1. Airport Information Security Hygiene Monitoring
Testing groups of, and individual, staff members by social engineering emails & other message probes.
ServiceTec originates and tests, with airport management agreement, social engineering emails and other types of internet messages to see what response employees show. This both serves as a way to identify further training requirements, as well as giving you some indication of the extent to which the airport has achieved cyber hygiene.
2. Audit of Airport Network Security
Penetration testing of the airport networks and vulnerability from the external internet
Although there are a variety of “technological” defences, e.g. firewalls and so-called “air gaps”, all of these have default settings and other vulnerabilities which are well known to attacking groups. However, closing all these possible vulnerabilities is an ongoing task in the constantly developing threat environment, as is keeping systems up-to-date. An independent test of the technological defences by an up-to-date expert, such as ServiceTec, provides a valuable check on these possibilities.
Website(s) evaluation and identification of vulnerabilities
Websites especially need expert testing because they are usually constructed using “bought in” software with vulnerabilities known to attacking groups. They are often hosted outside the airport’s own environment.
Identification of Flight Information Display (FIDS) vulnerabilities
Penetrated FIDS can be exploited by attackers to give various damaging and frightening messages, but are often not part of the security remit of an airport’s IT team. This is an area where ServiceTec’s aviation experience is especially valuable.
Identification of CCTV vulnerabilities
CCTV systems are often not part of the security remit of an airport’s IT team. They can however be used improperly, for example, to hide a physical attack. This again is an area where ServiceTec’s aviation experience is especially valuable.
3. Audit of Airport Operational Technology vulnerabilities
ServiceTec’s long aviation support experience makes it especially competent for the assessment of possible security vulnerabilities of general SCADA (Supervisory Control & Data Acquisition) devices.
Historically, SCADA devices, although computer controlled, have not been connected to airports’ IT networks. Nowadays, with the Internet of Things, such devices are increasingly connected, but their systems have not been designed with security in mind; they are often built around old and possibly unsupported systems.
These systems are often not part of the security remit of an airport’s IT team. They are, therefore, frequently vulnerable. The list of such vulnerable areas includes, at least, the following:
- Fuel farms information security vulnerability assessments
- Parking information security vulnerability assessments
- Airfield information security vulnerability assessments
- Engineering information security vulnerability assessments
- Building & Estate Management Information Security vulnerability assessments