ICT4CART Interview Series: meet Airbus CyberSecurity

  • Meet Airbus CyberSecurity: the company

Airbus CyberSecurity is a fully-owned subsidiary of Airbus providing high grade cybersecurity services and solutions for private and public actors, including governments, companies and critical infrastructure. Besides its mission to protect Airbus itself, Airbus CyberSecurity (ACS) has gained solid experience on military and national security projects. ACS is one of the trusted security actors selected by the French national authority for information security (ANSSI) to provide labelled security services to the French critical national infrastructure. With two other main facilities in the United Kingdom and Germany, Airbus CyberSecurity is by design a European player, capable to enforce standardization of cybersecurity solutions based both on general European standards and on specific national regulations. At the end of 2016, Airbus CyberSecurity has been awarded a frame contract to help protecting the IT systems of 17 European institutions and agencies as prime contractor of a European-wide consortium covering a wide range of cyber defence services. This is the most important contract of this type ever signed in Europe.

The ACS portfolio includes cybersecurity testing and training services, tailored design and integration, cyber defence as managed services such as Security Operation Centre (SOC), cryptography and trusted infrastructure. Through its industrial roots, Airbus CyberSecurity has significant expertise with manufacturing environments, platform security and the complex networks connecting such assets on the ground, in the air and in space.

  • AIRBUS in ICT4CART: what is your role?

The main role of Airbus CyberSecurity in the ICT4CART Project is to develop cybersecurity and data privacy solutions for connected automated vehicles with a high level of automation (up to 4). The proposed solutions comply with existing EU standards and regulations to be adopted by most of car makers.

To provide privacy and access control in the Connected and Automated Driving environment, Airbus CyberSecurity develops a role-based identity and access manager ensuring the secure communication of Intelligent Transport Systems and authorized as well as legitimate access to cloud services and Road-Side Units.

In ICT4CART, Airbus also proposes to bring cybersecurity situational awareness on deployed systems through a supervision centre. It assesses and reports vulnerabilities of large vehicles fleet and smart objects. It monitors anomalies too at the level of the authentication layer by collecting and correlating logs from the identity and access manager and the intelligent transport systems.

These two solutions will be demonstrated in real life conditions on German and Italian test sites through use-cases such as smart parking and lane merging.

  • What is the relevance of cybersecurity and privacy in the CAD (Connected and Automated Driving) world?

Car hacking is one of the most relevant examples to illustrate the significance of cybersecurity and privacy in the CAD world. Recently hackers have succeeded to take remote control of different types of vehicles and to interfere with the cars’ brakes, door locks, dashboard computer screen… So cybersecurity has become as important as more traditional safety features. That is why protection technologies, like Identity and Access Management, but also detection and response solutions, such as a supervision centre, are from now essential for the CAD world.

Moreover the EU General Data Protection Regulation (GDPR) demonstrates that privacy has become a major European concern, as it is the most important change in data privacy regulation in 20 years. In the CAD world, due to the communications between cars; cars and Road Side Unit (RSU); cars and cloud services, personal information and sensitive information are transferred, which can result in security and privacy breaches. So it is essential to ensure privacy in the CAD world using data anonymization among other solutions.

  • Which are the main challenges related to privacy and cybersecurity for automated vehicles?

Nowadays there are two main challenges related to privacy and cybersecurity for automated vehicles. The first one is to adjust existing technologies to CAD European standards and regulations: privacy and cybersecurity solutions providers have to update (or develop) technologies answering to automated vehicle constraints. An example is existing Identity and Access Management tools, which have to scale up to be able to manage the authentication and authorization of large vehicles fleet, to comply to EU regulations and to be interoperable with other solutions.

The second one is to define and enforce regulations to cover new risks related to privacy and cybersecurity attacks targeting the CAD world. For example, European standardization organisations will have to define how to manage certificates at a high level to ensure authentication continuity during roaming. Different actors like cybersecurity experts, car manufacturers or operators will have to collaborate together to define regulations.