Cybersecurity improvement of AeroSpace and Defense SupplyChain

The BackGround:

The AeroSpace and Defense Extended Enterprise is composed of multiple small and medium sized companies, having usually their ICT managed in silos without even the capability to detect that they are subject to cyber-attacks or to protect from those attacks.

One of the main issue to be resolved today is that those companies are the first target of cyber criminals while being the less protected.

Over the past 5 years, the experience confirmed that attackers shifted their efforts to suppliers, as illustrated by multiple security issues reports like the one published by the UK Computer Emergency Response Team (CERT) in their white paper dedicated to “Cyber-security risks in the supply chain”.

Unfortunately, while having spent a lot of efforts to secure their internal ICT, the security protections that BoostAeroSpace (BAS) founders (Airbus, Dassault Aviation, Safran, Thales) deployed inside their ICT are not deployed equally to their partners with whom they connect with to collaborate.

Therefore, in order to solve this urgent issue, BAS together with security specialists fro Airbus, Dassault Aviation, Safran an Thales proposed to the Board of Directors (BOD) decide to launch together the AirCyber program.

Aim of the program:

The agreed target of the program is to enhance security of the extended enterprise using BoostAeroSpace as a central Hub for BAS founders and other customer companies, and  to propose security solutions for industrial suppliers first with a progressive approach.

Work performed: risks, issues, OEM inputs and solutions reviews

Security workshops were organized during one year with the key security representatives of the BAS founding companies (ie. Members of the BAS Security Management Authority, security experts appointed by BOD members and cyber security program managers).

Participants investigated what were the issues related to the collaboration in the extended enterprise and what would be the key success factor of a solution along with the risks of having a central approach on some sensitive domains like alerts management.

It was commonly agreed that BoostAeroSpace was well positioned to address some of the issues and that for some others it would not make sense to have a centralized approach, or would even increase the risk.

Solution concept and deliverables

The proposed solution consists in launching a cyber security program driven by BoostAeroSpace founders that will take all workshops inputs into consideration in order to achieve 2 main goals:

  1. A BAS founders’ centralized and shared standard to manage security of their supply chain extended enterprise (policies, tools and processes dedicated to Extended Enterprise security management validated by all founders).
  2. A central hub of trusted security solutions and services proposed to the supply chain extended enterprise having done theirs proofs.

Major deliverables are organised as follow:

  • AirCyber Continuous Maturity Assessment Services: On-site intervention to assist with the questionnaire, detailed safety report, renewed every 4 years. Update tool / Dashboard of levels.
  • Cybersecurity Documentation (studies, configurations, awareness) adapted from OEMs.
  • A dynamic catalog of proposed trusted Cyber services and solutions recognized in the industry, with a rating system and offering the possibility to identify those services and solutions already referenced either by OEMS or industrial suppliers.
  • A global awareness and collaboration CyberSecurity Plan (forums, events, etc.).
  • A CyberSecurity issue detection and alerts solution fully compatible with OEMs and interconnected with international CyberSecurity databases.

Why AirCyber is the good answer?

Aerospace & Defense SupplyChain Extended Enterprise will find in AirCyber both trusted Industrial Control System and Information Technology security services and solutions to enhance their own security resilience and a structured referential to make their efforts and maturity level recognized by OEMs and customer companies.

Subscribing to the “AirCyber” service will allow them to benefit from:

  • The CyberSecurity improvement plan led by the founders / shareholders of BoostAeroSpace (Awareness, analysis of your level of maturity, sharing of guides, best practices and expertise of the founders made available to them),
  • The AirCyber dynamic catalog containing trusted CyberSecurity solutions and services updated and recognized by the Aerospace and Defense industry.

AirCyber has been officially launched in 2019!

The subscription is now available: we therefore invite industrial suppliers to join “AirCyber” in order to achieve the industry’s standardization objectives for CyberSecurity protection as soon as possible.

Please note that we are committed to helping a defined number of suppliers each year, so the first subscription requests will automatically be included in the first wave 2019 of suppliers.

If you are a supplier, do not wait any longer and join AirCyber now by sending an email to   

The AirCyber cybersecurity solutions and service catalog, that will be proposed to industrial suppliers is also opened. If you are a supplier of cybersecurity services or solutions to our shareholders or to industrial suppliers, do not hesitate to get in touch with us.

If you want to participate in this activity, as a supplier, service provider or partner do not hesitate to contact us also with the same email address.