Catalyst / admin/AirportCyberSimulator 14.8 GB / 57.8 GB 40.0 GB free
Help Sign in

admin / AirportCyberSimulator

public

Airport Cyber Attack Simulation Application

Code Issues Pull requests Pipelines Packages Security Insights Wiki Settings
AirportCyberSimulator / airport-cyber-sim-v2 / backend / data / infrastructure.json 14548 B · main
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
{
  "canvas": { "width": 1920, "height": 1080, "map_width": 1460, "sidebar_width": 460 },
  "frameworks": {
    "caf": {
      "name": "NCSC Cyber Assessment Framework (CAF) v3.2",
      "objectives": {
        "A": "Managing security risk",
        "B": "Protecting against cyber attack",
        "C": "Detecting cyber security events",
        "D": "Minimising the impact of cyber security incidents"
      }
    },
    "csr_bill": {
      "name": "UK Cyber Security and Resilience Bill",
      "summary": "Extends NIS Regulations to designated critical infrastructure with mandatory 24/72-hour incident reporting and strengthened supply-chain and regulator powers."
    }
  },
  "nodes": [
    { "id": "atc_tower", "name": "ATC Tower", "type": "control", "icon": "atc", "x": 230, "y": 170, "impact": 0.85, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "D", "caf_principle": "D1 Response and Recovery Planning", "csr_duty": "Life-safety essential service; significant incidents reportable to the competent authority within 24 hours.", "insight": "Rehearsed failover and segregation of tower control systems are statutory resilience expectations." } },
    { "id": "runway_lighting", "name": "Runway Lighting", "type": "ot", "icon": "runway", "x": 130, "y": 350, "impact": 0.80, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "B", "caf_principle": "B4 System Security (OT)", "csr_duty": "Airfield ground lighting OT must maintain integrity and segregation under the Bill's OT provisions.", "insight": "AGL control needs air-gapped or strongly segmented networks with signed firmware." } },
    { "id": "airplane_comms", "name": "Aircraft Comms", "type": "control", "icon": "comms", "x": 370, "y": 330, "impact": 0.82, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "C", "caf_principle": "C1 Security Monitoring", "csr_duty": "Interference with aeronautical communications triggers immediate CAA and competent-authority notification.", "insight": "Continuous RF/datalink monitoring is required to detect spoofing or jamming early." } },
    { "id": "power_subsystem", "name": "Power Subsystem", "type": "ot", "icon": "power", "x": 200, "y": 560, "impact": 0.88, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "B", "caf_principle": "B5 Resilient Networks and Systems", "csr_duty": "Loss of primary power to essential services is a reportable resilience failure.", "insight": "Redundant supply and tested UPS/generator failover underpin every downstream service." } },
    { "id": "ev_charging_grid", "name": "EV Charging Grid", "type": "ot", "icon": "ev", "x": 130, "y": 730, "impact": 0.30, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "A", "caf_principle": "A4 Supply Chain", "csr_duty": "Internet-connected charging infrastructure falls within enhanced supply-chain due-diligence duties.", "insight": "Smart-charging OT must be isolated from the core power management network." } },
    { "id": "ground_support_trackers", "name": "Ground Support Trackers", "type": "ot", "icon": "gps", "x": 300, "y": 845, "impact": 0.35, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "C", "caf_principle": "C2 Proactive Security Event Discovery", "csr_duty": "Fleet telematics compromise affecting turnaround is a reportable operational incident.", "insight": "GSE tracking should authenticate devices and rate-limit telemetry ingestion." } },
    { "id": "security_screening", "name": "Security Screening", "type": "security", "icon": "security", "x": 560, "y": 170, "impact": 0.60, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "B", "caf_principle": "B2 Identity and Access Control", "csr_duty": "Access-control failures at screening are reportable and subject to enhanced assurance duties.", "insight": "Badge/biometric systems demand least-privilege, MFA and rapid credential revocation." } },
    { "id": "identity_db", "name": "Identity Store", "type": "data", "icon": "identity", "x": 770, "y": 150, "impact": 0.50, "data_sensitive": true, "flat_fine": 2000000,
      "compliance": { "caf_objective": "B", "caf_principle": "B2 Identity and Access Control", "csr_duty": "Compromise of the identity store is notifiable under UK GDPR and the Bill.", "insight": "Privileged access to the IAM directory is the crown-jewel target; tier and PAM it." } },
