SPECIAL SESSION

Andrea Chiappetta

Critical Infrastructure Protection and Cyber Security: toward the hybrid port and firmware security in the airport

Deep changes related to logistics and transports require the integration of physical and cyber security aspects.

Two concepts that for several times were considered on separate path that need to be merged and considered as single issue. Therefore physical security aspects was more developed during these years without considering the important role played by the IT without considering the role of networks and infrastructures related. This workshop intend to analyze the importance to show the vulnerabilities identified in the ports and airports and how these two critical infrastructures should be secured and overviewed by special governmental laws and introduce the importance of Public Private Partnership.

Ports and airports plays a fundamental role in the economic and social life of a nation, at EU level are regulated as critical infrastructure since 2008 as described in the EU directive 114 that aims for a more safe and secure crisis management.

During the presentation will be presented the concept of HYBRID PORT, otherwise the promotion of an innovative solution that will integrate the physical and cyber side in order to allow the several stakeholders active in the port operations (including the cyber vulnerability of the ships) to cooperate and better manage these growing threats.

Furthermore will be analyzed in deep a case study about firmware security concerning IP CAMS in airports and exploitation possibilities and how it could lead to a privilege escalation and C&C hijacking.

The main objects is to provide results gained during research and development on filed executed by ASPISEC and give political recommendations to government and institution on cyber threats that could affect the transport sector with huge impact on markets, business and logistics also compliant with the EU directive 1148/2016 related to Network and Information Security (NIS).