2025-10-25 –, Track 5 - Regional Airport CTF
Blue Team
You are assigned to the Cybersecurity Team servicing four Regional Airports within the IG Labs Regional Airport System. The shift this evening started with routine checking status boards, reviewing threat alerts, and checking for any newly identified vulnerabilities that may have an impact on the system from both Information Technology (IT) and Operational Technology (OT) vectors.
Around midnight, the Control Tower Operator at the La Valoria regional airport had observed the runway lights turn off completely. A few seconds later, it was noticed that only a few of the lights came back on, though not enough to properly light the runway for inbound or outbound traffic. The operator also mentioned the Operator HMI (Human Machine Interface) controlling the Runway Lighting system is non-responsive and they are locked out of the Maintenance HMI to reboot the system. Without the lights, the planes circling the airport cannot land at La Valoria and flights are being diverted to other nearby airports.
You quickly alert the Cybersecurity Teams at Northbridge, Eldoria, and Fenmoor regional airports to the compromise of La Valoria airport and begin sharing what few details you have about the attack in the hopes the information will allow them to defend their respective airports and keep air traffic flowing smoothly.
As you sit down at your terminal to pull up the maintenance manual and troubleshoot the problem only to discover you are locked out of your account. You are suddenly relieved that management would not let you deploy security updates to the network because they feared service interruptions may occur. This should allow you to regain access through the GRUB command line interface.
Once you regain access to the system and have all the reference material available, you bring up the control logic for the runway lighting system on one screen and the HMIs on another and quickly realize this is not a normal system failure. An unknown hacker or hacker group has accessed and taken control of the system. They have manipulated the PLC (Programmable Logic Controller) and impacted the HMIs.
It is essential to restore operation to the Runway Lighting Control System quickly and ensure that the other regional airports your team is responsible for do not lose control of their systems and operations are able to continue without interruption.
Red Team(s)
Cybersecurity Teams are often heavily focused on securing Information Technology (IT) systems and devices but may not consider securing Operational Technology (OT) systems and devices. While OT systems and devices may be connected to IT systems, the type of data and protocols are different.
You start your day exploring OT system vulnerabilities and consider what chaos you could create. You see a report that the runway lighting system at one of the IG Labs Regional Airports has been compromised. The runway lights have lost sequencing and are flashing erratically and the operators have been locked out of the Human Machine Interface (HMI) which is preventing them from shifting to Maintenance Override Mode to take back control of the runway lighting system.
You start researching to learn more about the attack and the IG Labs Regional Airport System. There are no claims of responsibility and no evidence of a specific threat actor, so you do not have any leads as to the entry points or next steps to expect for the attack. Through your digging, you discover that there are four regional airports in the system and the same contract group constructed and configured each airport. You also note that the physical layout for the four airports is identical and wonder if the IT and OT systems are identical as well.
Satisfied that you have learned enough to add to the madness that has been created at La Valoria, you decide to launch an attack of your own.
Success will be determined by the ability to disrupt the control and operations of the Runway Lighting Systems for the IG Labs Regional Airports at the OT level. DoS and DDoS attacks are not permitted as the intent is to demonstrate an understanding of OT systems, their functionality, and protocols.
Additional registration is required on the day of the conference. Participants do not need to bring a laptop to participate.