Cybersecurity

Cybersecurity

The aerospace and defense industries are at the forefront of innovation and collaboration, and together we have a fantastic opportunity to enhance our cybersecurity practices. Our stakeholders are comprised of a diverse network of entities—government bodies, prime contractors, and suppliers—all entrusted with sensitive data. By understanding the shared responsibility, we hold in safeguarding this information, applying the latest cybersecurity practices helps create a secure environment between Boeing and our stakeholders.

As we continually strengthen an evolving cybersecurity landscape, it’s essential that we view challenges as opportunities for growth and improvement. Every step we take to strengthen our defenses not only protects our operations but also enhances our collective resilience.

Close up of two business people having a quick chat outside the office

Cyber Incident Reporting

Cyber incident reporting is essential because it allows for immediate action to mitigate potential damage and prevent future attacks. Timely reporting improves incident response capabilities and helps implement necessary security measures to safeguard sensitive data and protect your company's reputation.

Further, the Defense Federal Acquisition Regulations Supplement DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting (MAY 2024)) mandates specific reporting timelines and procedures for cyber incidents. It is critical that suppliers are aware and compliant with applicable regulations.

Cyber-Supply Chain Risk Management (C-SCRM)

The aerospace and defense industries are at the forefront of innovation and collaboration, and together we have a fantastic opportunity to enhance our cybersecurity practices. Our stakeholders are comprised of a diverse network of entities—government bodies, prime contractors, and suppliers—all entrusted with sensitive data. By understanding the shared responsibility, we hold in safeguarding this information, applying the latest cybersecurity practices helps create a secure environment between Boeing and our stakeholders.

As we continually strengthen an evolving cybersecurity landscape, it’s essential that we view challenges as opportunities for growth and improvement. Every step we take to strengthen our defenses not only protects our operations but also enhances our collective resilience.

Managing cybersecurity risks in the aerospace industry's supply chain is crucial to safeguard against cyber vulnerabilities and threats. Boeing has established an Enterprise C-SCRM program in response to exponential increase in cyber-attacks on suppliers, customer audits and newly established regulatory requirements.

Through continued efforts to evaluate and collaboratively troubleshoot its supply chain's cyber challenges , Boeing approaches risk management head on by identifying, evaluating, and mitigating risks throughout the supply chain lifecycle.

Effective collaboration is paramount for unified responses to cybersecurity challenges.

Commercial

In today’s rapidly evolving digital landscape, staying vigilant and adaptable is essential for Boeing Commercial Airplanes to effectively guard against cyber threats and protect our infrastructure, products, services and people.

As technology advances, so do the tools and strategies we have to proactively strengthen our defenses. Our suppliers play a critical role in securing sensitive information and proprietary data, which not only ensures compliance, it reinforces the trust and integrity of our supply chain. By fostering collaboration between Boeing and our suppliers, we can stay ahead of emerging threats and continue to exchange valuable insights on cybersecurity best practices, keeping our entire network resilient and secure.

We encourage our partners to align their cybersecurity practices with industry standard frameworks and conduct regular assessments and audits to validate the effectiveness of implemented controls.

Industry Standard Frameworks

These practices are essential to identify and address any vulnerabilities. Together, we can enhance our collective security and ensure the continued relationship with our stakeholders and Boeing Commercial Airplanes.

Defense & Space

Supplier cybersecurity is vital to protect and strengthen the defense and space sector. Suppliers should stay informed on emerging requirements within the defense sector to ensure compliance. By adopting advanced practices and frameworks like the National Institute of Standards and Technology (NIST), Cybersecurity Framework (CSF), suppliers help ensure a robust cybersecurity posture and a cyber-safe culture. 

Our defense and space suppliers play a vital role in safeguarding sensitive information and proprietary data, ensuring compliance while strengthening the trust and integrity of our supply chain. By fostering collaboration between Boeing and our defense suppliers, we can stay ahead of evolving threats and continue to share critical insights on cybersecurity best practices, keeping our entire network resilient and mission-ready.

  • Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations NIST SP 800-171 Rev. 3

Boeing Requirements

  • Boeing Terms of Use and Cybersecurity Supplement SP5

Regulatory Requirements

Protection

  • Basic Safeguarding of Covered Contractor Information Systems FAR 52.204-21
  • Safeguarding Covered Defense Information and Cyber Incident Reporting DFARS 252.204-7012

Prevention

  • Prohibition on Contracting for Hardware, Software, and Services Developed or Provided by Kaspersky Lab Covered Entities FAR 52.204-23
  • Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment FAR 52.204-25
  • Prohibition on the Acquisition of Covered Defense Telecommunications Equipment or Services DFARS 252.204-7018

Cybersecurity Maturity Model Certification (CMMC) Requirements

The U.S. Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) establishes a standardized framework to assess and improve cybersecurity controls DoD contractors and suppliers.

CMMC aims to bolster the overall resilience of its supply chain and safeguard U.S. national security interests from cyber threats. Through a tiered approach ranging from basic cybersecurity hygiene to advanced practices, CMMC ensures DoD contractors meet specific cybersecurity requirements corresponding to the information’s sensitivity level.