Catalyst / admin/AirportCyberSimulator 14.8 GB / 57.8 GB 40.0 GB free
Help Sign in

admin / AirportCyberSimulator

public

Airport Cyber Attack Simulation Application

Code Issues Pull requests Pipelines Packages Security Insights Wiki Settings
AirportCyberSimulator / airport-cyber-sim-v2-exe / src / data / playbooks.json 9112 B · main
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
[
  {
    "playbook_id": "pb_01_ransomware",
    "name": "The OT Gridlock (Ransomware)",
    "ingress_point": "baggage_handling",
    "ingress_method": "Employee plugged in an infected USB drive found in the terminal.",
    "ingress_icon": "usb_drive",
    "spread_tempo": "fast",
    "spread_events": [
      { "delay_seconds": 4, "target": "check_in", "vector": "Shared Network Drive" },
      { "delay_seconds": 7, "target": "logistics", "vector": "Automated Routing API" }
    ],
    "description": "Adversaries exploit an unpatched remote-access vulnerability in the operational technology (OT) network. Ransomware encrypts fast — it usually outruns a patch.",
    "notifications": {
      "caa": { "required": false },
      "dft": { "required": true, "reason": "Ransomware crippling baggage and logistics OT is a disruption to designated critical transport infrastructure — reportable to the Department for Transport under the Cyber Security and Resilience Bill." }
    }
  },
  {
    "playbook_id": "pb_02_iot_botnet",
    "name": "The Silent Choke (IoT Botnet)",
    "ingress_point": "hvac_systems",
    "ingress_method": "Default admin credentials left on an internet-facing smart thermostat.",
    "ingress_icon": "unlocked_padlock",
    "spread_tempo": "slow",
    "spread_events": [
      { "delay_seconds": 9, "target": "terminal_access", "vector": "Building Management VLAN" },
      { "delay_seconds": 19, "target": "atc_tower", "vector": "Shared Environmental Controls" }
    ],
    "description": "Physical-environment compromise via poorly secured smart building devices. The botnet spreads slowly and stealthily — there is time to patch.",
    "notifications": {
      "caa": { "required": true, "reason": "The compromise reaches the ATC environment and threatens air traffic services — a Mandatory Occurrence Report to the Civil Aviation Authority is required." },
      "dft": { "required": true, "reason": "Building-management and terminal systems are critical transport infrastructure — reportable to the Department for Transport under the Cyber Security and Resilience Bill." }
    }
  },
  {
    "playbook_id": "pb_03_supply_chain",
    "name": "The Third-Party Siphon (API Breach)",
    "ingress_point": "retail_pos",
    "ingress_method": "Phishing email compromised a retail vendor's external support account.",
    "ingress_icon": "phishing_email",
    "spread_tempo": "medium",
    "spread_events": [
      { "delay_seconds": 6, "target": "ticketing_db", "vector": "Payment Gateway API" },
      { "delay_seconds": 11, "target": "public_wifi", "vector": "Customer Data Sync" }
    ],
    "description": "Data exfiltration via a compromised third-party vendor API connection. A patch can just win the race — if you are quick.",
    "notifications": {
      "caa": { "required": false },
      "dft": { "required": true, "reason": "A supply-chain breach of passenger and payment systems affects transport-sector operations — reportable to the Department for Transport under the Cyber Security and Resilience Bill supply-chain provisions." }
    }
  },
  {
    "playbook_id": "pb_04_insider",
    "name": "The Rogue Insider (Credential Theft)",
    "ingress_point": "security_screening",
    "ingress_method": "Disgruntled employee used a rogue smartphone to capture supervisor QR badges.",
    "ingress_icon": "rogue_smartphone",
    "spread_tempo": "medium",
    "spread_events": [
      { "delay_seconds": 5, "target": "identity_db", "vector": "Admin Access Elevation" },
      { "delay_seconds": 10, "target": "boarding_gates", "vector": "Biometric Override" }
    ],
    "description": "Bypassing perimeter defences using legitimate but stolen administrative access rights.",
    "notifications": {
      "caa": { "required": true, "reason": "Subversion of screening, identity and boarding controls is an aviation-security integrity event — reportable to the Civil Aviation Authority." },
      "dft": { "required": false }
    }
  },
  {
    "playbook_id": "pb_05_spoofing",
    "name": "The Blind Spot (Signal Spoofing)",
    "ingress_point": "atc_tower",
    "ingress_method": "Unsecured maintenance VPN accessed via a brute-force attack.",
    "ingress_icon": "vpn_breach",
    "spread_tempo": "fast",
    "spread_events": [
      { "delay_seconds": 4, "target": "runway_lighting", "vector": "Tower Control Protocol" },
