With the increasing digitisation of industrial systems, our cars, trains and even critical infrastructure depend on software and connections to function. This convergence of the physical and digital worlds makes the issue of protecting them from cyber threats more fundamental than ever. It is no longer just a question of securing computer networks, but the products themselves. This is the domain of product security architecture, an essential discipline for anticipating threats from the design stage onwards.
Yves Rutschle, an expert in product security architecture at Airbus Protect, shares his vision and experience in addressing this major challenge.
Having started his career in hardware and then software development for embedded systems, Yves Rutschle has spent the last 18 years defining and designing product security in the transport sector. From aeronautics to autonomous vehicles, he joined Airbus in 2016 to contribute his expertise. As an expert, he also plays a role as a trainer for new generations of consultants and collaborates with research laboratories to advance the state of the art in cybersecurity.
Product security consists of applying the principles of cybersecurity to physical products that incorporate IT systems. As Yves Rutschle explains, “All these products are equipped with computers that communicate with the outside world via the Internet or other systems. These communications are vectors of threats against which the product must protect itself.”
Security architecture comes into play right from the inception of a product. It involves designing a robust, integrated defence structure, taking into account the specific constraints of the product (resources, environment, cost). It is a proactive approach, far removed from a simple retrospective check.
A concrete example? “We participated in an industrial research consortium to define the security architecture of an autonomous freight train, which is now becoming a real product,” explains Yves Rutschle. This use case shows how security is designed upstream to ensure the reliability of a complex and critical system.
The main challenge in product security lies in accurately assessing risk. Not all threats and products are equal, and the approach must be rigorously adapted to the context.
Yves Rutschle uses a telling analogy to highlight this reality: “If you have a connected umbrella, the impact of a cyberattack on your object may not be very significant. If you operate a metro network in a large city, delays to your metro service due to a denial-of-service attack will have disruptive effects throughout the city.”
The challenge is therefore to define a level of security that is commensurate with the potential impact of a cyberattack. This requires a detailed risk analysis, a deep understanding of the customer’s business and the ability to strike the right balance between maximum protection and operational constraints.
Why trust Airbus Protect with such a critical mission? The group’s legitimacy is based on its long history and proven expertise.
“Airbus Protect began working in the field of product safety with aircraft safety at the same time that Airbus began securing its aircraft” emphasises Yves Rutschle. This represents nearly 25 years of experience in industrial and product safety, a field where safety requirements are at their highest.
This expertise, initially developed for aeronautics, is now shared with many other sectors. “We have been working with other industries for around 15 years to enable them to benefit from our own experience in aircraft security and its specificities,” he adds.
In conclusion, Yves Rutschle’s vision highlights a paradigm shift: security is no longer an add-on, but a fundamental pillar of the design of any connected product. Thanks to a tailor-made approach and expertise forged through contact with the most demanding systems, product security architecture is establishing itself as the cornerstone of digital trust in tomorrow’s physical world.
Cybersecurity Did you know that Europe is changing the rules of the data game? The Data Act ,(entered into force on 11 January 2024 and into application on 12 September 2025), is a major new regulation designed to make the European data economy more competitive. But what exactly is it, and how does it differ from […]
Read more
Cybersecurity As security architects, we’re responsible for laying the secure foundation for entire systems, encompassing software, hardware, networks, and critical processes. Our architectural decisions ripple throughout the system’s lifecycle, profoundly impacting not just performance, scalability, and maintainability, but, most importantly, the system’s inherent security. In today’s increasingly sophisticated digital landscape, building secure systems is no longer […]
Read more
Cybersecurity OT Security: Beyond compliance, a strategic imperative for critical infrastructure resilience In a world where our most critical infrastructures, from energy generation to the chemical industry, are increasingly connected, cybersecurity is no longer an option; it is an absolute necessity. Faced with threats that now target the physical world via digital means, OT security is [...]
Read more