Recent APT attacks affecting multiple sectors through a common attack surface have driven home the lesson that no matter how well we think we have secured our perimeters, our information and systems may still be vulnerable to attack through 3rd party systems with weak security controls. Individually we may all be resilient, but collectively we are not. As the Aviation sector relies more heavily on interconnectivity to function efficiently our mindset needs to evolve to consider cyber-vulnerability not as an individual, but a collective problem. Managing 3rd party risk runs deeper than many imagine and opens fundamental questions around the way we go about the business of building security into our systems and products. We can’t have a 360 degree view of supply chain security, but how can we move towards developing the trust and mechanisms to better support a collaborative approach to security with our suppliers, partners and interrelated organisations?
- Nothing can be achieved in isolation – What are the barriers to meaningful collaboration between regulators, asset owners, integrators and vendors on mitigating cyber risk?
- What practical strategies do we need to develop to allow for meaningful discourse and streamline our efforts?
- How are we faring with efforts to collaborate across the supply chain to develop fit for purpose standards regimes, audit compliance check lists and conformity assessments?