Cybersecurity has become a critical imperative across AAM industry, safeguarding sensitive data, protecting operational continuity, and mitigating risks in an increasingly digital ecosystem.
Embention addresses these challenges through a robust cybersecurity framework, including stringent internal security policies, ISO 27001 certification, and secure communication protocols for critical systems. This comprehensive approach demonstrates Embention’s commitment to excellence in risk management and secure operations.
Embention is certified under the ISO 27001, reinforcing its commitment to the highest standards of information security and privacy. This achievement demonstrates that the Information Security Management System (ISMS) meets the stringent requirements of this international standard. ISO 27001 compliance ensures the security of its infrastructure and systems, protecting both company and customer data.
The ISO/IEC 27001 standard provides best practices for establishing, implementing, maintaining and continually improving an information security management system. Embention has information systems that support all activities related to the design, development, manufacturing and support processes for unmanned autonomous vehicles (UAVs) and manned aircraft (eVTOL), ensuring the management of risks related to data security.
In addition, Embention meets the ISO9001 and EN9100 quality standards, which guarantee the highest quality and management standards in the aerospace industry. Also, develops its products under the strict DO178C, DO254 and DO160G certification standards. These certifications ensure that all its systems are reliable and safe for safety-critical operations, facilitating aircraft certification processes and meeting the most demanding international regulations.
On the other hand, Embention has the Habilitación de Seguridad de Empresa (HSEM) granted by the National Intelligence Center (CNI). Thanks to this clearance, Embention has access to projects that contain classified information.
The company also has stablished a security manager role, holding the Habilitación Personal de Seguridad (HPS), which enables him to manage confidential information within these projects. These accreditations strengthen Embention's ability to operate in critical sectors and ensure that its information systems are managed with the highest security measures.
Embention's commitment to cybersecurity aligns with the Specific Operations Risk Assessment (SORA) methodology, which classifies drone operations into six Specific Assurance and Integrity Levels (SAIL), ranging from I (low risk) to VI (high risk). This classification is determined by evaluating ground risk (GRC) and air risk (ARC), with higher SAIL levels indicating increased operational complexity and risk.
For operations classified as SAIL V and VI, stringent requirements are imposed, including certification-level design assurance, redundancy, and comprehensive operational procedures. These high-risk operations necessitate compliance with robust Operational Safety Objectives (OSOs) to ensure safety and reliability. Embention's adherence to ISO 27001 and its compliance with DO178C, DO254, and DO160G standards supports its capability to meet these rigorous requirements, such as the validation of third-party cybersecurity (ISO 27001) and Service-Level Agreements for critical services; integration of cybersecurity in system architecture; aviation-standard encryption, mutual authentication (PKI), least privilege access, anti-replay protection; and strong encryption and device authentication. This demonstrates its readiness to undertake complex and high-risk drone operations with a strong cybersecurity foundation.
Veronte applications use a secure managed identity and access management (IAM) service to authenticate users through the user-password flow. Once authenticated, users receive JWT tokens that are used to validate their identity in subsequent requests.
To ensure session security, the system implements token rotation using refresh tokens, which allow credentials to be renewed without requiring a new login.
In addition, all calls to protected services in Veronte Cloud are properly authenticated by validating the JWT token, ensuring that only authorised users can access resources.
The infrastructure consists of two Vitual Machine instances behind a Load Balancer that communicate with the services to manage Autopilot communications, query vehicles assigned to users, and handle the upload and download of Veronte Autopilot configurations.
All external communications are over HTTPS using TLS 1. 2 and are protected by an API Gateway that validates JWT tokens to ensure authentication and authorisation of requests.
For internal communications between microservices, the OAuth 2.0 client credential flow is implemented using JWT tokens that ensure mutual authentication and limit the validity of credentials.
This architecture provides security in both external and internal communications through the use of encrypted protocols and strong authentication mechanisms.
The communications security infrastructure provides a robust approach, highlighting the use of IAM with token rotation and token refresh, which enables secure and dynamic session management.
Embention relies on a solid foundation of frameworks to ensure excellence across every stage of its development and operations. These frameworks serve as the backbone of the company’s commitment to safety, performance, and compliance.
Embention holds the ISO 27001 certification for Information Security, which demonstrates that its Information Security Management System (ISMS) meets the most demanding international requirements. This certification implies that Embention manages risks related to the confidentiality, integrity, and availability of information in a structured manner, applying best practices for its development, production, and support of autopilot and avionics systems for UAVs and eVTOLs.
Embention has established a comprehensive cybersecurity framework that includes strict internal security policies, secure communication protocols, identity and access management (IAM), and advanced mechanisms for incident detection and response.
In addition to the ISO 27001 certification, Embention has specific accreditations to operate in high-security environments. These include the Company Security Clearance (HSEM) granted by the National Intelligence Center (CNI) and the Personal Security Clearance (HPS) for its security manager. These credentials allow the company to handle classified information and operate in critical sectors with high security requirements.
Embention manages operational cybersecurity through a comprehensive framework. The Veronte Autopilot includes a "flight lock" that prevents critical parameters from being modified during the mission. Communications are protected with the proprietary VCP protocol, which authenticates devices and encrypts the channels. Additionally, the infrastructure for services like Veronte Cloud is protected with identity management (IAM) and active DoS/DDoS mitigation.
