Aviation and cybersecurity
Enhanced protection of communication networks
It is customary to say that the aeroplane is the safest form of transport in the world. To ensure that the same adage applies to cybersecurity, Stormshield supports the aviation industry with trusted solutions that satisfy its protection challenges.
Aviation is a critical activity by nature, with high risks in the event of failure. If a production line or navigation systems are disrupted, or a third party takes remote control of drones or aircraft, the consequences can be disastrous. At both manufacturing and operational levels, the sector is also exposed to the risk of theft or alteration of data relating to passengers, or industrial or even military secrets. Given the possible consequences at human, economic and governmental level, the prevention of cyberattacks against network components – and also cyberattacks that target workstations – is a clear a priority.
With this in mind, our Stormshield Network Security (SNS) range of firewalls makes it possible to segment networks. It also prevents both known and unknown attacks by means of deep contextual analysis of industrial protocols (OTs) and allows for granular control of authorised messages as well as control of operational values through the implementation of custom patterns. The Breach Fighter option on our SNS firewalls, and our Stormshield Endpoint Security (SES) solution, are designed to block advanced attacks on endpoints (including ransomware).
Whether the aim is to keep a production line moving or to provide public Wi-Fi at the airport, there are an abundance of highly connected environments in the wider aerospace sector. It is therefore essential to ensure the best performance of these networks by implementing an available and resilient infrastructure, capable of withstanding a breakdown in particular.
Our SNS solutions deliver high availability thanks to an intrusion prevention system (IPS) optimised for low latency – and to their bypass functionality, which ensures operational reliability.
Are you looking for an extra-ruggedized network security solution? The SNxr1200 is a next-generation firewall made for tough environments, providing a much-needed higher level of security in communications. Its secure storage of secrets, IPS analysis of VPN flows and compliance with the Restricted Distribution (RD) mode ensure maximum protection for your most sensitive communications.
Industrial secrets, navigational data andeven defence instructions – a large amount of confidential information transits between aircraft, airports and industrial sites. In order to prevent its alteration or interception, it is essential to establish trusted communication channels. For example, our SNS firewall range's IPSec site-to-site VPN tunnel authenticates the data's origin and ensures its confidentiality and integrity. The SNS range also includes a physical secure storage module (TPM) and offers protection for Restricted data and networks.
To cope with temporary disconnections or changes in network links, our SNS firewalls allow multiple WAN accesses to be managed and links to be changed according to their availability (SD-WAN). Also, in the case of of temporary equipment downtime, our Stormshield Management Center (SMC) centralised management solution offers automatic deferred configuration deployment.
Temperature, humidity, pressure: aeroplanes, helicopters and aircraft factories are not like other spaces. In contrast to traditional IT environments, it is necessary to install the security devices as close as possible to the equipment to be protected, without a computer rack and in a physically constrained context.
For this reason, we have designed industrial firewalls with reinforced enclosures – the SNi20 and SNi40, which are easy to install and designed to adapt to your constraints.
All these infrastructures imply more or less urgent intervention needs. However, it is not always possible to provide immediate physical access to IT teams, or to the many contractors involved, involving varying levels of cyber awareness and trust. To enable them to connect remotely and securely, our SNS solutions feature SSL or IPSec mobile VPNs and user authentication on network flows. In addition, our SES solution offers context-sensitive workstation protection for mobile technicians.
In addition to its mobile fleets, the aeronautical industry has a significant geographical distribution of the equipment to be protected, with factories spread around the world and airports with multiple critical points (signage, security gates, baggage sorting, etc.). These sizeable infrastructures require a large team of administrators to easily deploy and manage security equipment and VPN keys.
To help them with deployment, our SMC solution offers the ability to pre-configure the SNS firewall(s) by saving settings on a USB stick. Thanks to this staging process, the firewalls can connect to their SMC central management server as soon as they are activated. SNS solutions also provide an API that can be controlled by various tools and has orchestration capability (Ansible, Python). More specifically, our SMC solution also includes VPN management (SD-WAN), filtering and the simultaneous administration of several firewalls.
As with any critical activity, aircraft manufacturers and operators must use products that are certified and qualified to strict standards. At national French level, many players in the sector are thus considered as “operators of vital importance” (OIVs) and must therefore comply with the requirements of France’s Military Planning Law (LPM). This list can be extended to the European level, with operators of essential services (OESs) being required to follow the recommendations of the Network and Information Security (NIS) directive. Finally, some classified information requires the use of NATO and EU Restricted Dissemination-certified solutions.
To satisfy these requirements in terms of confidentiality and trust, Stormshield solutions are certified and qualified to the highest European level. Using products with trusted certifications and credentials offers the best guarantee of effective cyber protection.