admin / AirportCyberSimulator
publicAirport Cyber Attack Simulation Application
AirportCyberSimulator / airport-cyber-sim-v2 / backend / data / infrastructure.json
14548 B · main
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 | { "canvas": { "width": 1920, "height": 1080, "map_width": 1460, "sidebar_width": 460 }, "frameworks": { "caf": { "name": "NCSC Cyber Assessment Framework (CAF) v3.2", "objectives": { "A": "Managing security risk", "B": "Protecting against cyber attack", "C": "Detecting cyber security events", "D": "Minimising the impact of cyber security incidents" } }, "csr_bill": { "name": "UK Cyber Security and Resilience Bill", "summary": "Extends NIS Regulations to designated critical infrastructure with mandatory 24/72-hour incident reporting and strengthened supply-chain and regulator powers." } }, "nodes": [ { "id": "atc_tower", "name": "ATC Tower", "type": "control", "icon": "atc", "x": 230, "y": 170, "impact": 0.85, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "D", "caf_principle": "D1 Response and Recovery Planning", "csr_duty": "Life-safety essential service; significant incidents reportable to the competent authority within 24 hours.", "insight": "Rehearsed failover and segregation of tower control systems are statutory resilience expectations." } }, { "id": "runway_lighting", "name": "Runway Lighting", "type": "ot", "icon": "runway", "x": 130, "y": 350, "impact": 0.80, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "B", "caf_principle": "B4 System Security (OT)", "csr_duty": "Airfield ground lighting OT must maintain integrity and segregation under the Bill's OT provisions.", "insight": "AGL control needs air-gapped or strongly segmented networks with signed firmware." } }, { "id": "airplane_comms", "name": "Aircraft Comms", "type": "control", "icon": "comms", "x": 370, "y": 330, "impact": 0.82, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "C", "caf_principle": "C1 Security Monitoring", "csr_duty": "Interference with aeronautical communications triggers immediate CAA and competent-authority notification.", "insight": "Continuous RF/datalink monitoring is required to detect spoofing or jamming early." } }, { "id": "power_subsystem", "name": "Power Subsystem", "type": "ot", "icon": "power", "x": 200, "y": 560, "impact": 0.88, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "B", "caf_principle": "B5 Resilient Networks and Systems", "csr_duty": "Loss of primary power to essential services is a reportable resilience failure.", "insight": "Redundant supply and tested UPS/generator failover underpin every downstream service." } }, { "id": "ev_charging_grid", "name": "EV Charging Grid", "type": "ot", "icon": "ev", "x": 130, "y": 730, "impact": 0.30, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "A", "caf_principle": "A4 Supply Chain", "csr_duty": "Internet-connected charging infrastructure falls within enhanced supply-chain due-diligence duties.", "insight": "Smart-charging OT must be isolated from the core power management network." } }, { "id": "ground_support_trackers", "name": "Ground Support Trackers", "type": "ot", "icon": "gps", "x": 300, "y": 845, "impact": 0.35, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "C", "caf_principle": "C2 Proactive Security Event Discovery", "csr_duty": "Fleet telematics compromise affecting turnaround is a reportable operational incident.", "insight": "GSE tracking should authenticate devices and rate-limit telemetry ingestion." } }, { "id": "security_screening", "name": "Security Screening", "type": "security", "icon": "security", "x": 560, "y": 170, "impact": 0.60, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "B", "caf_principle": "B2 Identity and Access Control", "csr_duty": "Access-control failures at screening are reportable and subject to enhanced assurance duties.", "insight": "Badge/biometric systems demand least-privilege, MFA and rapid credential revocation." } }, { "id": "identity_db", "name": "Identity Store", "type": "data", "icon": "identity", "x": 770, "y": 150, "impact": 0.50, "data_sensitive": true, "flat_fine": 2000000, "compliance": { "caf_objective": "B", "caf_principle": "B2 Identity and Access Control", "csr_duty": "Compromise of the identity store is notifiable under UK GDPR and the Bill.", "insight": "Privileged access to the IAM directory is the crown-jewel target; tier and PAM it." } }, { "id": "boarding_gates", "name": "Boarding Gates", "type": "service", "icon": "boarding", "x": 980, "y": 190, "impact": 0.50, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "B", "caf_principle": "B3 Data Security", "csr_duty": "Biometric