Laurent Barrillon on how Thales is delivering cybersecurity services to airlines
Hello Laurent, could you introduce yourself and tell us about your background?
If I were to sum up my story, I started my career as a developer for electronic encryption boards for use in the military communication system on the Syracuse 2 satellite with Thales when the Group was still known as Thomson-CSF. Between 2000 and 2012 I took on various different roles: software development for goniometry equipment; system engineering for MIDS-LVT software; management of projects; rollout of digital TV and AM radio emitters as well as for encryption modules on Galileo (European GNSS - Global Navigation Satellite System).
Then over the following eight years, I was responsible for cybersecurity sales on the space market. For example I worked on the Galileo program where Thales was in charge of developing the CSOC (Cyber Security Operations Center). Finally, at the end of the 2019, I joined the avionics business to help develop, promote and sell cybersecurity services dedicated to airlines.
Thales is recognized internationally for its cybersecurity expertise, in particular in the banking sector and defense. Why has the Group developed a set of services dedicated to airlines?
Let me answer this in three steps. Firstly, there is Thales expertise in aeronautics and cybersecurity. The Group works closely with a variety of stakeholders like airlines, airports, air traffic control, pilots and crews but also passengers. To illustrate this, consider that Thales is #1 in the world for air traffic management, #3 in the world on the avionics market, and #2 in the world for in-cabin in-flight entertainment and connectivity.
Thales is also a major player in cybersecurity. For example, 80% of banking transactions are secured by Thales. Cybersecurity is one of the four key technologies on which the Thales group is focused. In this area we draw on the skills of 5,000 critical IT engineers of whom 1,500 are dedicated solely to cybersecurity. Today, around the world, there are nearly 50 countries, including NATO members, who use our security products and solutions as well as 9 out of 10 global Internet giants. We also give our customers access to our five operational cyber monitoring centers, our Cert-IST and our cyberlab.
Secondly, there is our environment. Digitalization, and thus connectivity, in the aeronautics industry has immensely been beneficial to all stakeholders over the last 10 years, but it has also created new challenges. Beforehand planes were individual units in the sky, now they are all connected which has consequences. What I mean here is that the greater the connectivity with others (ground, other aircraft, soon even drones) the greater the possibilities of breaches.
Lastly, I now work for an international service dedicated to airline services, whose key activity is to help its customers optimize their operations. We propose maintenance services, equipment availability, parts trading but we also provide support in customers’ digital transformation. It is in this context that we felt it was perfectly logical to propose a new supply of cybersecurity services dedicated specifically to airlines. These services would combine both our knowledge of their operations, our aeronautics expertise, and our experience in cybersecurity as well as our desire to support our customers in achieving operations that are ever faster, more efficient and better secured.
What services do you therefore propose to airlines?
We generally work on flight security. As mentioned before, connectivity and digitalization has led to many benefits but it has also fostered new IT obstacles for airlines to overcome. And that is why regulations must also change in the aeronautics field. These new regulations must now take into consideration the continual increase in connectivity with the ground, in the cabin and in the cockpit, in order to ensure that when data is transferred or accessed the process is reliable and secure.
The airlines, for their part, must conform to the regulations and Thales has naturally put itself forward to accompany them since we are already participating in the update and modification of these regulations. Additionally, we are completely convinced that to limit the risks, the key is training and support for employees in the rapidly-evolving cybersecurity sector.
So, in summary, we offer a large range of services such as risk analysis, training, and support from our rapid response teams in case of incidents. We also provide solutions like systems analysis and data monitoring on airplane networks in addition to an intelligence service that covers threats and vulnerabilities.
How does this translate into your day-to-day activities? What does a typical day look like?
I don’t really have a typical day. Each day is different but it always based on my customers’ needs. My role is really rather cross-disciplinary and it is an aspect that I particularly enjoy so, I meet with customers, I propose adapted solutions to the challenges they face and, finally, I ensure that the projects underway are moving along nicely.
What would you say to someone to convince them to join your team?
If you like technical subjects like cybersecurity, you know how airline operations work, and you want to help customers to anticipate never before seen risks that are constantly changing all while participating in molding the aeronautics regulations of the future, then come join us!
Picture credit: Brice Lechevallier, Thales.