity: Even if the IT network is compromised, the ACA provides an air gap to the OT network so that critical systems can continue to operate.
»Regulatory Compliance: The ACA is an all-in-one solution to meet regulatory compliance required by TSA.
»Cyber-Physical Security: Automation systems control physical processes in airports where cybersecurity means more than just protecting data- it also means safeguarding the physical equipment and processes that could be manipulated remotely. The ACA provides this security.
»Awareness: The ACA has the ability to send alerts and alarms (configurable) to integrated systems so that detected threats cannot go unnoticed.