Securing the digital supply chain in UK aviation

Written by: Helios
Back to insights

Download the report here

This public summary report comes from a study undertaken by Helios, in partnership with Professor Chris Johnson, on common critical data systems and services in UK airports and airlines. The study was commissioned by the UK Department for Transport (DfT) to increase understanding of the dependencies of UK airports and airlines on common data systems and services, and the impact of their loss or compromise. It comes as the UK Aviation Cybersecuirty Strategy and NIS Directive implementation is putting extra focus on effective risk management.

Supply Chain attacks have been prominent in the news for several years. Back in 2013, US retailer Target was breached by attackers using a refrigeration services company as a point of entry. More recently in 2017 the NotPetya malware used tax accounting software as a way of attacking targeted victims. 2018 has seen an evolution and refinement of supply chain attacks, especially when targeting specific organisations. And even without malicious intent, suppliers' complex systems can fail.

The report describes what this means for aviation. Study lead Matt Shreeve says: "We are seeing aviation operators becoming increasingly aware of their broad reliance on third-parties and the need to find and manage supply chain vulnerabilities. Having confidence in critical data, software and systems requires the right contracts, supplier relationships and technical understanding. However, the dependencies in aviation systems and relationships give some special challenges, making it hard to apply generic guidance. Publishing this management summary aims to raise industry awareness both of those challenges and the best ways forward."

Matt Shreeve adds: "Individual operators can lack the influence and mechanisms to address supply chain problems as quickly as they'd like. Working together, especially with key suppliers, means bigger improvements can be made more easily and quickly, and at the critical points. Security and resilience, like safety, need collaboration. Ultimately it needs the whole industry working together on these topics to enable the much needed operational benefits from greater sharing of data, and to preserve trust in aviation."

The authors and DfT would like to thank all who participated in the study via the interviews, surveys and workshops. The work was only possible due to the goodwill and commitment of aviation professionals and associations.

Call us to discuss your next project: +44 1252 451 651

Contact us