2024-10-05 –, Track 6 - Defend the Airport CTF
You are a new to the Airport IT staff at the IG International Airport Network Operations Center,
working your first holiday travel weekend. It has been a busy day managing the network with the
control tower reporting several small glitches. No alerts have been raised in the network, and
the glitches appeared to have been easily handled.
While taking your last break of the day, you decide to take a short walk around the concourse to
watch the sun set. Suddenly, your cell phone rings and the voice on the other end is a panicked
Control Tower Operator. A short time earlier, the tower had observed the runway lights turn off,
come back on, and are now randomly blinking. They also mentioned the Operator HMI (Human
Machine Interface) controlling the Runway Lighting system is non-responsive and they are
locked out of the Maintenance HMI to reboot the system. Time is critical – without the lights, the
planes circling the airport cannot land. With limited fuel stores, the planes are unable to divert to
another airport.
You sit down at your terminal to pull up the maintenance manual and troubleshoot the problem
only to discover you are locked out of your account. You are suddenly relieved that
management would not let you deploy security updates to the network because they feared
service interruptions may occur.
Once you regain access to the system and have all the reference material available, you bring
up the control logic for the runway lighting system on one screen and the HMIs on another and
quickly realize this is not a normal system failure. An unknown hacker or hacker group has
accessed and taken control of the system. They have manipulated the PLC’s (Programmable
Logic Controller) and impacted the HMIs.
Time is of the essence to restore operation to the Runway Lighting control system before the
planes run out of fuel.
Welcome to an IG Labs Cyber Capture The Flag (CTF) event where you will focus on the
essential Airport Runway Light SCADA/ICS system. Your mission, should you choose to accept
it: investigate the intrusion and restore control over the runway lights and the HMI. It is a race
against time to secure this critical infrastructure. Can you and your team rise to the occasion
and bring back normalcy to the airport?
Approximate amount of time to complete the activity: 30-45 minutes
Approximate skill level (beginner, intermediate, advanced): All Skill Levels
Equipment needed: None (all equipment is provided)
To register on the day of the conference, stop by the IG Labs table on 1st floor.