Keynote SSTIC 2009 – Airbus

Presentation : Pascal ANDREI

In charge of safety aircraft at Airbus. This activity is relatively new; as an aside, the team was helped by a former "hacker" to secure their sites (satellites etc).

An important point of the presentation: the difference between Safety And Security

Safety Comply with regulations, manage breakdowns (temperatures, hardware failures, etc.), automatically send a breakdown report to the ground in case of damage, and generally everything related to the aircraft itself.

Security Protecting oneself from malicious acts. Much less regulated at present. The threats are diverse, ranging from illegal immigrants (people or luggage) to ground attacks (missiles).

But a new virtual threat is emerging (economic intelligence, attacks on the aircraft's information system), hacking of films shown on the aircraft, of the aircraft's signal lights, etc., but without impact on safety (safety).

To counter these new threats, measures are now being implemented, as in any information system. For example, a PKI is deployed on the A380s (all software is signed, as well as the passenger list and all information used on the aircraft's IS)

Penetration tests were carried out on this perimeter, which made it possible to highlight existing vulnerabilities, and to correct them to ensure the security of the devices.

In a more proactive approach, solutions for tracking passengers from ticket collection to their seats on the plane (video, facial recognition) are being studied. The aim is to interconnect the aircraft with the airport to share as much information as possible and enhance security on board.

The retroactive aspect is difficult to implement. (far too many devices deployed, old technologies), but safety is increasingly present, especially on new aircraft.

The issues are new, as are the technologies and the needs, requiring security teams at the forefront of information systems technology.