The supply chain for civil aviation is extremely complex with flow of structural components, hardware, software and data between many organizations. From the first version of this white paper, the context has significantly changed globally. Even as new legislation and standards are released, and the level of attention and, consequently, direct attacks on the aviation supply chain has been seen to increase exponentially over the past few years.
While Civil Aviation has long worked to build up and protect its Supply Chain, the context we face going forward includes both new and pending requirements from the government to improve the security and resiliency of our supply chain. This includes two recent Executive Orders 14014, “America’s Supply Chains” and 14028, “Improving the Nation’s Cybersecurity,” as well as a new National Cybersecurity Strategy. Among other pending changes, the impact of new industry standards as well as SBOM (Software Bill of Materials) are discussed and contextualized in the various aviation domains. The paper also identifies a more comprehensive set of direct threats to the civil aviation sector and its supply chain, that are increasing due to growing HW/SW vulnerabilities, insufficient vetting of suppliers, and global access to aviation components and software infrastructures.