Aerospace giant Airbus and French IT services company Atos are opening negotiations for a potential sale of Atos’ Big Data and Security (BDS) business.
Following a stock-boosting Dec. 15 leak to Reuters, in a Jan. 3 market update, Atos revealed that it had, in fact, received two letters of interest in BDS, with Airbus’ encompassing the entire business at a valuation between €1.5 and 1.8 billion (around $1.65 to $2 billion). The offer is nonbinding, and the talks are preliminary.
Any future deal will be long in the making. Airbus has been eyeing Atos’ cybersecurity arm since at least March 2022, having previously made an offer for a 29.9% stake in Atos parent division Evidian before abandoning the plan. At the time, Atos wrote that “combining Airbus’ capabilities with Evidian’s global leading position in managed security services and supercomputing would create a unique European actor in cybersecurity solutions and in the digitalization of the defense sector, public safety and critical national infrastructure.”
Dark Reading has reached out to Airbus for comment.
The Need for Custom Aviation Security
“This potential M&A deal demonstrates the criticality of developing cybersecurity solutions and bridging the needed gap between aviation and general enterprise industries,” says Avi Tenenbaum, CEO of Cyviation, a commercial airline cybersecurity company. But he questions whether general cybersecurity can get the job done for an organization in such a specialized industry.
“Atos’ cyber division is addressing general IT and not specific aircraft-related cybersecurity solutions. Unique solutions addressing cybersecurity needs in aircraft and fleets will be needed as attack events intensify and get closer and closer to the aircraft,” he stresses.
Indeed, Airbus has already suffered its share of security lapses in recent years, not uncommon to the industry as a whole, leading some to put a brighter spotlight on this most safety-critical industry.
“There is cyber risk across the entire aviation supply chain, from the systems and services used by airport security to the communication networks between airplanes and air traffic control,” explains Marty Edwards, VP of OT security at Tenable. “As aviation embraces digital transformation, the interconnected nature of these systems increases the attack surface, demanding stringent cybersecurity measures.”
In the US, one development aimed at tackling the specifics of aviation security is the Transportation Security Administration’s (TSA) brand new set of requirements for airport and aircraft operators. In the EU, there’s Implementing Regulation 2023/203, a framework for managing information security risks in aviation, set to take effect in 2025-26. According to Tenenbaum, 2023/203 in particular “is likely to prompt fast adoption of cyber resilience measures by industry players, including the airlines.”
