Home' RTCA Documents for Review : DO-230H FRAC Contents 282
© 2017, RTCA, Inc.
using only a limited and known protocol, and there is little if any exchange of data outside the
On business enterprise networks data flows in many directions among connected devices. By
contrast, Airport ICS devices’ data flow is extremely limited and much more predictable- an IASS
card reader only talks to the ACS server, IP camera only talks to the VMS server, for example.
Business enterprise networks are by their nature highly connected to the outside world, and by
contrast, Airport ICS networks are highly closed, or even air gapped (in theory if not always in
As a result, cybersecurity solutions being sold to the business enterprise are not always applicable to the
ICS such as IASS. Since cybersecurity for ICS is unconventional and increasing in application, one will
find that the airport IT staff may not be aware of these differences at first, and their intended solutions may
not completely address the vulnerabilities of ICS. There is no question that typical solutions including air
gapped networks, firewalls and good network security practice will provide some measure of cybersecurity
protection for ICS, and an airport or agency needs to protect its mission critical control systems, but business
solutions are not likely to be a complete solution for ICS.
Each airport should determine an appropriate approach to cyber security. Performing a threat and
vulnerability analysis and/or a penetration test to determine necessary cyber protection to existing security
systems should be seriously considered as well.
The following are examples of vulnerabilities common to IASS and other airport ICS:
External attack via network connections- internet connections that allow automatic updates and
upgrades to Windows and other software applications provide an easy access point for potential
attacks. Remote maintenance connections for physical systems like the HVAC mentioned above,
whether over the internet, private network or even dialup access can be misused for attack purposes.
Air gap attacks- a network is said to be air gapped when there is no physical connection to other
networks that could be bridged for attack. The STUXNET attack on the Iranian nuclear facilities is
a well-publicized incident in which malware was planted on an air gapped network. It should be
noted that essential elements of the STUXNET attack code are now available on the internet. There
are certainly other methods of attacking an air gap network, such as infecting USB drives and
maintenance laptops of key personnel.
Insider threat- even if countermeasures are in place, trusted insiders may have access to critical
elements of IASS and ICS. Insiders may include airport staff as well as system integrators and
maintenance contractors who support these systems. They may not be, or may become less worthy
of that trust when employment conditions change. Also, the credentials or identity or insiders may
be compromised or stolen to provide access to an attacker.
Physical access to IT infrastructure- if an outside can physically touch any part of the IT
infrastructure, including workstations, servers, network routers switches, patch panels, and cabling,
he can generally compromise the system.
Rogue devices- many ICS and IASS devices are now trusted network devices, in that they are
granted network access, often unlimited. However, they are essentially computers but they do not
always have the same level of network security as workstations and servers.
Factory passwords- virtually every IASS security product is shipped with preset factory passwords.
These are generally known to most industry professionals and technicians, and are also published
on many industry websites (along with default IP addresses). If these are not individually changed
there is essentially no password protection.
Since IASS include standard workstations and servers, they also include:
Normal known Windows OS vulnerabilities (which are not always patched)
Links Archive Navigation Previous Page Next Page