Transport (stations, airports, etc.) concentrates more and more people but also technologies in order to constantly optimize boarding and disembarkation procedures. These concentration points are critical for the regions that host them. They are privileged targets, exposed to many advanced threats (terrorism, espionage, sabotage, diplomatic pressure…). As the availability of transport must above all be ensured, the associated IT systems must therefore have security measures in place to prevent any accidental or malicious interruption.

Types of threats

Luggage sorting systems analyze all suitcases and parcels before loading in the hold. These analyses are carried out by proven systems, which are subject to specific certifications. A malicious third party, by taking remote control of this type of device, can modify the analysis matrices so that dangerous baggage is no longer detected. Once the compromise has been made, the attacker can simply check in his luggage, which then passes through the security filters and is put on an aircraft.

This system makes it possible to manage the lighting means on the entire runway to guide the equipment during the approach phase and on the ground. A computer attack on these systems allows a malicious third party to potentially change the display phases of the stop bars and cause collisions between several aircraft. In the night phase, untimely extinctions can also be carried out and severely disrupt all flight plans.

Video protection systems are mandatory in the boarding area. They make it possible to quickly investigate in the event of an incident and to take into account a situation in a global way. In the event of an advanced and coordinated attack on an airport area, a remote control takeover allows the attackers to take advantage of the police by removing their ability to fly. The deletion of data by these attackers greatly complicates the investigation and investigation phase.

Remote display systems are at the heart of airport operations. They provide the necessary tracking information for all passengers transiting through the terminals: boarding and check-in gates, flight numbers, possible delays, etc. A compromise of this type of system allows an attacker to directly influence the behaviour of those present on the scene: disorganisation, propaganda messages, panic, etc.

tehtris protects the transportation sector

With its wide range of coverage and its ease of deployment and exploitation, the eGambit cyber arsenal offers a real capacity to protect the various technological means used in transport, whether in a standard office environment or in a more specific environment such as airport applications.

eGambit, through its SIEM functions, also provides a log audit and review capability, which will be particularly useful to ensure the integrity of access in sensitive areas (access restricted areas, airside…).

The EDR’s remediation capabilities provide real-time protection against the execution of targeted and non-targeted threats. They therefore make it possible to stop threats before they have had the slightest impact on the information system. In addition, the very low use of local resources induced by our cyber arsenal allows deployment in a constrained environment, on specific systems (industrial applications, PLC security, protection of an environment disconnected or with a degraded connection…).

In addition, TEHTRIS’ SOC service provides an expert view of events that occur on monitored information systems.