Cybersecurity

Cybersecurity

The aerospace and defense industries are at the forefront of innovation and collaboration, and together we have a fantastic opportunity to enhance our cybersecurity practices. Our stakeholders are comprised of a diverse network of entities—government bodies, prime contractors, and suppliers—all entrusted with sensitive data. By understanding the shared responsibility, we hold in safeguarding this information, applying the latest cybersecurity practices helps create a secure environment between Boeing and our stakeholders.

As we continually strengthen an evolving cybersecurity landscape, it’s essential that we view challenges as opportunities for growth and improvement. Every step we take to strengthen our defenses not only protects our operations but also enhances our collective resilience.

Close up of two business people having a quick chat outside the office

Cyber Incident Reporting

Cyber incident reporting is essential because it allows for immediate action to mitigate potential damage and prevent future attacks. Timely reporting improves incident response capabilities and helps implement necessary security measures to safeguard sensitive data and protect your company's reputation.

Further, the Defense Federal Acquisition Regulations Supplement DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting (MAY 2024)) mandates specific reporting timelines and procedures for cyber incidents. It is critical that suppliers are aware and compliant with applicable regulations.

Cyber-Supply Chain Risk Management (C-SCRM)

The aerospace and defense industries are at the forefront of innovation and collaboration, and together we have a fantastic opportunity to enhance our cybersecurity practices. Our stakeholders are comprised of a diverse network of entities—government bodies, prime contractors, and suppliers—all entrusted with sensitive data. By understanding the shared responsibility, we hold in safeguarding this information, applying the latest cybersecurity practices helps create a secure environment between Boeing and our stakeholders.

As we continually strengthen an evolving cybersecurity landscape, it’s essential that we view challenges as opportunities for growth and improvement. Every step we take to strengthen our defenses not only protects our operations but also enhances our collective resilience.

Managing cybersecurity risks in the aerospace industry's supply chain is crucial to safeguard against cyber vulnerabilities and threats. Boeing has established an Enterprise C-SCRM program in response to exponential increase in cyber-attacks on suppliers, customer audits and newly established regulatory requirements.

Through continued efforts to evaluate and collaboratively troubleshoot its supply chain's cyber challenges , Boeing approaches risk management head on by identifying, evaluating, and mitigating risks throughout the supply chain lifecycle.

Effective collaboration is paramount for unified responses to cybersecurity challenges.

Commercial

In today’s rapidly evolving digital landscape, staying vigilant and adaptable is essential for Boeing Commercial Airplanes to effectively guard against cyber threats and protect our infrastructure, products, services and people.

As technology advances, so do the tools and strategies we have to proactively strengthen our defenses. Our suppliers play a critical role in securing sensitive information and proprietary data, which not only ensures compliance, it reinforces the trust and integrity of our supply chain. By fostering collaboration between Boeing and our suppliers, we can stay ahead of emerging threats and continue to exchange valuable insights on cybersecurity best practices, keeping our entire network resilient and secure.

We encourage our partners to align their cybersecurity practices with industry standard frameworks and conduct regular assessments and audits to validate the effectiveness of implemented controls.

Industry Standard Frameworks

These practices are essential to identify and address any vulnerabilities. Together, we can enhance our collective security and ensure the continued relationship with our stakeholders and Boeing Commercial Airplanes.

Defense & Space

Supplier cybersecurity is vital to protect and strengthen the defense and space sector. Suppliers should stay informed on emerging requirements within the defense sector to ensure compliance. By adopting advanced practices and frameworks like the National Institute of Standards and Technology (NIST), Cybersecurity Framework (CSF), suppliers help ensure a robust cybersecurity posture and a cyber-safe culture. 

Our defense and space suppliers play a vital role in safeguarding sensitive information and proprietary data, ensuring compliance while strengthening the trust and integrity of our supply chain. By fostering collaboration between Boeing and our defense suppliers, we can stay ahead of evolving threats and continue to share critical insights on cybersecurity best practices, keeping our entire network resilient and mission-ready.

  • Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations NIST SP 800-171 Rev. 3

Boeing Requirements

  • Boeing Terms of Use and Cybersecurity Supplement SP5

Regulatory Requirements

Protection

  • Basic Safeguarding of Covered Contractor Information Systems FAR 52.204-21
  • Safeguarding Covered Defense Information and Cyber Incident Reporting DFARS 252.204-7012

Prevention

  • Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities FAR 52.204-23
  • Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment FAR 52.204-25
  • Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services DFARS 252.204-7018

Cybersecurity Maturity Model Certification (CMMC) Requirements

The U.S. Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) establishes a standardized framework to assess and improve cybersecurity controls DoD contractors and suppliers.

CMMC aims to bolster the overall resilience of its supply chain and safeguard U.S. national security interests from cyber threats. Through a tiered approach ranging from basic cybersecurity hygiene to advanced practices, CMMC ensures DoD contractors meet specific cybersecurity requirements corresponding to the information’s sensitivity level. 

Cybersecurity Maturity Model Certification (CMMC) Program Preparedness

The Cybersecurity Maturity Model Certification (CMMC) is crucial for safeguarding Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Starting mid-2025, all DoD contractors and subcontractors must achieve specified CMMC levels (1-3) to secure contract awards. The ND-ISAC has released a "C3PAO Shopping Guide" to assist small and medium-sized businesses in navigating the CMMC Level 2 assessment process. Proactive engagement in achieving compliance is vital for enhancing cybersecurity and ensuring eligibility for future contracts.

Adhering to DFARS requirements currently in-place will ensure your continued participation in DoD contracts in the future.

Feel free to download these valuable resources:

Supplier Announcements

Cybersecurity News & Updates for Suppliers

Stay informed on the latest cybersecurity developments, threats, and best practices impacting the supply chain. This section provides critical updates, compliance reminders, and key insights to help suppliers strengthen their cyber resilience and safeguard sensitive data.

 

Newsletter Archive - Join Cybersecurity Newsletter mailing list 

  

Supplier Updates and Special Attention Items
  1/29/25 - Cyber news every supplier needs to know
2/26/25 - Will Generative AI Help or Hurt Cybersecurity		   CMMC Program Prepardness Document