Catalyst / admin/AirportCyberSimulator 14.8 GB / 57.8 GB 40.0 GB free
Help Sign in

admin / AirportCyberSimulator

public

Airport Cyber Attack Simulation Application

Code Issues Pull requests Pipelines Packages Security Insights Wiki Settings
AirportCyberSimulator / airport-cyber-sim / README.md 3836 B · main
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# Airport Cyber Resilience Simulator

An interactive, kiosk-grade cyber-attack simulation for critical airport
infrastructure. A server-authoritative FastAPI engine steps through data-driven
attack playbooks — showing the **point and method of ingress**, timed **lateral
spread**, and the operational **trade-offs** of every defensive decision — while
an immersive dark command-center UI renders it at 60fps.

## Quick start (Docker)

```bash
docker compose up --build
# open http://localhost:8000
```

## Quick start (local)

```bash
cd backend
pip install -r requirements.txt
uvicorn main:app --host 0.0.0.0 --port 8000
# open http://localhost:8000
```

## Helper scripts

Wrappers around `docker compose` so you don't have to remember flags.

**Windows (PowerShell):**

```powershell
.\sim.ps1 up        # build + start in background  ->  http://localhost:8000
.\sim.ps1 logs      # tail logs
.\sim.ps1 status    # container + health state
.\sim.ps1 rebuild   # clean no-cache rebuild
.\sim.ps1 open      # open the kiosk in the browser
.\sim.ps1 down      # stop + remove
```

**macOS / Linux / WSL (make):**

```bash
make up        # build + start in background
make logs      # tail logs
make health    # show health status
make rebuild   # clean no-cache rebuild
make down      # stop + remove
```

## Architecture

| Layer          | Tech                                   | Responsibility                                            |
|----------------|----------------------------------------|-----------------------------------------------------------|
| Backend        | Python · FastAPI · WebSockets          | State machine, timed spread engine, mitigation trade-offs |
| Frontend       | HTML5 SVG · CSS · GSAP (vendored)      | Kiosk map, 60fps particle/halo animation, overlays        |
| Config layer   | JSON in `backend/data/`                | Nodes, links, playbooks, compliance — **no code changes** |

Everything is **data-driven**: to add a node, link, playbook or compliance
mapping, edit the JSON in `backend/data/` — the engine and UI adapt automatically.
`docker-compose.yml` mounts `backend/data` read-only so config edits hot-reload
without rebuilding the image.

## Data files

- `data/infrastructure.json` — 14 airport services, their positions, capacity
  weights, icons and interdependency links.
- `data/playbooks.json` — 5 attack scenarios, each with `ingress_point`,
  `ingress_method`, `ingress_icon` and a timed `spread_events` array.
- `data/compliance.json` — maps every node to an NCSC **CAF** objective/principle
  and a **UK Cyber Security and Resilience Bill** statutory duty.

## Simulation model

Live metrics: **Security Integrity (%)**, **Operational Capacity (%)**,
**Financial / Reputational Loss (£)**.

Mitigations (per compromised node):

| Option            | Effect on spread            | Node capacity | Cost profile              |
|-------------------|-----------------------------|---------------|---------------------------|
| A · ISOLATE NODE  | Severs links, stops instantly | → 0%        | High operational loss     |
| B · REDUCE TRAFFIC| Slows spread by 80%          | → 40%        | Moderate operational loss |
| C · STOP ATTACK   | 15s patch; fails if the next spread beats the timer | unchanged | Heavy financial penalty |

## Kiosk behaviour

- Fixed 1920×1080 stage, auto-scaled to any display.
- Idle 90s → auto-reset to the **Attract Loop**.
- Hover/tap any node for details, mitigation, and a **Regulatory Insights** tab.

## WebSocket protocol (`/ws`)

Client → server: `{action:"start", playbook_id}` · `{action:"mitigate", node, option}` · `{action:"reset"}`
Server → client: `sim_start`, `ingress`, `compromised`, `spread`, `spread_blocked`,
`mitigation`, `patch_start`, `patch_complete`, `metrics`, `sim_complete`, `reset`.