The ISH at Munich Airport: Mastering the challenges of an increasingly digitised world

Starting off with a bold strategic vision – fueled by the power of a five-star airport

Cyber-security represents a core success factor for all industries world-wide. Companies must make sure that their data, devices and processes are perfectly safeguarded against attacks from hackers, which often act as a well-organised “red team”, whose only aim is to pillage and destroy value. Yet, many companies are desperately competing for the best IT security experts to build up a powerful and effective defensive line and often struggle to find and keep enough experienced and qualified people.

As an operator of highly-critical infrastructure itself, the Munich Airport’s IT specialists decided to assume responsibility and take an active role in the cyber-security domain by launching the Information Security Hub (ISH). The ambition of the ISH is to create a state-of-the-art, highly immersive training, testing and simulation facility that combines a broad array of OT and IT infrastructure like smart building technologies, baggage handling systems as well as the latest common office devices to create a real-life environment for any kind of cyber-attack. Furthermore, the ISH also wants to establish a hub for IT professionals from different industries and professional backgrounds to form a coalition of experts against the threats from cyber-crime worldwide.

The strategic cornerstones of the ISH: Competence, collaboration and commitment

The portfolio of offerings at the ISH, from training, simulations, war games to network events and conferences is tailored to help organisations build up the right skillset, to enable and promote internal and cross-company collaboration and ensure highest employee engagement and retention. The ISH concept features a broad array of modules that cover all relevant cyber-security topics and expert levels to ensure that the IT security teams will be optimally equipped to fight off all major threats. Furthermore, all trainers are seasoned professionals (for example, from SecureLink, ERNW Insight and HvS-Consulting) that have first-hand hacking and defending experience to provide engaging hands-on knowledge in real-life scenarios that can be directly deployed at the participants’ workplace.

Bringing the vision to life with a full-fledged, fully adaptable CSR

A prime example of the way the ISH creates an exciting, highly innovative setting to share ideas, learn and cooperate with peers is the Cyber Simulation Range. The CSR integrates a broad spectrum of IT and OT elements to provide a highly-realistic training and testing environment which can easily be adapted to different systems and scenarios. This allows companies to either recreate their current IT infrastructure or to build potential alternatives and use these as a stage for immersive simulations where their staff can access the integrated tools of a high-end SOC/CDC technology stack to detect, assess and respond to threats along field-tested playbooks. Thanks to this flexibility and realism, the CSR helps to impart profound knowledge on the latest cyber-security topics and solutions while at the same time creating a highly engaging and motivating experience that goes beyond traditional training methods.

Moving forward in a powerful ecosystem of partners

The number of threats and ways to detect and exploit potential vulnerabilities in IT and OT systems grows exponentially – basically every day. At the same time, there is a constant flow of new hard- and software that need to be integrated into the facilities and processes of companies. To keep up with this pace, the ISH is following an open and vendor-agnostic approach to its own infrastructure and its continuous evolution. The goal is to collaborate with a broad spectrum of security experts and partners from all sectors and constantly integrate new elements at the ISH – such as production facilities, logistics solutions and communication devices from various providers as well as an extensive array of cloud-based and on-premise software solutions. This will help to maintain the state-of-the-art environment at the ISH and at the same time enable providers to stress-test their hardware and software during trainings and simulations; further improving their resilience against cyber-attacks.

This is only one of many ways how the ISH acts as an enabler of cross-functional, cross-company and cross-industry collaboration and open knowledge transfer – aiming to create a community of highly committed experts who apply their IT security skills and enthusiasm at their workplaces and fight off the “red teams” in the world.

Biography

Marc Lindike, Head of Information Security Assurance (Cyber Defence) and Head of ISH – Service Division IT, Munich Airport, has more than 20 years of professional experience in IT security.