Airbus Protect explains Product Security Architecture

When cybersecurity becomes integral to products, from aeroplanes to autonomous trains

With the increasing digitisation of industrial systems, our cars, trains and even critical infrastructure depend on software and connections to function. This convergence of the physical and digital worlds makes the issue of protecting them from cyber threats more fundamental than ever. It is no longer just a question of securing computer networks, but the products themselves. This is the domain of product security architecture, an essential discipline for anticipating threats from the design stage onwards.

Yves Rutschle, an expert in product security architecture at Airbus Protect, shares his vision and experience in addressing this major challenge.

Having started his career in hardware and then software development for embedded systems, Yves Rutschle has spent the last 18 years defining and designing product security in the transport sector. From aeronautics to autonomous vehicles, he joined Airbus in 2016 to contribute his expertise. As an expert, he also plays a role as a trainer for new generations of consultants and collaborates with research laboratories to advance the state of the art in cybersecurity.

Product Security Architecture: the digital shield of the physical world

Product security consists of applying the principles of cybersecurity to physical products that incorporate IT systems. As Yves Rutschle explains, “All these products are equipped with computers that communicate with the outside world via the Internet or other systems. These communications are vectors of threats against which the product must protect itself.”

Security architecture comes into play right from the inception of a product. It involves designing a robust, integrated defence structure, taking into account the specific constraints of the product (resources, environment, cost). It is a proactive approach, far removed from a simple retrospective check.

A concrete example? “We participated in an industrial research consortium to define the security architecture of an autonomous freight train, which is now becoming a real product,” explains Yves Rutschle. This use case shows how security is designed upstream to ensure the reliability of a complex and critical system.

The challenges: from simple connected objects to urban metro systems

The main challenge in product security lies in accurately assessing risk. Not all threats and products are equal, and the approach must be rigorously adapted to the context.

Yves Rutschle uses a telling analogy to highlight this reality: “If you have a connected umbrella, the impact of a cyberattack on your object may not be very significant. If you operate a metro network in a large city, delays to your metro service due to a denial-of-service attack will have disruptive effects throughout the city.”

The challenge is therefore to define a level of security that is commensurate with the potential impact of a cyberattack. This requires a detailed risk analysis, a deep understanding of the customer’s business and the ability to strike the right balance between maximum protection and operational constraints.

Airbus Protect’s expertise: an aeronautical heritage at the service of the environment and critical industries

Why trust Airbus Protect with such a critical mission? The group’s legitimacy is based on its long history and proven expertise.

“Airbus Protect began working in the field of product safety with aircraft safety at the same time that Airbus began securing its aircraft” emphasises Yves Rutschle. This represents nearly 25 years of experience in industrial and product safety, a field where safety requirements are at their highest.

This expertise, initially developed for aeronautics, is now shared with many other sectors. “We have been working with other industries for around 15 years to enable them to benefit from our own experience in aircraft security and its specificities,” he adds.

In conclusion, Yves Rutschle’s vision highlights a paradigm shift: security is no longer an add-on, but a fundamental pillar of the design of any connected product. Thanks to a tailor-made approach and expertise forged through contact with the most demanding systems, product security architecture is establishing itself as the cornerstone of digital trust in tomorrow’s physical world.