CAE and cybersecurity: a perfect match

CAE has always been security-conscious, as also stated in the company's payoff, creating a safer world is part of its mission.

The topic has many facets. In the age in which we live, where cyberattacks on both companies and individuals are increasing exponentially, the focus is on cybersecurity.

From this perspective, CAE is committed to ensuring the utmost security for its customers. As far back as 2015. CAE was certified ISO/IEC27001 - Information security management systems, and subsequently also ISO/IEC 27017 - Code of practice for information security controls for cloud services, and ISO/IEC 27018 - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.

The company’s “Innovation and Technology” area, which carries out R&D activities but is also responsible for all the company's IT activities, is committed to adopting security and privacy policies by design, i.e. from the conception of each product, and to subsequently carrying out Vulnerability Assessment and Penetration Tests on all CAE applications and data loggers, i.e. vulnerability tests to protect data and privacy. This is a continuous process that allows the company to assure its customers that its products are always in line with the latest safety standards, in accordance with the OWASP guidelines. In particular, by using ZAP, one of the tools provided by OWASP.

In addition to being controlled as described above, the Compact line of data loggers have been developed with only secure protocols and firewalling rules to recognize and limit attacks, and they also implement the latest VPN technologies.

Last but not least, with regard to servers and control centre installations, CAE software uses Single Sign On (SSO) authentication technology. This technology allows users to access multiple applications with a single authentication, reducing the need to store and manage multiple credentials. The security benefits include greater protection against phishing attacks and more effective access management.

CAE is ready to comply with Directive (EU) 2022/2555 (NIS 2) by 28 February, as required of private organizations operating in essential sectors. This directive establishes a high common level of cybersecurity in the European Union, increasing the security of technological infrastructures and effectively combating the risks caused by cyber crime. NIS 2 is part of the European Commission's Digital Strategy to create a single market for secure and resilient products and services, and complements various European data protection and privacy regulations and guidelines, such as the General Data Protection Regulation (EU) 2016/679 (GDPR), the DORA Regulation, the ERC Directive, the Cyber Resilience Act and, at a national level, the National Cybersecurity Perimeter.


Back to the news index