The third SATIE demonstration event was carried out on the 8th of September 2021 at the Milan Malpensa International Airport (MXP) premises in Lombardy, Italy (Figure 1). It was a hybrid – i.e. both virtual and physical – event, consisting of a combination of pre-recorded video materials, real-time live streaming and live-performance scenario demonstrations. The demonstration was structured with the clear idea of showing SATIE’s potential. Therefore, besides presenting the various tools and their functionalities, the scenario was designed with the purpose of testing the capacity of the SATIE Solution to reveal the threats in real time. The demonstration clearly showed that SATIE is an example of holistic security, giving the assets and the people continuous protection across all attack surfaces while taking into consideration the totality of all physical, software, network and human exposure.
Figure 1 The Milan Malpensa Airport premises
Pilot operations in Milan Malpensa were organized and coordinated by SEA, the company that manages Linate and Malpensa airports, with the active involvement and technical support of all the partners, some of whom were physically present at Malpensa premises to install tools which were fundamental to performing the demonstration (Figure 2).
Figure 2 Installation of the Unified Access Control at the AOCC door at Milan Malpensa Airport premises
In preparation of the event, a project training session was organized, followed by regular internal “hands on” meetings to give the operators the possibility to investigate the systems in more detail. The “hands on” meetings were particularly productive, because the operators, very well experienced ICT airport security specialists, gave some insightful inputs that the technical partners deemed useful and decided to implement. During the event, the SEA team (see Figure 3), including the Security Operations Centre (SOC – see Figure 4) and the Airport Operations Centre (AOC – see Figure 5) operators, showed the performance of the SATIE Solution through the deployment of a realistic cyber and physical attack scenario – Scenario #3 ”Land Side – Air Side and Physical Attack”.
Figure 3 Presentation of SEA’s SATIE team during the Milan Malpensa Airport demonstration event
Figure 4 The Security Operations Centre (SOC) activities in the Crisis Room during the Milano Malpensa Airport demonstration event.
Figure 5 The Airport Operations Centre (AOC) activities in the Airport Duty Manager Backup Room during the Milano Malpensa Airport demonstration event
The SATIE Tools involved in the Milan Malpensa demonstration scenario included: Unified Access Control (UAC), Malware Analyser (MA), Application Layer Cyber Anomaly Detection (ALCAD), Impact Propagation Simulation (IPS), Correlation Engine, Incident Management Portal (IMP), Crisis Alerting System (CAS), Investigation Tool (SMS-I) and Risk Integrated Service (RIS).
The demonstration event took place in Malpensa’s Crisis Room (see Figure 6) and was attended by over 63 participants. Due to the COVID-19 measures and travel restrictions, few people were allowed in the Crisis Room and most of the audience attended virtually, but SEA was lucky enough to have sufficient space to welcome 10 people to follow the event in person. Thanks to the Project Coordinator, who managed the virtual conference, the audience following the demonstration remotely could take advantage of the online broadcasting and interactive process.
Figure 6 Milan Malpensa Airport demonstration event in the Crisis Room
During the event, to obtain exclusively unbiased opinions, only the participants external to the project – so called “independent externals” – were required to answer an evaluation questionnaire.
The SATIE Solution was considered a significant improvement compared to current security-monitoring systems, was rated as innovative and an excellent way to monitor and raise security alerts with good usability. It was agreed that the SATIE Solution provides all relevant information and enables faster detection of both cyber and physical threats. The biggest area of improvement expressed by all expert groups was the integration of the SATIE tools with the current airport systems.
Also, the feedback on the SATIE Tools contains adjectives such as: “fascinating”, “robust” and “excellent” (this last one in more than one opinion!). One feedback was an explicit question on the commercialization of the tools within the next 6 months.
The Demonstrations (the three of them: Athens, Zagreb and Milan-Malpensa) have shown that a cyber threat cannot only transform into a different cyber threat through connected systems, but cyber threats can also transform into physical threats, and vice versa. The examples shown emphasize the need for a combined cyber-physical security system such as SATIE so that the Operations and Security personnel at an airport can cooperate with the IT security personnel. In this way, all of them will have a full situational awareness and be able to realise quicker when an incident is occurring.
This cooperation is being made more efficient by: i) standardizing and simplifying the technical languages adopted; ii) actively involving the individual referenced persons belonging to the SOC or AOC entity.
The measures adopted to mitigate or even eliminate the threats depends on the airport operator’s understanding of the incident’s severity, as well as their speed to contact and inform necessary airport entities to then react accordingly. This communication chain varies according to the procedures described by each airport’s applicable regulations and manuals.
In SATIE, cyber security and physical security are handled with the same priority and tools operate on multiple, fully integrated levels. The solution perfectly bridges the gap between the ICT world and the Operations world. The innovation with SATIE is that it is not only an ICT decision support tool that reveals a cyber or physical or combined threat in real-time, but a solution that establishes a new way of communication in real-time.
