{"id":4123,"date":"2025-12-11T00:50:37","date_gmt":"2025-12-11T00:50:37","guid":{"rendered":"https:\/\/phishia.fr\/?p=4123"},"modified":"2025-12-11T00:50:38","modified_gmt":"2025-12-11T00:50:38","slug":"the-domino-effect-of-cyber-why-leasa-and-part-is-force-you-to-monitor-your-suppliers","status":"publish","type":"post","link":"https:\/\/phishia.fr\/en\/blog\/compliance-management\/the-domino-effect-of-cyber-why-leasa-and-part-is-force-you-to-monitor-your-suppliers\/","title":{"rendered":"The Domino Effect of Cyber. Why EASA and Part IS require you to monitor your suppliers."},"content":{"rendered":"
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Aeronautics is a model of reliability, security and traceability. Yet it has become a prime target for cybercriminals, not by striking at the major airlines or manufacturers, but by targeting the link reputed to be the weakest: supply chain<\/strong>.<\/p>

It's no longer your safety that's at stake, but that of the entire system, as required by the new European directives.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

The new risk perimeter: From internal to ecosystem<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

An attack by Supply Chain<\/em> occurs when a hacker exploits the vulnerability of a supplier, often smaller and less secure, to reach the final customer (aircraft manufacturer or operator).<\/p>

Why is the Aero sector so vulnerable to this domino effect?<\/strong><\/p>

  1. Privileged trust :<\/strong> Suppliers have privileged access to customer information systems (drawing exchange platforms, maintenance software, critical parts databases).<\/li>
  2. Regulations :<\/strong> The new requirements of the European Aviation Safety Agency (EASA), notably the IS share<\/strong>, require operators to ensure the safety of their products. ecosystem<\/em>. A supplier's negligence can now result in sanctions and suspension of operations for the end customer.<\/li><\/ol>

    This is a legal obligation of vigilance that extends to all players in the chain.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    The threat of Lateral Intrusion<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    The risk is no longer limited to data theft (as was the case with the Stealer Logs<\/u><\/strong><\/a><\/em>)<\/u>. In the supply chain, it's a lateral intrusion :<\/p>