      { "delay_seconds": 7, "target": "airplane_comms", "vector": "VHF Radio Spoofing" }
    ],
    "description": "Catastrophic kinetic impact via GPS and communication-signal manipulation. The spoof propagates almost instantly — patching rarely beats it.",
    "notifications": {
      "caa": { "required": true, "reason": "Manipulation of ATC, runway lighting and aircraft communications is a direct flight-safety emergency — an immediate Mandatory Occurrence Report to the Civil Aviation Authority is mandatory." },
      "dft": { "required": true, "reason": "A safety-critical attack on national aviation infrastructure must also be reported to the Department for Transport under the Cyber Security and Resilience Bill." }
    }
  },
  {
    "playbook_id": "pb_06_fids_deface",
    "name": "The Information Hijack (FIDS Defacement)",
    "ingress_point": "flight_displays",
    "ingress_method": "Weak CMS password cracked on the flight-information display controller.",
    "ingress_icon": "password_crack",
    "spread_tempo": "medium",
    "spread_events": [
      { "delay_seconds": 6, "target": "pa_audio_system", "vector": "Shared Media Server" },
      { "delay_seconds": 12, "target": "airport_mobile_app", "vector": "Content Delivery API" }
    ],
    "description": "Public-facing information systems defaced to sow passenger confusion and misinformation.",
    "notifications": {
      "caa": { "required": false },
      "dft": { "required": true, "reason": "Defacement of passenger information, PA and app channels disrupts public transport operations and safety messaging — reportable to the Department for Transport." }
    }
  },
  {
    "playbook_id": "pb_07_access_control",
    "name": "The Perimeter Ghost (Access Control)",
    "ingress_point": "electronic_doors",
    "ingress_method": "A rogue wireless router planted on the access-control network segment.",
    "ingress_icon": "rogue_router",
    "spread_tempo": "fast",
    "spread_events": [
      { "delay_seconds": 3, "target": "cctv_network", "vector": "Physical Security VLAN" },
      { "delay_seconds": 6, "target": "loading_bay", "vector": "Dock Controller Bridge" }
    ],
    "description": "Perimeter and surveillance systems subverted to enable undetected physical intrusion. It jumps segments quickly — too quickly to patch in most cases.",
    "notifications": {
      "caa": { "required": false },
      "dft": { "required": true, "reason": "Loss of doors, CCTV and dock controls is an aviation-security and physical-perimeter failure — reportable to the Department for Transport, which regulates UK aviation security (TRANSEC)." }
    }
  },
  {
    "playbook_id": "pb_08_pii_breach",
    "name": "The Data Hemorrhage (PII Breach)",
    "ingress_point": "passenger_services",
    "ingress_method": "Misconfigured cloud storage bucket leaked passenger records publicly.",
    "ingress_icon": "cloud_leak",
    "spread_tempo": "slow",
    "spread_events": [
      { "delay_seconds": 8, "target": "frequent_flyer_db", "vector": "Data Warehouse Replication" },
      { "delay_seconds": 16, "target": "border_control_api", "vector": "Advance Passenger Info Feed" }
    ],
    "description": "Mass exfiltration of personally identifiable information across linked passenger data stores. Replication is gradual — a patch can hold the line.",
    "notifications": {
      "caa": { "required": true, "reason": "Compromise of the Advance Passenger Information feed to border systems is an aviation-security data event — reportable to the Civil Aviation Authority." },
      "dft": { "required": true, "reason": "A mass passenger-data breach affecting transport operations is reportable to the Department for Transport (in addition to the ICO under UK GDPR)." }
    }
  },
  {
    "playbook_id": "pb_09_grid_overload",
    "name": "The Grid Overload (EV Infrastructure)",
    "ingress_point": "ev_charging_grid",
    "ingress_method": "Malware implanted in a charging-station firmware update package.",
    "ingress_icon": "malware_bug",
    "spread_tempo": "medium",
    "spread_events": [
      { "delay_seconds": 6, "target": "power_subsystem", "vector": "Smart-Charging Management Bus" },
      { "delay_seconds": 11, "target": "ground_support_trackers", "vector": "Facilities Telemetry Link" }
    ],
    "description": "Energy-infrastructure sabotage cascading from EV charging into core power and ground operations.",
    "notifications": {
      "caa": { "required": false },
      "dft": { "required": true, "reason": "Sabotage of airport power and ground-operations infrastructure threatens critical transport continuity — reportable to the Department for Transport under the Cyber Security and Resilience Bill." }
    }
  }
]