La gestion intégrée du risque de cyber-attaque sur la technique embarquée dans l'industrie du transport : analyse de la littérature et étude(s) de cas

Abstract

The era of digitization gave birth to embedded systems in the middle of the second half of the 20th century. Nowadays, these advanced systems provide the transport industry with indispensable advantages, particularly in terms of operational performance and safety. In particular, these embedded systems play an important role in the aerospace industry, helping to ensure the safety of passengers, whose numbers have been rising sharply for over a decade. Nevertheless, these major technological advances present risks of cyber-attacks that can be profitable to certain malicious individuals and potentially have devastating consequences. It is therefore important for companies in the aerospace industry to implement risk management processes to deal with these cyber threats.

The aim of this study is to examine how the risks of cyber-attacks on embedded technology can be managed by companies in the aerospace industry.

To carry out this study, we studied risk management processes from 3 different perspectives. In the literature review, we first set out the risk management methodology developed by Chapman (theoretical perspective). We then conducted two semi-structured interviews to analyze the risk management process used by Thales Group (industry professional perspective) and the process used by the insurance company Ethias (insurance company perspective). Finally, we conducted a comparison of the 3 methodologies studied in this work.

Findings: Overall, the 3 methodologies go through stages with similar objectives. The differences lie in the tools used at each stage. The methodology used by Thales also differs from the other two by placing a strong emphasis on risk assessment and has been developed primarily to deal with cyber threats.