: 4 min
Safran steps up its cybersecurity expertise
On the ground and in the air, aircraft are exchanging ever-growing amounts of data with their outside environment: airlines, airports and satellites, not to mention the in-flight entertainment and internet connectivity they offer passengers today. With terrorism a constant threat, all these dataflows make aircraft more vulnerable to attack, and industry must confront this reality. "The more information that's shared, the more important it is to secure the systems that carry it," says Frédéric Gourjault, Safran's Chief Information Security Officer. "As well as protecting the integrity of data on the plane, we need to ensure that no individual can ever interfere with the flight controls to take control of the aircraft remotely or modify its flight plan, for example. We must also address the potential threat to our production facilities, which are increasingly digitized."
Because of the kinds of products we sell — flight control, navigation, engine control, braking and landing systems, etc. — Safran Electronics & Defense has developed advanced expertise in cybersecurity. "In my 30 years in this field, I've seen threats evolve," says Christian Haury, who leads the company's cybersecurity team. "Before the 2000s and the introduction of the Airbus A380, airliners weren't overly connected. Since then, they've become increasingly connected, so we must be constantly anticipating the risks, right from the start of the product development phase." His team, which will soon be expanding, already has a dozen senior system architects, who are especially knowledgeable when it comes to cybersecurity issues. The teams of secure network specialists, software developers and processing unit designers at the company's business units also have a wealth of cybersecurity-related expertise.
A multidisciplinary team
Safran has a central team of experts as well, with specialized knowledge of operating systems, networks, databases, forensics (for investigation of computer crime), encryption, cloud computing and embedded system security. Their role is to help Group companies raise their level of cyber-maturity and provide them with the shared resources they need, such as a new software development security platform to make our solutions more resistant to attack. "Cybersecurity encompasses a whole range of different skillsets," continues Frédéric Gourjault. "So Safran needs a strong multidisciplinary team, both centrally and at each company. There are lots of job openings in this field — and there will be more in the months ahead."
Protecting the integrity of our sites
While all Safran products need to be cyberprotected, our facilities are also at risk. Two measures to protect them are being scaled up, creating new recruitment opportunities. The first is the Security Operations Center (SOC), which has a team of analysts tasked with detecting and immediately responding to any security incident at a Group site. The second is a new team responsible for protecting our factories against possible computer-based attacks on our production machinery.
Because Safran's markets and the cyberthreat environment are evolving rapidly, our cybersecurity experts are constantly monitoring the latest developments, especially by attending conferences and events like the International Cybersecurity Forum and European Cyber Week. They're also involved in the EUROCAE1 and RTCA2 standards bodies in the aerospace sector, as well as professional forums such as the CCTA3 and EBIOS4 club. "We liaise regularly with startups specializing in cybersecurity, so we can benefit from their potential for innovation, as well as with engineering schools and laboratories active in this field, like the University of Cergy-Pontoise, UTC5, Esisar6, Télécom ParisTech7 and ENSEA8", concludes Christian Haury. A great way to make Safran's requirements known and spot future talent to expand our teams!
1. European Organization for Civil Aviation Equipment.
2. Radio Technical Commission for Aeronautics.
3. French council for air transport cybersecurity, created at France's national air transport conference in 2018 to better coordinate stakeholders across the sector.
4. IT risk analysis method in line with the recommendations of ANSSI, France's national agency for information system security.
5. Compiègne University of Technology, France.
6. École Nationale Supérieure en Systèmes Avancés et Réseaux, engineering school specializing in advanced systems and networks.
7. Engineering school specializing in all aspects of computer science and communication engineering.
8. École Nationale Supérieure de l'Electronique et de ses Applications, engineering school specializing in electronics.