White paper Collaboration & mutual aid for an enhanced cybersecurity of the Aerospace and Defence SupplyChain, a white paper by BoostAeroSpace

Following 4 years of AirCyber service operations, this white paper is born from the conviction that cyber risk is now a necessity for all companies, especially in the Aerospace and Defence sector. In this highly connected environment, every link in the chain must be secured to ensure the safety of all. This is an statement shared by the industry's major manufacturers, who, after securing their own perimeter, have been working for several years to secure their entire SupplyChain and advise them on the appropriate approaches to "cyber collaboration".

"No one can fight against cyber threats, alone."

“The SupplyChain can be considered as the Achilles heel of any organization. It's up to us to prove otherwise, to define the cyber "master plan" for this SupplyChain, especially via the AirCyber initiative, which is both welcome and promising". These are the words of Pascal ANDREI, Chief Security Officer at Airbus.

A message that is relayed throughout the SupplyChain, particularly among first-tier suppliers: "To the mantra "all connected, all concerned, all responsible", we must add: "when each link is strengthened, the entire chain wins!” Extract from the preface by Stéphanie BUSCAYRET, Chief Information Security Officer at Latécoère.

To this end, BoostAeroSpace, whose mission is to create coherence in the industry through a cross-functional role of the governance and the creation of adapted collaborative digital solutions, has set up the AirCyber program with its founders, to reinforce and homogenize the industry's cyber protection level. This program aims to make cybersecurity accessible and affordable to all, regardless of the supplier size, by offering personalized and adapted services, and sharing experiences and materials via an active community.

"The Industrial SupplyChain, a prime cyber target, a vital asset for the Aerospace and Defence industry”

In this white paper, the reader will first learn more about the challenges of cybersecurity in the SupplyChain, as well as its specificities. Indeed, the vulnerability of SMEs to cyber-attacks, the industrial context, and the specificities of the Aerospace and Defence environment, create a ground favorable to cyber-attacks. These notions enable to properly apprehend the risks, and especially the impacts for the company, which can be financial, but also logistical, reputational, legal, human...

During the implementation of the recommendations and best practices detailed in the white paper, companies often come up against internal "reticence or blockers" - "I'm not concerned", "I don't have the money to spend on that", "it's too complicated", etc. The reader will also find expert advice on how to overcome this initial reluctance. Thus, Benoit David, industrial manager for B?llhoff Gillis, emphasizes the contribution of the AirCyber program to this awareness: "We don't have a real cybersecurity expert on site.?This program at least allows us to become aware of a certain number of issues and to implement corrective actions with the help of service providers if necessary.”

A key message reaffirmed throughout the book: ?"To strengthen your cybersecurity, the key is to started with the process, go gradually, and move forward with regularity."

BoostAeroSpace aimed this white paper as a practical guide for SupplyChain companies at different cyber maturity levels. For the first steps in protecting their IT systems, readers will find advice on how to structure and develop their action plan, as well as essential security recommendations from experts involved in the AirCyber program and from various publications from organizations such as ANSSI, which regularly publishes advice adapted to SMEs.

To achieve its cyber maturity progression, the reader will also discover and find, through AirCyber, services put in place in the industry to support suppliers in their journey: the collaborative catalog of solutions, the cybersecurity maturity analysis and management tool, as well as the online community and its numerous resources: physical and replay events, documentation, awareness videos, etc.

"Cybersecurity is such a vast field that it is difficult to set milestones, to know when you are in the right place and when you are not, and the fact that you have a program that tells you ”You are at such level, you still have to do this” helps a lot" confirms Jean-Christophe Vaussier, IT manager for Maugars Industrie.

"The cyber crisis, experienced on the ground."

While we always wish it would never happen, a cyber crisis is a risk that we need to prepare for so we can respond effectively. "The organization will undergo a shock and immediately go into a tizzy when it gets to a crisis. The first few hours are extremely stressful for the operational teams, and they break out in cold sweats" confirms Fabien Galle, of Asteelflash.

Therefore, the white paper recalls the best practices to prepare for the eventuality of a crisis, as well as those to adopt during the crisis and finally, the actions post crisis to learn from it.

Throughout this book, collaborative tools, members' testimonies and experts' contributions also remind us that the community, through exchanges, shared initiatives or collective programs, can instill a positive dynamic, and encourage all companies, whatever their size, to get started being well accompanied. And for this, the AirCyber program is by their side for a long time to come. Romain Bottan, CISO BoostAeroSpace and Director of the AirCyber program, gives a clear direction: "AirCyber must live on, grow and constantly improve to serve our industrialists best."

Focus on securing the entire industry!

Download the full white paper now from our web site.