Guiding Supply Chain Security in Aeronautic Development
Supply chain attacks target not only physical procurement but also digital . This enhances the difficulties of monitoring and measuring the attack profile of a supply chain . Embedding dependencies to software chains , counterfeiting hardware , and tampering with logic bearing devices become the weak links of system resiliency . Software Supply Chain concerns versus Hardware Supply Chain concerns span unique risk conditions and should be identified within a company ’ s product .
Practitioners of supply chain security , cybersecurity engineering , and risk management need to understand this growing complexity and initiate a strategy to frame the importance of key supply chain aspects to leadership . With accurate company framing and leadership buy-in , the ability to assess , respond , and monitor these key areas becomes a part of everyday operations . Supply chain security has grown to the point where no single department should be offloaded the task . Acquisitions cannot make parts decisions , nor does the engineer have the same goals as a cyber analyst . Even with more moving parts , once responsibility is spread appropriately across an organization , attacks become more difficult to successfully execute .
Adversarial engagements and foreign actors are becoming more relevant as competing state actors have both funding and time to target these expanded attack vectors . Per the Mandiant M- Trends 2022 Report , supply chain vectors rose by seventeen percent rising to the second most common initial attack vector . 5 Additionally , within this report they cite the geographical conflicts of Ukraine and Russia as a key driver to increased threat actors . 6 Having a capability that can reduce or highlight the foreign influence of a company can make or break part selection . Implementing a standard knowledge base to frame key risk areas to leadership and implementing this standard throughout the company can evolve not only the companies processes but the trust its consumers have with its product .
Supply Chain Security is expanding in research with evolving standards . Current practices are not up to the rigor requisite of handling complex supply chain attacks . The complex systems within Avionics , like Fly-By-Wire , Autopilot Programs , Traffic Control Tower Interfaces by themselves are often reliable and safe components . Often such components are implemented with triple to quadruple redundancies .
The current structure works only under the assumption that adversarial engagements are not targeting the supply chains . Counterfeiting is a common type of attack but does not fully exemplify the depth that threat actors are utilizing in current day environments . If a software or hardware in the redundancy system is legitimate but tampered with , then the resiliency of the system overall collapses . This type of system failure has been observed but not only by an intentional attack but rather by faulty development procedures causing four of the five
5 https :// cloud . google . com / blog / topics / threat-intelligence / russia-invasion-ukraine-retaliation
6 https :// services . google . com / fh / files / misc / m-trends-report-2022-en . pdf Journal of Innovation 5