ORNISEC

Consulting in aviation cybersecurity

AIRPORT TERMINAL AND ICT

ORNISEC

Description: 

ORNISEC is a leading company in the field of aviation cybersecurity. Its consultants, based in France and Morocco, work with the IT and technical departments of airports and airlines to strengthen their level of resilience in terms of cybersecurity and to comply with the legal and regulatory framework for the protection of aviation infrastructure. With several dozen airports and airlines supported in France and internationally, ORNISEC has extensive expertise in the air transport sector. This expertise allows us to offer pragmatic and tailored support to solve the most complex cybersecurity challenges facing the airline industry today.

Activités: 

ORNISEC offers a complete range of services in the field of information systems cybersecurity for the aviation sector:

Services for solution providers in the airline industry:

Upstream phase: Elaborate a roadmap and a commercial argument

  1. Carry out security audits on your products
  2. Carry out a study of the compliance of your products with airport regulations (3CF, PART-IS, NIS Directive, LPM, 2015/1998, etc.) - Elaborate the regulatory compliance file for each product
  3. Develop a risk analysis for each product
  4. Write a Security Assurance Plan (SAP) for each product - Business case
  5. Write your security policy

Development phase: Guarantee a robust security level of the developed products

  1. Implementation of a security integration process in the development cycle of your products
  2. Implementation of an automated audit to verify the security level of the code internally
  3. Training of developers in secure development best practices
  4. Implementation of a process for maintaining the security of your products once they are deployed in production
  5. Verification of security levels after correction

Presale phase: Assist you in demonstrating to your customers a good mastery of their cybersecurity issues

  1. Participation during the presale to the writing of a file of answers to cybersecurity requirements (of the customer and regulatory)
  2. Participation in the various exchanges with customers during the presale phase
  3. Carrying out cyber discussions with the client in consultation with your teams
  4. Assist the customer to understand the regulatory issues and how your products can help them on the subject

Operations phase: React quickly and effectively in the event of a cyber crisis to control the incident and limit the damage:

  1. Assist your teams in the event of a cyber crisis
  2. Provide cyber forensic expertise for the management of security incidents (analysis, correction, remediation, communication with the client, etc.)
  3. Development of a post-incident remediation action plan to avoid the reproduction of incidents

Services for airports/airlines:

Audit

  • Architecture audits
  • Configuration audits
  • Code audits
  • Penetration tests
  • Audit qualified PASSI of the ANSSI (In the process of qualification with CERTITRUST)

Consulting

  • Elaboration of security policies & procedures
  • Security expertise & integration
  • Security risk management
  • Security certification

Compliance

  • LPM compliance
  • RGPD compliance
  • NIS Directive Compliance
  • ISO27001 Compliance
  • HDS Compliance
  • RGS compliance
  • DGAC regulations

CISO and DPO assistance (SSI) 

  • Managing operational security
  • Implementing the security policies
  • Security expertise
  • Reporting and monitoring of projects
  • CISO coaching
  • Realization of the PIA - RGPD

Training & Awareness

  • Awareness: Program, Phishing, Workshops, MCQ
  • Training: CISO, S&R Administrator, industrial team, developer and project manager.

Cybersecurity crisis management

  • Preparation: BCP/ERP, Procedure (incident, crisis)
  • Exercise: Cybersecurity crisis simulation
  • Response: Forensic, Incident Response
Références: 

 

References:

Airport solution providers :

  • RESA, SMITHS DETECTION, OMNITECH, DETEKTIN, DAIFUKU,

Airports: (+40 airports in France, Canada, Africa)

  • Montreal Airport : cybersecurity consulting and auditing
  • Nice Airport : cybersecurity consulting and auditing
  • Guadeloupe Airport : CISO assistance

Airlines : (+5)

  • Transavia
  • Air Austral
  • Air Calin
  • ASL AIRLINES