    { "id": "boarding_gates", "name": "Boarding Gates", "type": "service", "icon": "boarding", "x": 980, "y": 190, "impact": 0.50, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "B", "caf_principle": "B3 Data Security", "csr_duty": "Biometric override at the gate is a reportable integrity incident.", "insight": "Gates must fail-secure and validate against a tamper-evident identity source." } },
    { "id": "electronic_doors", "name": "Electronic Doors", "type": "service", "icon": "door", "x": 600, "y": 350, "impact": 0.40, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "B", "caf_principle": "B2 Identity and Access Control", "csr_duty": "Physical access controller compromise is a reportable safety and security incident.", "insight": "Door controllers should sit on a dedicated VLAN isolated from building management." } },
    { "id": "cctv_network", "name": "CCTV Network", "type": "security", "icon": "cctv", "x": 820, "y": 330, "impact": 0.35, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "C", "caf_principle": "C1 Security Monitoring", "csr_duty": "Loss of surveillance coverage degrades detection duties and is reportable.", "insight": "Camera estates need firmware management and isolation from corporate VLANs." } },
    { "id": "loading_bay", "name": "Loading Bay", "type": "ot", "icon": "loading", "x": 1040, "y": 350, "impact": 0.30, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "A", "caf_principle": "A4 Supply Chain", "csr_duty": "Cargo dock control systems are within strengthened third-party assurance scope.", "insight": "Dock automation must authenticate integrations and log physical overrides." } },
    { "id": "passenger_services", "name": "Passenger Services", "type": "data", "icon": "services", "x": 1240, "y": 170, "impact": 0.55, "data_sensitive": true, "flat_fine": 2500000,
      "compliance": { "caf_objective": "B", "caf_principle": "B3 Data Security", "csr_duty": "Exposure of passenger PII is notifiable to the ICO and competent authority.", "insight": "Customer records require encryption at rest, tokenisation and strict access tiering." } },
    { "id": "frequent_flyer_db", "name": "Frequent Flyer DB", "type": "data", "icon": "loyalty", "x": 1330, "y": 340, "impact": 0.40, "data_sensitive": true, "flat_fine": 1800000,
      "compliance": { "caf_objective": "B", "caf_principle": "B3 Data Security", "csr_duty": "Loyalty PII and payment tokens breached triggers UK GDPR notification.", "insight": "Segregate loyalty stores from operational systems; monitor bulk export." } },
    { "id": "border_control_api", "name": "Border Control API", "type": "data", "icon": "border", "x": 1200, "y": 480, "impact": 0.65, "data_sensitive": true, "flat_fine": 3000000,
      "compliance": { "caf_objective": "B", "caf_principle": "B2 Identity and Access Control", "csr_duty": "Advance Passenger Information interfaces are national-security-sensitive and reportable within 24 hours.", "insight": "APIs to Border Force require mutual TLS, strict allow-listing and anomaly detection." } },
    { "id": "check_in", "name": "Check-in Systems", "type": "service", "icon": "checkin", "x": 600, "y": 560, "impact": 0.55, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "B", "caf_principle": "B5 Resilient Networks and Systems", "csr_duty": "Departure Control outages degrading essential services are reportable within 72 hours.", "insight": "Shared network drives are a classic lateral-movement path; segment east-west traffic." } },
    { "id": "hvac_systems", "name": "HVAC / BMS", "type": "ot", "icon": "hvac", "x": 850, "y": 560, "impact": 0.35, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "B", "caf_principle": "B4 System Security (OT)", "csr_duty": "Internet-facing BMS with default credentials breach baseline OT security duties.", "insight": "Rotate device credentials and remove smart-building devices from public exposure." } },
    { "id": "ticketing_db", "name": "Ticketing DB", "type": "data", "icon": "ticketing", "x": 1310, "y": 560, "impact": 0.45, "data_sensitive": true, "flat_fine": 1200000,
      "compliance": { "caf_objective": "B", "caf_principle": "B3 Data Security", "csr_duty": "Payment and reservation data exposure is notifiable to the ICO.", "insight": "Payment gateway APIs must be tokenised and isolated from customer-facing sync." } },
    { "id": "retail_pos", "name": "Retail POS", "type": "service", "icon": "retail", "x": 1120, "y": 650, "impact": 0.10, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "A", "caf_principle": "A4 Supply Chain", "csr_duty": "Vendor-managed POS is within enhanced third-party assurance scope.", "insight": "Vendor remote-support accounts need MFA and phishing-resistant just-in-time access." } },
