Thales Cyber and Consulting (TC&C) is the consulting arm of Thales, a global technology leader for the Aerospace, Transport, Space, Defence and Security markets. With 62,000 employees in 56 countries, Thales reported sales of €14 billion in 2015. With over 22,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements.
Its exceptional international footprint allows it to work closely with its customers all over the world. TC&C’s network of over 1500 technical experts offers unparalleled insight where our customers need it, and our long experience of business and management consultancy across the most competitive sectors means that we support our customers when they need it most.
Thales Cyber and Consulting Approach
Since 1989, TC&C has been working at both the global and local level to help customers successfully manage change. Instead of offering pre-packaged management services, TC&C works closely with customers –listening before we speak – to deliver the desired customer outcomes. Our approach depends on our customers’ requirements, and is built from three interlinking elements.
Our global team of experts help customers better understand their environment, operations, and their business. Whether they need enhanced expertise in systems engineering or programme delivery, the TC&C team is here to provide them with the improved capability they need to find and apply the right solutions.
Our clients know the value of TC&C’s independence: our clients look to us as a group and as a voice that they can trust in partnership.
Full Service Solution
Every operational environment involves multiple challenges. Thales Cyber and Consulting helps customers understand every part of their operation and their challenge context, and support in providing the solutions and services they need now, and in future.
Thales brings world-leading consultancy and expertise to the continuously evolving and expanding world of cyber security.
Our Cyber Security services focus primarily, but not exclusively, on supporting major global clients in defence, aerospace, critical national infrastructure and government agencies – for whom we identify and help resolve complex and industry-specific cyber challenges. With a core team of 120 cyber security experts, we offer five key capabilities:
1. Cyber Security
2. System Engineering and Safety
3. Human Factors
4. Training and Training Needs Analysis
5. Enterprise Transformation
To complement this, Thales has a global network of over 1,500 technical experts and specialist consultants, helping a diverse client portfolio that includes the UK Ministry of Defence, G4S, Hitachi, Network Rail and Williams F1.
Thales assumes a consultative role within major global organisations developing a clear and detailed overview of their various critical technology and communication platforms. From this, we will advise those organisations on how they can enhance the resiliency of their systems through technology investments, systems and hardware, and improved business practices such as risk management governance, policies and procedures.
We also take an informed look at our clients’ suppliers, helping to tighten cyber security throughout their supply chain. We have the capability and coverage to not only highlight and explain security issues in detail, but also to solve them with trusted and impartial expertise. Not only do we provide world-class cyber expertise, we also combine this with deep domain knowledge to find the right security solutions for our clients’ unique challenges.
Key to this is our Cyber Vulnerability Investigation which will identify those systems or services putting a client’s business resiliency at risk, and a Cyber Health Check, which assesses the maturity and effectiveness of a client’s cyber security approach. These services are not only applicable to the client’s IT systems but more importantly to their critical operational systems such as Industrial Control and Automation.
We also provide a proactive monitoring service through our Security Operation Centre (SOC) that will anticipate, detect, and react to cyber threats to a client’s critical IT and Industrial Control infrastructure.
Thales has a wealth of system engineering talent on hand to support major cyber security programmes and projects across and beyond its key sectors.
In addition to supporting defence and aerospace clients, Thales plays a crucial role in supporting critical national infrastructure projects such as power generation and rail networks. For this we utilise our Thales Risk Assessment Process (TRAP), to help infrastructure clients ensure that cyber security is built into established operational environments according to industry best practice and to meet increasingly strict and complex safety standards.
We have a strong track record in providing complex system engineering consultancy, and this is reflected in the major programmes we support. For example, Thales is currently supporting work on the Queen Elizabeth Class Carrier and Type 26 and Type 31 frigates for the Royal Navy, where cyber security must be designed into the solution as a core requirement.
