Aircraft network cybersecurity apparatus and methods

What is claimed is: 1. A method of obfuscating mapping of an avionic network, comprising: operatively coupling a network module between an external-access node and an avionics bus of the avionic network with all communications between the external-access node and the avionics bus passing through the network module; generating, by means of a randomization engine, a first network map identifying one-to-one network address translations for a set of components on at least a portion of the avionics bus; loading the first network map on the network module; making the first network map on the network module accessible to the external-access node; generating, by means of a randomization engine, at least a second network map identifying one-to-one network address translations for the set of components, the second network map being different from the first network map, loading the second network map on the network module; disrupting any reconnaissance of the avionic network by changing the network map accessible to the external-access node from the first network map to the second network map; wherein disrupting reconnaissance maintains authorization of an external device to access the network through the external-access node; and wherein any scanned network map of the avionics network from an external-access node is rendered ineffective once the accessible network map changes. 2. The method of claim 1 , further comprising: generating at least first and second virtual environments; storing the first network map in the first virtual environment; and storing the second network map in the second virtual environment; and wherein loading the first network map on the network module includes loading the first virtual environment storing the first network map on the network module, and loading the second network map on the network module includes loading the second virtual environment storing the second network map on the network module. 3. The method of claim 2 , further comprising limiting communication between the avionics bus and the external-access node to communication through the first virtual environment. 4. The method of claim 3 , wherein changing the network map accessible to the external-access node from the first network map to the second network map includes removing communication of the external-access node with the first virtual environment, and establishing communication of the external-access node with the second virtual environment. 5. The method of claim 1 , wherein changing the network map accessible to the external-access node includes changing the network map accessible to the external-access node in response to meeting at least a first predetermined criterion. 6. The method of claim 5 , wherein the at least a first predetermined criterion for changing the network map accessible to the external-access node includes a fixed basis for changing the network map accessible to the external-access node. 7. The method of claim 6 , wherein the fixed basis is a predetermined geographical location of an aircraft. 8. The method of claim 5 , wherein the at least a first predetermined criterion for changing the network map accessible to the external-access node includes a randomized basis for changing the network maps accessible to the external-access node. 9. The method of claim 8 , wherein the randomized basis includes a varying time period. 10. A network module for obfuscating mapping of an avionic network, wherein the network module is operatively coupled to the avionic network and configured to: be operatively interposed between an avionics bus of the avionic network and an external-access node with all communications between the external-access node and the avionics bus passing through the network module; generate a first one-to-one network map identifying substitute local network IP addresses for a set of components on at least a portion of the avionic network; make the first network map on the network module accessible to the external-access node; generate a second one-to-one network map identifying substitute local network IP addresses for the set of components, the second network map being different from the first network map; and obfuscate network locations of the set of components by changing the network map accessible to the external-access node from the first network map to the second network map; wherein the obfuscation maintains authorization of an external device to access the network through the external-access node; and wherein any scanned network map of the avionics network from an external-access node is rendered ineffective once the accessible network map changes. 11. The network module of claim 10 , wherein the network module is configured to: generate at least first and second virtual environments; store the first network map in the first virtual environment; make the first virtual environment accessible to the external-access node; store the second network map in the second virtual environment; and change the virtual environment accessible to the external-access node from the first virtual environment to the second virtual environment. 12. The network module of claim 11 , comprising a first partition and a second partition, wherein: the first partition is operatively coupled to the avionic network and configured to generate the at least first and second virtual environments, to load the first virtual environment storing the first network map onto the second partition, and to not conduct communication between the avionics bus and the external-access node; and the second partition is configured to be operatively interposed between the avionics bus and the external node. 13. The network module of claim 11 , comprising a first partition and a second partition, wherein the first partition is operatively coupled to the avionic network and configured to load the first virtual environment storing the first network map from the first partition onto the second partition, the second partition is configured to be operatively interposed between the avionics bus and the external node, and the network module is configured to restrict data flow between the first partition and the second partition to unidirectional data flow from the first partition to the second partition. 14. The network module of claim 13 , further comprising a data diode restricting data flow between the first partition and the second partition to unidirectional data flow from the first partition to the second partition. 15. The network module of claim 10 wherein: each of the first and second network maps are hosted in a virtual container; each of the containers are software packages comprised of an application, configurations, and dependencies; each of the containers form isolated user space instances; and the isolated user space instances are unable to access a host operating system. 16. A system for obfuscating network mapping of an avionic network of an aircraft, comprising: a first container including a first network map identifying network addresses for network components of at least a first portion of the avionic network; a second container including a second network map identifying network addresses for network components of at least a second portion of the avionic network, the second network map being different from the first network map; a switching device configured to interpose the first container between an avionics bus of the avionic network and an external-access node, and in response to at least a first criterion, replacing the first container with the second