Airbus Looks to Acquire Atos Cybersecurity Unit for Nearly $2 Billion
One of the world's largest aerospace companies is eyeing a cybersecurity upgrade.
January 4, 2024
Aerospace giant Airbus and French IT services company Atos are opening negotiations for a potential sale of Atos' Big Data and Security (BDS) business.
Following a stock-boosting Dec. 15 leak to Reuters, in a Jan. 3 market update, Atos revealed that it had, in fact, received two letters of interest in BDS, with Airbus' encompassing the entire business at a valuation between €1.5 and 1.8 billion (around $1.65 to $2 billion). The offer is nonbinding, and the talks are preliminary.
Any future deal will be long in the making. Airbus has been eyeing Atos' cybersecurity arm since at least March 2022, having previously made an offer for a 29.9% stake in Atos parent division Evidian before abandoning the plan. At the time, Atos wrote that "combining Airbus' capabilities with Evidian's global leading position in managed security services and supercomputing would create a unique European actor in cybersecurity solutions and in the digitalization of the defense sector, public safety and critical national infrastructure."
An Airbus spokesperson confirmed that the company has made moves to acquire Atos's BDS business via a "non-binding proposal."
"Discussions are at an early stage and remain subject to due diligence. There can be no certainty that they will result in any agreement or transaction," the spokesperson said in a statement provided to Dark Reading. "The acquisition of BDS could significantly accelerate the digital transformation of Airbus, enhance the Company’s defense and security portfolio with strong capabilities in cyber, advanced computing and artificial intelligence, and support Airbus’ decarbonization roadmap."
The Need for Custom Aviation Security
"This potential M&A deal demonstrates the criticality of developing cybersecurity solutions and bridging the needed gap between aviation and general enterprise industries," says Avi Tenenbaum, CEO of Cyviation, a commercial airline cybersecurity company. But he questions whether general cybersecurity can get the job done for an organization in such a specialized industry.
"Atos' cyber division is addressing general IT and not specific aircraft-related cybersecurity solutions. Unique solutions addressing cybersecurity needs in aircraft and fleets will be needed as attack events intensify and get closer and closer to the aircraft," he stresses.
Indeed, Airbus has already suffered its share of security lapses in recent years, not uncommon to the industry as a whole, leading some to put a brighter spotlight on this most safety-critical industry.
"There is cyber risk across the entire aviation supply chain, from the systems and services used by airport security to the communication networks between airplanes and air traffic control," explains Marty Edwards, VP of OT security at Tenable. "As aviation embraces digital transformation, the interconnected nature of these systems increases the attack surface, demanding stringent cybersecurity measures."
In the US, one development aimed at tackling the specifics of aviation security is the Transportation Security Administration's (TSA) brand new set of requirements for airport and aircraft operators. In the EU, there's Implementing Regulation 2023/203, a framework for managing information security risks in aviation, set to take effect in 2025-26. According to Tenenbaum, 2023/203 in particular "is likely to prompt fast adoption of cyber resilience measures by industry players, including the airlines."
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024