This is another post in a series of articles about the SATIE project work-packages (WPs). The idea is to present the reader with more information on the work planned in the project and how planned activities will help to achieve the project goals. This post is about WP4, while future posts will discuss other project WPs.
Objectives of WP4
This work package has five main objectives:
- Standardize data exchanges and improve log semantic on detection systems.
- Improve spoofing detection on radio communication channels.
- Improve cyber threat and anomaly detection on the baggage handling system.
- Improve anomaly detection on passenger name records.
- Correlate cyber-physical security events coming from other threat detection systems.
Work Plan
To achieve these objectives, all partners will work together.
To “Standardize data exchanges and improve log semantic on detection systems” all partners will specify data exchanges and interfaces so that ISEP can describe and promote systems interoperability. Ontologies will be defined to deal with the diversity of the type of data that needs to be represented and managed within SATIE systems, interconnecting the physical concepts and cyber concepts.
Figure 1: High-level overview of various cyber-physicall elements related to airport security
To “Improve spoofing detection on radio communication channels” DLR will work in collaboration with SAV to integrate the speaker authorization check in TraMICS (Traffic Management Intrusion and Compliance System). The TraMICS is now connected to the AIRBUS simulation platform also known as “AIRBUS CyberRange”. The TraMICS will monitor voice communication and traffic situation to detect different indications and correlate them to a security threat indicator. It is expected that the application of TraMICS decreases detection time of security threats and supports immediate decision about mitigation procedures.
To “Improve cyber threat and anomaly detection on the baggage handling system” ITTI, INOV and AIRBUS will deploy their probes and analyser to detect cyber threats. ITTI will extend the capabilities of its Machine Learning-based anomaly detection system. INOV will improve its Business Process based Intrusion Detection System for monitoring systems used in airports receiving inputs from ICS/SCADA networks. AIRBUS will provide a network file extractor and a malware analyser to perform an automatic and in-depth analysis of files that transit through ICS/SCADA networks.
Figure 2: Example alert combining information from cyber-physicall events
To “Improve anomaly detection on passenger name records” IDEMIA, with the help of other partners, will analyse check-in data and extended passenger identity with baggage tracking in order to detect threats. This system will help to track, to locate lost or isolated untagged baggage, and to identify the owners or persons who have been in contact with such baggage.
To “Correlate cyber-physical security events coming from other threat detection systems” AIRBUS will deploy a correlation engine and, with the help of other partners, will create alert rules to correlate security events. The cyber and physical security events will be correlated in order to scale up more relevant alerts in real time to the incident management system.
Note: This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein. This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 832969.
