Dutch aXite Security Tools Selected to Secure Operational Systems of American Airports

The AX-BOX Gatekeeper from the Dutch cyber security company aXite Security Tools has been selected by the Transportation Security Administration (TSA) agency. Because AX-BOX Gatekeeper has passed the selection procedure, more then 450 American airports can use the solution to secure their operational system. This allows airports to screen passengers and baggage more efficiently and safely. aXite Security Tools developed this OT-security product in collaboration with Schiphol, a great succes for our 'Partners for International Business (PIB) USA Programme' participant aXite.

Menno Cadee is the technical director of aXite Security Tools and as an electrical engineer he knows all about operational systems (OT) and the risks of linking OT to IT systems. This link is necessary because travelers want to book online, check in, register luggage, reserve a car. Cadee spent a lot of time with Ron Wever, baggage cluster manager at Schiphol. ‘We have done many projects together,’ says Wever. Close collaboration leads to innovations. In the Netherlands, we have many free thinkers and that is how we help each other. In this way we were able to develop the AX-Box Gatekeeper together.”

The AX-BOX Gatekeeper is an automated security system that can be lined to operational systems that are used by airports to screen baggage and passengers. The system uses advanced detection and analysis software to improve the security of airport system when checking passengers and baggage.

Making passengers and baggage systems more secure

With the adoption of the solution by the TSA, US airports can take advantage of the solution and make their passenger and baggage systems more secure. The TSA is an agency of the United States Department of Homeland Security (DHS) that has authority over the safety of the traveling public in the United States. With national, local and regional partners, the TSA oversees the security of highways, railroads, buses, mass transit systems, pipelines and ports. However, the bulk of the TSA's efforts are in aviation security.

Selection procedure

To be qualified, the AX-BOX Gatekeeper had to pass a strict selection procedure. First, aXite Security Tools had to demonstrate its solution at the TSA System Integration facility in Arlington, Virginia. The goal of the demonstration was to see if the solution could detect and block unknown and dangerous traffic disrupting the activities of the Transportation Security Equipment at the airport. This demonstration was successful, after which it passed a three-week testing period conducted by the TSA's Innovation Task Force (ITF). The ITF subsequently determined that the solution was capable of blocking traffic.

The selection of the AX-BOX Gatekeeper is one of the measures regarding the tightening of cyber security at airports, which the TSA recently announced. TSA Administrator David Pekoske: “Protecting our nationwide transportation system is our highest priority and TSA will continue to work closely with industry stakeholders to mitigate cyber risk and improve cyber resilience. In this way we can make safe and efficient travel possible.”

Bert Willemsen, Executive Vice President of aXite Security Tools. "We are proud that our AX-BOX Gatekeeper has been tested by the TSA. The use and connectivity of operational technology (OT) is rapidly increasing, as is the number of cyber-attacks against OT systems. These attacks can disrupt business operations and cause damage. In addition, it can jeopardize the safety of people and critical infrastructure, far beyond revenue and reputation. Making obsolete equipment safer is therefore an important task for aviation organisations. Our AX-BOX Gatekeeper can help with this.”

Zero-trust

Despite all that, aXite Security Tools has not yet finished refining its security box. “We want to further expand the zero-trust functionality,” says Cadee. “We want to be able to display exactly which activities are carried out within a PLC or a PLC network. In addition, we want to make it easier to protect legacy PLCs.' There are still a lot of them, because a PLC is only written off when the end of service has been announced by the manufacturer or when it really stops working. And so there are still controllers with proprietary operating systems of which the manufacturer sometimes does not even remember how they work. The expectation is that this will be a challenge aXite Security Tools will have to deal with.

Source: Computable & Emerce (in Dutch)