Imagine you are the pilot of a plane, carrying delicate cargo – maybe the most important cargo: human passengers. Suddenly, your plane’s systems are infiltrated by a hacker with nefarious motives and you no longer have GPS or communication connection. Panic begins to set in as you struggle to maintain the safety and security of the aircraft.
Or, imagine you are a business owner with expensive products or sensitive defense materials being shipped across the country. You are sitting in your office awaiting that shipment when you suddenly hear that the plane has gone off the grid. It turns out the shipment was hacked and the plane is missing. Your business now hangs in the balance as officials work to get the connection back up and figure out where your products are.
The threat of a cybersecurity attack in aerospace is a very real thing. And hackers’ efforts grow more sophisticated and harder to prevent every day. Luckily, the Aerospace Industries Association has created the NAS9933 aerospace cybersecurity standard to help regulate the requirements for aerospace cybersecurity.
At Sharetru, we’re often asked by companies in the aerospace and defense industry how they can protect their sensitive data and keep growing cybersecurity threats at bay. Alignment with and an understanding of NAS9933 is the answer. In this article, we will discuss who created the NAS 9933 standard, what the standard is, and how you can become compliant with NAS9933.
Who Created the NAS9933 Aerospace Cybersecurity Standards?
The Aerospace Industries Association (AIA) is a body of representatives from the aircraft, space, and defense industries that represent the interests of those industries in both the public and the private sectors. The AIA voices those interests through the publication of books, reports, standards, and more. As part of its role as the voice of the aerospace industry, the AIA published NAS9933.
Aside from creating standards and representing the aerospace industry, the AIA has spent the last 100 years tracking the history of the industry. CEO-level officers from nearly 350 member organizations provide guidance and direction from the organization. They work closely with the U.S. government to support defense initiatives and spur economic growth in the industry.
What is the NAS9933 Aerospace Cybersecurity Standard?
Cybersecurity is a growing concern in almost every industry, and the aerospace industry is no exception. So, the AIA published the National Aerospace Standard 9933 (NAS9933) to address this concern with a series of cybersecurity recommendations for aerospace organizations.
A lack of uniformity across the industry drove the AIA to issue these voluntary guidelines. Running a secure operation is essential for aerospace organizations working with the government. Often, these partnerships with the government require contractors to handle sensitive data, in addition to the sensitive data aerospace organizations possess on their own.
So, having a set of guidelines in place increases data security and the confidence partners have in aerospace contractors. NAS9933 plays a companion role to NIST (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, addressing particular aerospace cybersecurity concerns.
What are the objectives of NAS9933? This set of standards was designed to:
- “To provide industry partners an indication of a company’s cybersecurity profile, as a way to measure a company’s cybersecurity risk.
- To enable reciprocity across industry and critical infrastructure sectors, so that a company’s level of cybersecurity is universally accepted by all whose work supports national interests.”
NAS9933 aims to push the aerospace industry to be more proactive when addressing cybersecurity threats, preempting threats by putting the appropriate measures in place.
What does the NAS9933 do?
The AIA describes its aim as such: “We intend for this standard to establish the cybersecurity baseline in the aerospace and defense industry, and support government leaders’ efforts to align with industry on a path toward true security.” Basically, the AIA created these security standards to provide organizations with a guide to establishing the basic foundation needed to protect sensitive data.
Organizations represented by the AIA vary in size, in the sector, and level of necessary security. So, it’s a challenge to address all of these features with a standard like NIST (SP) 800-171, which offers numerous security recommendations for numerous industries. NAS9933 aims to address the specific cybersecurity challenges and concerns of the aerospace industry.
How Do I Become NAS9933 Certified?
NAS9933 is a voluntary cybersecurity publication, which means there is no certification to pursue. So, it’s best to think of your security controls as whether or not they align with NAS9933. However, alignment is essential as you want to avoid the serious consequences that result from a cybersecurity attack.
NAS9933 consists of 22 control families, 20 of which were published by the Center for Internet Security (CIS) and two additional control families developed in partnership with Exostar. These control families consist of sub-controls, which have been categorized into five capability levels.
Because there is no governing body to monitor alignment with NAS9933, it’s up to your organization to implement, monitor, assess and maintain the appropriate security controls. You also need to purchase the entire NAS9933 framework from the AIA/NAS Standards Store for the full list of security controls.
One way to implement standards to protect your sensitive data is to adopt a secure file sharing solution. Storing your data in a military-grade secure server ensures that your data can withstand even the most advanced attacks. Top FTP servers have all the appropriate security measures in place, potentially including NAS9933. This means the minute you move your data into one of these servers, you’ll be in alignment with NAS9933 and other appropriate compliance regulations.
Staying compliant in all aspects of cybersecurity is critical to having success in working with the contractors and the Department of Defense as a whole. Sharetru has helped hundreds of organizations with their compliance needs. To get started, we recommend downloading our free Compliance Guide.