Airport IoT cyber-security: security validation

avatar
by Samuel Pordengerg Mar 15, 2023 News
Airport IoT cyber-security: security validation

New technologies and innovative solutions can improve passenger and stakeholder comfort. The state-of-the-art T2 garden terminal reflects Bengaluru's heritage and fame as a garden city. Irrigation to the hanging garden in the shape of bells and veils is done using advanced automation.

The internet of things technology is having an impact on the operations technology infrastructure at airports. Some of these systems are found in or around airports.

OT environments use standard protocols such as Profinet and DNP3 to separate data planes. Extreme temperatures, dirt, fumes, radiation, and so on are normal for OT environments.

Arul Gopi, Senior Manager – IT Network & Security at Bangalore International Airport, discusses the rise of Internet of Things (IoT) technology and the steps airports must take to secure their airport IT infrastructure.

IT versus OT system architecture

Refer to the first table. Both of these functions have different objectives. There is a challenge in securing the information generated by the airport's operations assets. Penetration testing can be done on the control plane side of a network.

There are some examples of a security validation checklist.

1. PCB-Chips-Circuit

  • Any removed IC / model names?
  • Any connected pins?
  • Any uncleared trace paths?
  • Is tamper response (like critical memory erase, noise generators, epoxy layer on PCBs, security fuses) adopted in design?
  • e. Have emission prevention by providing shielding mechanisms?

2. Firmware:

  • Is firmware encrypted?
  • Secure boot trusted platform modules for crypto engines
  • Any dummy code in flash above the memory partitioning
  • Check for programming practices established for managing buffer overflows
  • Check for the quality assurance procedures
  • Ensure any software reverse engineering cannot happen through faults in code

3. Operating system:

  • Ensure latest stable OS
  • Ensured that users/applications cannot write to the root file system Implementing an encrypted file system
  • Removed all libraries that are redundant
  • Disabled all ports, protocols and services that are unused
  • Ensure that the software’s installed is from trusted sources.

4. Data storage:

  • Check for credential management in place
  • Ensured SAM, TPM for store credentials or encryption keys MCU in place to control access of memory protection unit in embedded OS.

There are five. There's a remote monitoring program.

  • Check for authorisation and authentication techniques in place
  • Ensured integrity of sessions and cookies that are to be maintained
  • Check for encryption of logins and password credentials in place.

The future of technology can be found in the internet of things. The popularity of the internet of things has led to an increase in the number of vulnerabilities in those products.

There are threats to the internet of things. There has been a seven-fold increase in the number of internet of things incidents in the U.S. 10 per cent of attacks will target the internet of things and airports need to secure their OT connected systems.

Ensuring meaningful collaboration between the IT and OT experts, preparing for the work through programs and procedures to deal with disruptions, and laying strong foundations for future risk-management with secured Internet of Things are just some of the things airports need to do.

Arul Gopi has over two decades of experience in designing secure airport IT networks. He holds an Engineering degree in Electronics and Communication and a Master's in Aviation Management, along with leading industry certifications that include Certify-Cybersecurity for Airport and Certified Ethical Hacker.