In March 2022, Safran and the French air and space force jointly took part in DEFNET, an annual armed forces exercise focusing on cyberdefense. The scenario: a Rafale loses both engines in mid-flight. Immediately, Safran teams stepped up to investigate the incident... This fully immersive operation was a chance for the teams to learn more about the risks of a cyberattack.
uring a patrol flight, a Rafale loses both its M88 engines. The pilot initiates the inflight restart procedure, but it fails, so he has to make an emergency landing. At Safran Aircraft Engines, an investigation team is immediately mobilized to analyze the sequence of events and identify the root cause. But just as they start work an identical incident happens to two Rafales flying in formation.
This was the scenario devised for DEFNET 2022 in March. All branches of the French military took part in the exercise, along with the main industry partners associated with national defense.
The Safran Aircraft Engines investigation team included all the functions involved in an M88 failure scenario — programs and engineering, product support and support engineering, risks, flight safety and the control system design office. An M88 control unit expert from Safran Electronics & Defense also took part in the exercise.
On the first day, our technical experts noticed inconsistencies in the results of the initial analyses. And on the second day, it was confirmed as a cyberattack. An IT security expert was called in, along with two product cybersecurity experts from Safran Electronics & Defense.
Their support helped the investigation team determine the cause of the cyberattack. A vulnerability (specially created for the exercise) allowed malware(1) to be introduced into the engine maintenance PC. This malware was able to compromise the functioning of the flight computers and cause the engines to shut down.
“The exercise was a big step forward in how we understand crisis situations. It invited participants to look beyond technical faults and consider the possibility of a malicious act at system level,” explains Pascale Mahieux, Product Security Officer, Safran Aircraft Engines. “It also highlighted the synergies between the various functions involved and showed how the effective interplay between conventional technical knowledge and cybersecurity expertise enabled us to deal with the attack in less than three days.”
(1) Any malicious software designed to infiltrate a computer without the user’s knowledge.
The French Ministry of the Armed Forces has been organizing annual DEFNET exercises since 2014, mobilizing all branches of the military as well as cybersecurity experts. The aim is to raise awareness of cyber risks, foster collaboration between the disciplines involved and drive progress in cyberdefense. DEFNET is growing from year to year. In 2022, the scenario focused on the 2024 Olympic Games against a backdrop of international tensions. During the 10-day exercise, the participants, including Safran, were faced with a series of incidents to resolve. These incidents really put them to the test, but also gave them a closer insight into cyberthreats, which are at the heart of current and future security issues.