At FTP Today, we get asked a lot about aerospace cybersecurity. From who regulates aerospace to how to be compliant in the industry, it is critical to understand how the industry works.
At the center of the aerospace cybersecurity field is the Aerospace Industries Association or AIA.
In this article, we will explore who the AIA actually is, what role they play in the aerospace industry, and what regulations or standards they have put into place to promote aerospace cybersecurity.
The Aerospace Industries Association (AIA) is a trade association representing the different branches of the aerospace industry – commercial aircraft, helicopters, space systems, etc. Since its founding in 1919, the AIA has documented the history and helped shape the trajectory of the aerospace industry.
The AIA is made up of CEO-level representatives from the approximately 350 member organizations. These representatives are tasked with supporting and furthering the best interests of the industry, while also supporting national security and the U.S. economy.
To accomplish these goals, the AIA often works closely with the U.S. government to ensure aerospace safety and security, and overcome emerging challenges faced by aerospace organizations and employees.
According to the AIA, the organization works to “advocate for effective federal investments; accelerated deployment of innovative technologies; policies that enhance our global competitiveness; and recruitment and retention efforts that support a capable and diverse 21st-century workforce.”
One challenge facing the aerospace industry that the AIA has taken steps to tackle is emerging cybersecurity vulnerabilities. As with many industries, cybersecurity threats are growing more sophisticated each day, making it difficult to keep pace with and stay ahead of these threats.
Unlike with some other industries, however, cybersecurity threats to the aerospace industry could result in loss of human life. While the monetary loss is also a threat, cybersecurity breaches could mean the weaponization of airplanes, helicopters, drones, and more. The stakes are much higher for the aerospace industry than many of its counterparts.
So, what role does the AIA play in promoting aerospace cybersecurity? The AIA, though an independent entity, does have a supportive relationship with the Department of Defense in the fight for cybersecurity in aerospace. The DoD and the AIA have worked collaboratively to develop comprehensive, dynamic aerospace cybersecurity measures to protect against even the most sophisticated threats.
In the past, the DoD implementation of NIST SP 800-171 as a guide to necessary security protocols has been used by the aerospace industry to protect against hackers. While this may have worked in the past, further measures are needed today to defend against hackers who are smart, well equipped, and persistent in their threats. NIST SP 800-171 also made compliance difficult for smaller members of the aerospace industry, who did not have the corporate structure or resources to properly comply with the publication’s regulations. The cost and complexity of compliance were simply too high.
In addition to the burden of compliance on smaller industry members, there was also a lack of uniformity in compliance. While NIST SP 800-171 was one option for security control compliance, there was no overarching Federal Acquisition Regulation cybersecurity rule to regulate how acquisitions were made. Without all the proper regulations in place, it was nearly impossible to standardize security compliance across the entire industry.
To ensure there was greater clarity in terms of cybersecurity for the aerospace industry, the AIA developed (National Aerospace Standard) NAS9933 to supplement DoD requirements. NAS9933 was drafted primarily for this industry.
The goals of NAS9933 were first to maintain cybersecurity in the industry, but also to make data security processes repeatable and cost-effective. NAS9933 offers guidance on how to achieve a state of security beyond basic compliance controls.
What other standards has the AIA created? NAS9933 is not the only standard that the AIA has created to ensure the aerospace industry is safe, efficient, and organized. Other standards have been created to regulate the handling of:
Help ensure your company’s information is ITAR, EAR and DFARS compliant!
AIA standards are voluntary measures designed to promote cybersecurity. However, it is wise for aerospace contractors and subcontractors to align with the guidelines in NAS9933.
According to the AIA, NAS9933 was developed with two purposes in mind:
The intent behind NAS9933 was to develop a baseline of security standards for the aerospace industry. Cybersecurity is maintained by having repeatable processes by which standards are regularly assessed and updated to ensure they’re working properly.
The AIA lays out a number of cybersecurity priorities for NAS9933. These priorities include:
Staying compliant in all aspects of cybersecurity is critical to having success in working with the contractors and the Department of Defense as a whole. FTP Today has helped hundreds of organizations with their compliance needs. To get started, we recommend downloading our free Government Compliance Guide.
Help ensure your company’s information is ITAR, EAR and DFARS compliant!