override at the gate is a reportable integrity incident.", "insight": "Gates must fail-secure and validate against a tamper-evident identity source." } }, { "id": "electronic_doors", "name": "Electronic Doors", "type": "service", "icon": "door", "x": 600, "y": 350, "impact": 0.40, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "B", "caf_principle": "B2 Identity and Access Control", "csr_duty": "Physical access controller compromise is a reportable safety and security incident.", "insight": "Door controllers should sit on a dedicated VLAN isolated from building management." } }, { "id": "cctv_network", "name": "CCTV Network", "type": "security", "icon": "cctv", "x": 820, "y": 330, "impact": 0.35, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "C", "caf_principle": "C1 Security Monitoring", "csr_duty": "Loss of surveillance coverage degrades detection duties and is reportable.", "insight": "Camera estates need firmware management and isolation from corporate VLANs." } }, { "id": "loading_bay", "name": "Loading Bay", "type": "ot", "icon": "loading", "x": 1040, "y": 350, "impact": 0.30, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "A", "caf_principle": "A4 Supply Chain", "csr_duty": "Cargo dock control systems are within strengthened third-party assurance scope.", "insight": "Dock automation must authenticate integrations and log physical overrides." } }, { "id": "passenger_services", "name": "Passenger Services", "type": "data", "icon": "services", "x": 1240, "y": 170, "impact": 0.55, "data_sensitive": true, "flat_fine": 2500000, "compliance": { "caf_objective": "B", "caf_principle": "B3 Data Security", "csr_duty": "Exposure of passenger PII is notifiable to the ICO and competent authority.", "insight": "Customer records require encryption at rest, tokenisation and strict access tiering." } }, { "id": "frequent_flyer_db", "name": "Frequent Flyer DB", "type": "data", "icon": "loyalty", "x": 1330, "y": 340, "impact": 0.40, "data_sensitive": true, "flat_fine": 1800000, "compliance": { "caf_objective": "B", "caf_principle": "B3 Data Security", "csr_duty": "Loyalty PII and payment tokens breached triggers UK GDPR notification.", "insight": "Segregate loyalty stores from operational systems; monitor bulk export." } }, { "id": "border_control_api", "name": "Border Control API", "type": "data", "icon": "border", "x": 1200, "y": 480, "impact": 0.65, "data_sensitive": true, "flat_fine": 3000000, "compliance": { "caf_objective": "B", "caf_principle": "B2 Identity and Access Control", "csr_duty": "Advance Passenger Information interfaces are national-security-sensitive and reportable within 24 hours.", "insight": "APIs to Border Force require mutual TLS, strict allow-listing and anomaly detection." } }, { "id": "check_in", "name": "Check-in Systems", "type": "service", "icon": "checkin", "x": 600, "y": 560, "impact": 0.55, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "B", "caf_principle": "B5 Resilient Networks and Systems", "csr_duty": "Departure Control outages degrading essential services are reportable within 72 hours.", "insight": "Shared network drives are a classic lateral-movement path; segment east-west traffic." } }, { "id": "hvac_systems", "name": "HVAC / BMS", "type": "ot", "icon": "hvac", "x": 850, "y": 560, "impact": 0.35, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "B", "caf_principle": "B4 System Security (OT)", "csr_duty": "Internet-facing BMS with default credentials breach baseline OT security duties.", "insight": "Rotate device credentials and remove smart-building devices from public exposure." } }, { "id": "ticketing_db", "name": "Ticketing DB", "type": "data", "icon": "ticketing", "x": 1310, "y": 560, "impact": 0.45, "data_sensitive": true, "flat_fine": 1200000, "compliance": { "caf_objective": "B", "caf_principle": "B3 Data Security", "csr_duty": "Payment and reservation data exposure is notifiable to the ICO.", "insight": "Payment gateway APIs must be tokenised and isolated from customer-facing sync." } }, { "id": "retail_pos", "name": "Retail POS", "type": "service", "icon": "retail", "x": 1120, "y": 650, "impact": 0.10, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "A", "caf_principle": "A4 Supply Chain", "csr_duty": "Vendor-managed POS is within enhanced third-party assurance scope.", "insight": "Vendor remote-support accounts need MFA and phishing-resistant just-in-time access." } }, { "id": "baggage_handling", "name": "Baggage Handling", "type": "ot", "icon": "baggage", "x": 430, "y": 720, "impact": 0.45, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "B", "caf_principle": "B4 