One of the world’s largest aerospace companies is eyeing a cybersecurity upgrade.
January 4, 2024
Aerospace giant Airbus and French IT services company Atos are opening negotiations for a potential sale of Atos' Big Data and Security (BDS) business.
Following a stock-boosting Dec. 15 leak to Reuters, in a Jan. 3 market update, Atos revealed that it had, in fact, received two letters of interest in BDS, with Airbus' encompassing the entire business at a valuation between €1.5 and 1.8 billion (around $1.65 to $2 billion). The offer is nonbinding, and the talks are preliminary.
Any future deal will be long in the making. Airbus has been eyeing Atos' cybersecurity arm since at least March 2022, having previously made an offer for a 29.9% stake in Atos parent division Evidian before abandoning the plan. At the time, Atos wrote that "combining Airbus' capabilities with Evidian's global leading position in managed security services and supercomputing would create a unique European actor in cybersecurity solutions and in the digitalization of the defense sector, public safety and critical national infrastructure."
An Airbus spokesperson confirmed that the company has made moves to acquire Atos's BDS business via a "non-binding proposal."
"Discussions are at an early stage and remain subject to due diligence. There can be no certainty that they will result in any agreement or transaction," the spokesperson said in a statement provided to Dark Reading. "The acquisition of BDS could significantly accelerate the digital transformation of Airbus, enhance the Company’s defense and security portfolio with strong capabilities in cyber, advanced computing and artificial intelligence, and support Airbus’ decarbonization roadmap."
"This potential M&A deal demonstrates the criticality of developing cybersecurity solutions and bridging the needed gap between aviation and general enterprise industries," says Avi Tenenbaum, CEO of Cyviation, a commercial airline cybersecurity company. But he questions whether general cybersecurity can get the job done for an organization in such a specialized industry.
"Atos' cyber division is addressing general IT and not specific aircraft-related cybersecurity solutions. Unique solutions addressing cybersecurity needs in aircraft and fleets will be needed as attack events intensify and get closer and closer to the aircraft," he stresses.
Indeed, Airbus has already suffered its share of security lapses in recent years, not uncommon to the industry as a whole, leading some to put a brighter spotlight on this most safety-critical industry.
"There is cyber risk across the entire aviation supply chain, from the systems and services used by airport security to the communication networks between airplanes and air traffic control," explains Marty Edwards, VP of OT security at Tenable. "As aviation embraces digital transformation, the interconnected nature of these systems increases the attack surface, demanding stringent cybersecurity measures."
In the US, one development aimed at tackling the specifics of aviation security is the Transportation Security Administration's (TSA) brand new set of requirements for airport and aircraft operators. In the EU, there's Implementing Regulation 2023/203, a framework for managing information security risks in aviation, set to take effect in 2025-26. According to Tenenbaum, 2023/203 in particular "is likely to prompt fast adoption of cyber resilience measures by industry players, including the airlines."
Nate Nelson, Contributing Writer
Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" — an award-winning Top 20 tech podcast on Apple and Spotify — and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.
You May Also Like
2024 API Security Trends & Predictions
What’s In Your Cloud?
Everything You Need to Know About DNS Attacks
Tips for Managing Cloud Security in a Hybrid Environment
Top Cloud Security Threats Targeting Enterprises
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Cyber Resiliency 2023: How to Keep IT Operations Running, No Matter What
Passwords Are Passe: Next Gen Authentication Addresses Today’s Threats
The State of Supply Chain Threats
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Threat Terrain of the Modern Factory: Survey of Programmable Assets and Robot Software
IT Zero Trust vs. OT Zero Trust: It’s all about Availability
The OT Zero Trust Handbook: Implementing the 4 Cornerstones of OT Security
2023 Snyk AI-Generated Code Security Report
Buyer’s Guide: Choosing a True DevSecOps Solution for Your Apps on AWS
Black Hat Asia – April 16-19 – Learn More
Black Hat Spring Trainings – March 12-15 – Learn More
Cyber Resiliency 2023: How to Keep IT Operations Running, No Matter What
Copyright © 2024 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.
