CASE STUDY | SCADA SECURITY AND CONTINUITY

Defending an Airport Freight Management System with CYBERBIT SCADAShield

About The CustomerThe Customer is an international airport operator in an OECD country. The user is the Head of Security operations, reporting to the airport’s CIO.

The ChallengesAirlines process & handle large amounts of baggage on a 24X7 basis, requiring seamless integration and synchronization between airlines and airport systems. These integrations utilize interfaces defined by IATA: the International Air Transport Association, and typically implemented by SITA, the primary provider of air transport communications and information technology.

Eliminating malfunctions and cyber threats is obviously critical, and often regulated by the local government administration.

The customer network is highly complex, difficult to map, and integrates multiple systems, to the extent that the customer was challenged in generating a comprehensive list of IPs in their network.

CustomerInternational airport operator in an OECD territory

Industry: Air Transport

Challenge: Improving control and visibility over a complex operational network, which integrates multiple systems. Addressing both cyber security threats and continuity risks and complying with industry regulations.

Solution:CYBERBIT SCADAShield

Why CYBERBIT:• Comprehensive network visibility, mapping

the entire network’s OT and IT assets, and highlighting all OT and IT network touch points

• Deep packet inspection, providing higher quality detection of continuity and security risks

• Real-time, highly reliable detection by monitoring using raw network data, vs. alternative solutions which monitor logs and may therefore be biased

Results:• CYBERBIT SCADAShield deployed on passenger

and logistic sides of the baggage handling process

• Improved visibility and asset management

• Rapid surfacing of configuration and security issues

• Integration with airport SOC

CYBERBIT Ltd.22 Zarhin st. P.O.B. 4410, Ra’anana 4310602, Israel

Tel: 972-9-8864525, Fax: 972-9-8864556www.cyberbit.net | sales@cyberbitc.com

The customer uses several systems for baggage management - some are deployed on the passenger/airline side, and others are deployed on the physical, logistic side, within the airport:

1 Ticketing and tagging system - this system handles the international ticketing and tagging of passenger

baggage between Departure Control Systems (DCSs) and Automated Baggage Handling systems. It uses an International iATA standard and is connected to a global baggage management service, which synchronizes baggage from various airports and airlines, all using the same protocol.

2 Internal Airport LCM (Logistics Center Management system) - this system handles the transport and sorting of

passenger baggage within the airport. In this case implemented by Siemens. The System is highly distributed and complex. It utilizes multiple indicators, conveyors, physical security components and other PLCs to handle the control, distribution and transport of baggage over the Siemens SCADA protocol.

The customer network manager was in need of a solution that will assure operational continuity and security of airport freight management systems, enable compliance with regulations, and will improve control and visibility of the complex operational network.

The SolutionAfter evaluating several potential solutions, the customer chose to deploy CYBERBIT SCADAShield to protect both the passenger side and logistic side of the baggage handling process.

Implementation was straightforward, according to the following phases:

1. Implementation in the airport’s main and backup sites

2. Installing strengthened appliance sensors in each site’s data centers

3. The sensors perform Deep Packet Inspection on actions such as commands and measurements

4. The Centralized Management Server logs the data, performs anomaly detection, analyzes the network structure and continuously generates and optimizes automated rules based on network traffic

5. The system is integrated with the airport’s operator’s SOC (Security Operations Center) by means of a SIEM interface

CYBERBIT Ltd.22 Zarhin st. P.O.B. 4410, Ra’anana 4310602, Israel

Tel: 972-9-8864525, Fax: 972-9-8864556www.cyberbit.net | sales@cyberbitc.com

CYBERBIT SCADAShield addresses the customer’s challenges as follows:

Operational:

1. Behavioral baseline - CYBERBIT’s Solution created a behavioral baseline within hours of deployment, allowing identifying and alerting upon abnormal behavior.

2. Asset management - the customer gained complete, real-time visibility of the entire network components and interconnections. The customer was finally able to obtain a list of all IPs in their network, which was not possible prior to deploying CYBERBIT’s solution.

3. Real-time monitoring & detection - functional malfunctions in the OT network are detected immediately.

4. Rapid surfacing of configuration problems - configuration issues are identified and visualized instantly, before damage is inflicted. For example: once deployed, the Solution immediately detected and alerted on several controllers in the network, which were beyond the same IP address.

Security:

1. Immediate detection of unauthorized devices - for example: the system will generate an alert when a computer has been connected to the network and lacks the appropriate permissions.

2. Immediate detection and alert for illegal messages or actions - whitelists are generated and optimized automatically and continuously, to alert upon abnormal activity - in addition to a blacklist module.

3. Protocol hardening - the SCADA protocol being used in the network is often vulnerable to security exploits. The CYBERBIT solution automatically hardens the communication protocol and eliminates known vulnerabilities.

CYBERBIT Ltd.22 Zarhin st. P.O.B. 4410, Ra’anana 4310602, Israel

Tel: 972-9-8864525, Fax: 972-9-8864556www.cyberbit.net | sales@cyberbitc.com

Conclusion:The airport gained immediate benefit from fast & efficient deployment while leveraging the full assets discovery capabilities and OT malfunctions detection.

CYBERBIT SCADAShield protects sensitive infrastructure serving multiple airlines and airports. In this implementation it protects against both operational malfunctions and cyber threats, while providing real-time visibility of the entire, highly complex, operational network, uncovering OT/IT touchpoints and unknown network components. The solution supports air transport industry protocols including SITA and TIM.

The customer chose to combine two CYBERBIT solutions: SCADAShield for Security and Continuity, and CYBERBIT SOC 3D for

Security Operation Center (SOC) Management. This combination provides operational continuity and security, streamlines security operations management, and increases the organization’s security posture and operational performance.

About CYBERBITCYBERBIT addresses the challenges of 21st century security operations. Our products and technologies enable enterprises to detect advanced threats in seconds, streamline security operations, improve security team efficiency and address the primary enterprise security shortfalls such as skill shortage and alert fatigue, in IT and OT environments.

CYBERBIT protects the most sensitive networks on the planet including large enterprise networks as well as military and government infrastructure. CYBERBIT leverages big-data analytics and machine learning algorithms, deriving from military intelligence systems, to introduce new standards of excellence into enterprise security. CYBERBIT is a subsidiary of Elbit Systems (NASDAQ: ESLT)

CYBERBIT products include:• Endpoint Detection and Response

• SCADA Detection and Response

• SOC Management

• Cybersecurity Training and Simulation

“I was impressed by the ability to instantly discover my entire network’s components. Once connected, CYBERBIT’s solution revealed devices and controllers that I was not aware of, and others that were configured differently from what I had expected. This enabled me to rapidly fix misconfigurations and policy breaches”

(Airport Head of Security Operations)

CYBERBIT Ltd.22 Zarhin st. P.O.B. 4410, Ra’anana 4310602, Israel

Tel: 972-9-8864525, Fax: 972-9-8864556www.cyberbit.net | sales@cyberbitc.com