System Security (OT)", "csr_duty": "BHS is designated OT; removable-media controls are a Bill supply-chain requirement.", "insight": "Removable-media policy and OT allow-listing prevent USB-borne ingress." } }, { "id": "logistics", "name": "Logistics / Cargo", "type": "ot", "icon": "logistics", "x": 620, "y": 760, "impact": 0.40, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "A", "caf_principle": "A4 Supply Chain", "csr_duty": "Third-party routing APIs fall under strengthened supply-chain duties.", "insight": "Automated routing APIs must authenticate and rate-limit to contain spread." } }, { "id": "terminal_access", "name": "Terminal Access", "type": "service", "icon": "terminal", "x": 1000, "y": 720, "impact": 0.45, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "B", "caf_principle": "B2 Identity and Access Control", "csr_duty": "Terminal access-controller compromise is a reportable safety incident.", "insight": "Keep door/lift controllers on a dedicated VLAN isolated from the BMS." } }, { "id": "public_wifi", "name": "Public Wi-Fi", "type": "service", "icon": "wifi", "x": 1330, "y": 740, "impact": 0.15, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "B", "caf_principle": "B5 Resilient Networks and Systems", "csr_duty": "Guest-network breaches enabling data sync are reportable resilience failures.", "insight": "Guest Wi-Fi must be fully isolated from corporate and data-tier networks." } }, { "id": "flight_displays", "name": "Flight Displays (FIDS)", "type": "service", "icon": "display", "x": 560, "y": 910, "impact": 0.40, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "B", "caf_principle": "B3 Data Security", "csr_duty": "FIDS integrity failures causing passenger misdirection are reportable.", "insight": "Display feeds must be signed and rendered read-only at the endpoint." } }, { "id": "pa_audio_system", "name": "PA Audio System", "type": "service", "icon": "speaker", "x": 770, "y": 900, "impact": 0.30, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "B", "caf_principle": "B2 Identity and Access Control", "csr_duty": "Unauthorised PA broadcast is a reportable public-safety integrity incident.", "insight": "Announcement systems need authenticated operator consoles and message allow-lists." } }, { "id": "airport_mobile_app", "name": "Airport Mobile App", "type": "service", "icon": "mobile", "x": 980, "y": 900, "impact": 0.25, "data_sensitive": false, "flat_fine": 0, "compliance": { "caf_objective": "A", "caf_principle": "A4 Supply Chain", "csr_duty": "Defaced passenger-facing apps causing misinformation are reportable.", "insight": "Harden app CDNs and back-end APIs; monitor for content-integrity tampering." } } ], "links": [ { "source": "baggage_handling", "target": "check_in" }, { "source": "check_in", "target": "logistics" }, { "source": "hvac_systems", "target": "terminal_access" }, { "source": "terminal_access", "target": "atc_tower" }, { "source": "retail_pos", "target": "ticketing_db" }, { "source": "ticketing_db", "target": "public_wifi" }, { "source": "security_screening", "target": "identity_db" }, { "source": "identity_db", "target": "boarding_gates" }, { "source": "atc_tower", "target": "runway_lighting" }, { "source": "runway_lighting", "target": "airplane_comms" }, { "source": "flight_displays", "target": "pa_audio_system" }, { "source": "pa_audio_system", "target": "airport_mobile_app" }, { "source": "electronic_doors", "target": "cctv_network" }, { "source": "cctv_network", "target": "loading_bay" }, { "source": "passenger_services", "target": "frequent_flyer_db" }, { "source": "frequent_flyer_db", "target": "border_control_api" }, { "source": "ev_charging_grid", "target": "power_subsystem" }, { "source": "power_subsystem", "target": "ground_support_trackers" }, { "source": "power_subsystem", "target": "runway_lighting" }, { "source": "atc_tower", "target": "airplane_comms" }, { "source": "security_screening", "target": "electronic_doors" }, { "source": "identity_db", "target": "passenger_services" }, { "source": "check_in", "target": "flight_displays" }, { "source": "terminal_access", "target": "hvac_systems" }, { "source": "boarding_gates", "target": "check_in" }, { "source": "cctv_network", "target": "atc_tower" }, { "source": "border_control_api", "target": "ticketing_db" }, { "source": "loading_bay", "target": "logistics" }, { "source": "airport_mobile_app", "target": "public_wifi" }, { "source": "ground_support_trackers", "target": "baggage_handling" }, { "source": "frequent_flyer_db", "target": "retail_pos" }, { "source": "pa_audio_system", "target": "terminal_access" } ] } |