Our sister publication ATM Magazine recently visited the Information Security Hub at Munich Airport and spoke to Marc Lindike, head of information security assurance at the airport.
Let's begin by looking at Lindike's main task, protecting the airport’s infrastructure from around 1,000 attacks per day.
In the past, the function of cyber security was decentralised with many different teams having different segments of responsibility. Under his leadership, Marc centralised these functions and ensured the management of critical responsibilities was handled by internal employees. This allowed an increase in focus on this topic by having a team that was 100% dedicated to this function. The team worked with external consultants and industry peer knowledge exchange in order to define the functionality that was required. One of the key industry experts who helped guide them in the definition of their final solution was former Head of CERT-EU, Freddy Dezeure.
Now let’s fast forward to the ISH. With a structure in place to protect the airport and its critical infrastructure on a daily basis, the concept was born to develop a place where the industry could collaborate and learn from each other’s real-world experience to help launch successful cyber solutions at other organisations. Their stated vision is ‘to build a powerful and active coalition of experts to defend our industry against all threats from the red teams out there’. The concept behind the ISH was that of a medium-size company. These companies could bring their cybersecurity experts here for training. In addition to training, the organisations who utilise the facility can develop and test new technologies during their workshops. This allows them to determine how they might need to be customised for use back in their business location. During the time in the ISH, these systems can be attacked and defended by participating cyber experts. There are also possibilities to conduct hands-on simulations with technologies resident in the ISH that could lead to new options for cybersecurity protection at the visiting organisation in their future planning.
The tour of the facility was impressive. The Hub is an open lab, conference center and networking facility for use by other European airports, critical infrastructure provider or any organisation interested in exploring serious IT security. It’s the only facility at the airport you will find that is not branded as part of Munich Airport to help reinforce this openness.
The first stop on our tour was the room designed to simulate a Security Operations Centre (SOC). In this room the defenders of an organisation work in a simulated attack environment to uncover and respond to threats. Training is also a part of this phase in order to help the individuals who are participating learn about tools to conduct their work. The facility has over 1,000 networked components including 300 computers, plus servers and sensors. The room can be configured to represent different work environments beyond a SOC appropriate to the organisation using the facility.
The next stop was the executive ‘war room’. This is where senior executives (which could include board members) will be alerted to the different threats and need to be making the decisions as to how to proceed and how to communicate in a crisis situation. The programme can even turn up the heat by having mock news reporters in the mix to provide additional ‘stress’ to the urgency of the decision-making of the executive team. The addition of this role play aspect brings a real-life feeling to these mock scenarios and is a great to way to involved executive teams in the training programme.
The last stop on the tour were the IT office and OT lab that allow for constituencies from each of these areas of responsibilities to learn about the other side of these connections. As IP connectivity expands, OT functionality that was in essence ‘firewalled’ from the outside world is now connected to an IT infrastructure that could allow for threat actors to reach the OT functionality in an airport or other organisation. Within the OT lab there were miniature baggage conveyors to help visualize the problems that could be caused in the real-world environment.
There is also a theatre that can hold 120 people, facilities for live streaming of presentations and networking receptions when the day is done. The ISH can be branded with lighting throughout the centre in the colours of the companies in attendance. A nice touch to personalise any visit.
In October, the ISH will host Germany’s largest networking platform for virtual, augmented and mixed reality, the Virtual Reality Business Club, for their event “Metaverse is no longer science-fiction.” Virtual and augmented reality solutions are a growing topic at the ISH. Maybe in the future they will expand beyond information security cyber topics to encompass the implications of new technology innovations to cyber security planning.
I really enjoyed my visit and can see the opportunity for a venue like to this provide a different way of looking at cyber training. By incorporating collaboration, role playing and different individuals across an organisation (responsibility areas and levels of authority) it brings together a mix of options that appear to be something really differentiated in our industry.
Images: Munich Airport