Not only do we understand how to build security into a solution, but also how to ensure a platform can be securely maintained over its lifetime without impacting performance, reliability, or most importantly safety. Increasingly, Thales knowledge and experience is regularly sought to embed Secure-by-Design principles into system development lifecycles, incorporating cyber security at the planning and concept stages of an engineering project rather than retrofitting it to established systems. Cyber security is becoming an integral part of controlling and protecting complex mechanical systems, and we ensure that it is done correctly.
Cyber security compromises and cyber incidents are as often the result of human error as malicious attack. An innocent lack of understanding of an organisation’s culture, policies and procedures, can be riskier to a business’ security than a technical vulnerability. Securing a cyber-physical system that users interact with, requires not just a good technical understanding but also expert knowledge of ‘human factors’.
A key part of Thales’s human factors capability is the Cyber-Human Error Assessment Tool (CHEAT), which comprises a methodology of expertly developed interviews and questionnaires within an easy to use software tool.
CHEAT supports Thales’s engagement with specific parts of a client’s business and helps develop an understanding of the human influence on cyber security. It covers simple but crucial elements such as individuals’ awareness of how to spot phishing attacks, how to share and store sensitive information, and the day-to-day processes necessary to keep data and systems protected.
Based on this, we can identify key behaviours that need to change to improve security, and help focus training and workshops towards achieving that change whilst maintaining a client’s unique corporate culture.
Training and Training Needs Analysis
The way cyber-technology is used within a business is rapidly changing. As most cyber technology is ultimately used and maintained by people who don’t have the necessary skills to make use of it, it is people who can inadvertently inhibit a business from achieving their desired objectives.
We have long helped clients identify and understand what training they need to fully understand and better manage aspects of their cyber technology and security. Training Needs Analysis (TNA) is provided through our expert consultants, and we can also define the full training requirement and create all the materials needed to address that requirement. This service effectively ‘trains the trainer’ to deliver the most effective instruction on how to use and protect new systems and networks.
Many of our clients undergo ‘Digital Transformations’, using cyber technologies to make their businesses and solutions more efficient and generate new revenue streams. We assist these clients throughout this process ensuring they transform in a way that achieves their desired outcome.
Cyber security has to come hand in hand with this digital step-change in operations, and Thales’s Enterprise Transformation team is designed to support organisations at every step of their journey. It provides expert consultation based on experience at the highest level of mission-critical security and dependability, to give clients a full view of the associated risks and mitigations of the transformation journey.
Enterprise Transformation also highlights the organisational changes customers may need to make in preparation for successful and effective Digital Transformation projects. Where appropriate, we can embed experts into an organisation to lead and support such changes. Importantly, Thales takes a ‘trusted advisor’ role in such scenarios, and therefore remains product and vendor-agnostic throughout. In other words, Thales can help identify and support installation of the appropriate technology and hardware, that meets the needs of the digital transformation objectives.
The Thales difference
With world-leading expertise and decades of experience in sectors such as aerospace, defence and critical national infrastructure, where cyber security is arguably most crucial, Thales consultancy has excellent credentials for supporting clients in even the most complex industries. With a global reach – and experience in such a wide range of contexts and regulatory environments – we can manage cyber security needs with unrivalled capability and experience.
Thales is one of only a select few organisations to be accredited by the National Cyber Security Centre, to offer multiple Certified Cyber Security Consultancy services.
Thales Cyber and Consulting: Trusted. Global. Insight.
Pete Hoddinott, Managing Director
Phil Tulitt, Defence and Government Business Partner
Ben Vaughan, Critical National Infrastructure and B2B Business Partner
Steve Elmes, Thales Business Partner
350 Longwater Avenue, green Park, Reading, RG2 6GF
Canada, USA, Norway, Netherlands, Belgium, Italy, France, Hong Kong, Australia
We provide cybersecurity services to customers with the most stringent security requirements. Those include governmental customers, as well as Critical Infrastructure Providers such as banks, energy suppliers, telecom operators and large industrial companies.