DayFR Euro

“Airbus has hundreds of cyberattacks per day”

LA TRIBUNE – Airbus did not wait for ChatGPT to adopt AI. How do you use it?

CATHERINE JESTIN : Airbus has been doing artificial intelligence for over 30 years. The very first applications were in the field of satellite imagery for the interpretation of images for civil but also military purposes with the OneAtlas product. More recently, we developed algorithms that allowed us to predict our customers' needs for spare parts on the A380 program over the next twenty years. The savings for the company are not limited to one or two million but represent massive gains in inventory optimization.

Another example, we have developed an assistant for our buyers to optimize purchasing transactions for raw materials such as platinum and aluminum, which we buy for Airbus but also for our suppliers, with delivery points and multiple manufacturing sources around the world. This optimization system makes it possible to order the right quantities, in the right quality, on the right date, while minimizing transport costs and carbon impact. These are two recent examples of classic artificial intelligence.

“Airbus did not wait for ChatGPT to start using artificial intelligence”

And more specifically in terms of generative AI?

What's interesting about generative AI is that it goes beyond the simple discussion of ” geeks » between the digital teams and the design office. It affects all functions of the company. Out of the hundreds of use cases considered, we selected ten promising uses, six of which are already in production. When a project works, it paves the way for the industrialization of many other similar cases.

Among the three most promising use cases, we can cite assistants for journeymen (apprentices in the industry) to find the information they need in thousands of pages of documentation, or assistants for our teams responding to customer technical questions by identifying similar incidents and solutions provided. This significantly reduces response time to customers. We also have an assistant for our lawyers to analyze and draft purchase contracts.

However, AI does not solve all problems: two projects failed and two others turned out to be more complex than expected. But projects in production have impressive returns on investment. Where projects such as the implementation of a new PLM (product life cycle management) or an ERP (enterprise resource planning) can take five to ten years, here we are talking about a few months.

Airbus is keen to develop responsible AI. What does this mean?

Responsible AI is based on several axes. It is above all human-centered: we seek to augment and not replace humans. This is the philosophy that is reflected in our charter of ethics on artificial intelligence. Each use case is assessed in terms of risks to people, device security, carbon footprint and financial cost. An ethics committee, made up of all company functions, reviews these cases to ensure compliance with regulations, such as the EU AI Act. Airbus must also comply with American and Chinese legislation since we are present in all of these territories.

How does Airbus manage the ongoing risk of cyberattacks?

Cybersecurity is a major issue, and the only one that sometimes keeps me up at night. We face hundreds of attempted attacks per day. Our systems are monitored 24 hours a day by our Security Operations Center (SOC). In the event of a proven attack, our CERT team (center emergence response team) intervenes. For three years, we have also carried out simulations two to three times a year to test our ability to restart the company in the event of total destruction of our IT system. We must study how to resume production, customer support, delivery of devices, the design office, cash flow, purchasing, etc.

Certain sophisticated attacks require the deployment of reconstruction teams within Airbus but also within our supply chain, as happened for a supplier in Germany or when Satys (leader in painting new aircraft, also present at Aeroforum, Editor's note) was attacked. When one of our subcontractors is on the ground for 5 to 6 weeks, the impact on Airbus is practically over twelve months since it affects the entire value chain. And since Airbus is at the end of the chain, the repercussions can be considerable.

How can we help suppliers, who do not have the same resources as Airbus, to upgrade in terms of cybersecurity?

We work extensively with our suppliers within the framework of Gifas (aeronautical and space industry group) with the Air Cyber ​​service, which offers self-assessment questionnaires and support offers to achieve bronze, silver or gold certifications. We organize numerous virtual and physical seminars to raise awareness across the entire chain, particularly SMEs for whom cybersecurity is not always a priority.

I am lucky to have a team of 3,500 people, who, even if they do not all deal with cybersecurity, are aware of it. We know that not everyone has these means. However, the 13 essential cybersecurity measures highlighted in the booklet published by ANSSI (National Agency for Information Systems Security) represent an investment of only a few thousand euros for a company. Many have not put in place these very simple measures which provide initial protection. With Gifas, we are in the process of bringing together all the players in the sector to inform them of attacks targeting our sector. This summer, we faced a campaign from North Korea, where sophisticated recruitment sites, imitating those of Airbus or Safran, were created to steal personal information.

-

Related News :