    { "id": "baggage_handling", "name": "Baggage Handling", "type": "ot", "icon": "baggage", "x": 430, "y": 720, "impact": 0.45, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "B", "caf_principle": "B4 System Security (OT)", "csr_duty": "BHS is designated OT; removable-media controls are a Bill supply-chain requirement.", "insight": "Removable-media policy and OT allow-listing prevent USB-borne ingress." } },
    { "id": "logistics", "name": "Logistics / Cargo", "type": "ot", "icon": "logistics", "x": 620, "y": 760, "impact": 0.40, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "A", "caf_principle": "A4 Supply Chain", "csr_duty": "Third-party routing APIs fall under strengthened supply-chain duties.", "insight": "Automated routing APIs must authenticate and rate-limit to contain spread." } },
    { "id": "terminal_access", "name": "Terminal Access", "type": "service", "icon": "terminal", "x": 1000, "y": 720, "impact": 0.45, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "B", "caf_principle": "B2 Identity and Access Control", "csr_duty": "Terminal access-controller compromise is a reportable safety incident.", "insight": "Keep door/lift controllers on a dedicated VLAN isolated from the BMS." } },
    { "id": "public_wifi", "name": "Public Wi-Fi", "type": "service", "icon": "wifi", "x": 1330, "y": 740, "impact": 0.15, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "B", "caf_principle": "B5 Resilient Networks and Systems", "csr_duty": "Guest-network breaches enabling data sync are reportable resilience failures.", "insight": "Guest Wi-Fi must be fully isolated from corporate and data-tier networks." } },
    { "id": "flight_displays", "name": "Flight Displays (FIDS)", "type": "service", "icon": "display", "x": 560, "y": 910, "impact": 0.40, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "B", "caf_principle": "B3 Data Security", "csr_duty": "FIDS integrity failures causing passenger misdirection are reportable.", "insight": "Display feeds must be signed and rendered read-only at the endpoint." } },
    { "id": "pa_audio_system", "name": "PA Audio System", "type": "service", "icon": "speaker", "x": 770, "y": 900, "impact": 0.30, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "B", "caf_principle": "B2 Identity and Access Control", "csr_duty": "Unauthorised PA broadcast is a reportable public-safety integrity incident.", "insight": "Announcement systems need authenticated operator consoles and message allow-lists." } },
    { "id": "airport_mobile_app", "name": "Airport Mobile App", "type": "service", "icon": "mobile", "x": 980, "y": 900, "impact": 0.25, "data_sensitive": false, "flat_fine": 0,
      "compliance": { "caf_objective": "A", "caf_principle": "A4 Supply Chain", "csr_duty": "Defaced passenger-facing apps causing misinformation are reportable.", "insight": "Harden app CDNs and back-end APIs; monitor for content-integrity tampering." } }
  ],
  "links": [
    { "source": "baggage_handling", "target": "check_in" },
    { "source": "check_in", "target": "logistics" },
    { "source": "hvac_systems", "target": "terminal_access" },
    { "source": "terminal_access", "target": "atc_tower" },
    { "source": "retail_pos", "target": "ticketing_db" },
    { "source": "ticketing_db", "target": "public_wifi" },
    { "source": "security_screening", "target": "identity_db" },
    { "source": "identity_db", "target": "boarding_gates" },
    { "source": "atc_tower", "target": "runway_lighting" },
    { "source": "runway_lighting", "target": "airplane_comms" },
    { "source": "flight_displays", "target": "pa_audio_system" },
    { "source": "pa_audio_system", "target": "airport_mobile_app" },
    { "source": "electronic_doors", "target": "cctv_network" },
    { "source": "cctv_network", "target": "loading_bay" },
    { "source": "passenger_services", "target": "frequent_flyer_db" },
    { "source": "frequent_flyer_db", "target": "border_control_api" },
    { "source": "ev_charging_grid", "target": "power_subsystem" },
    { "source": "power_subsystem", "target": "ground_support_trackers" },
    { "source": "power_subsystem", "target": "runway_lighting" },
    { "source": "atc_tower", "target": "airplane_comms" },
    { "source": "security_screening", "target": "electronic_doors" },
    { "source": "identity_db", "target": "passenger_services" },
    { "source": "check_in", "target": "flight_displays" },
    { "source": "terminal_access", "target": "hvac_systems" },
    { "source": "boarding_gates", "target": "check_in" },
    { "source": "cctv_network", "target": "atc_tower" },
    { "source": "border_control_api", "target": "ticketing_db" },
    { "source": "loading_bay", "target": "logistics" },
    { "source": "airport_mobile_app", "target": "public_wifi" },
    { "source": "ground_support_trackers", "target": "baggage_handling" },
    { "source": "frequent_flyer_db", "target": "retail_pos" },
    { "source": "pa_audio_system", "target": "terminal_access" }
  ]
}