Integration of a SACM process in a critical infrastructure environment

The targeting of critical infrastructure by cyberattacks is sadly nothing new and has even become more prominent over the years. Defending against these attacks requires a resilient cyber defence posture, which cannot be achieved without a thorough understanding of an organisations attack surface. To that end, IT-asset- and configuration-management systems are essential. This paper describes a case study of implementing such a system at an airport in the interest of increasing the attention of the scientific community towards asset- and configuration management. Furthermore, this paper will provide an overview over the process and the asset- and configuration management as well as the lessons learned during the process.