Why is cyber risk particularly critical in aviation?
The aviation sector is considered highly critical because the operational impact of an incident can be immediate and dramatic. If planes can no longer take off or land, the consequences extend far beyond the affected company: an entire ecosystem can be disrupted. Recent attacks have shown that assailants do not necessarily target the most protected systems, but rather peripheral services within the ecosystem—which are often less secure—triggering a domino effect. In aeronautics, another major challenge is the theft of intellectual property: manufacturers and their subcontractors hold sensitive information, and the loss of this data represents a strategic risk.
What is the role of CERT Aviation?
CERT Aviation (Computer Emergency Response Team) was created in 2022 at the initiative of major industry players such as Air France, Groupe ADP, Airbus, Thales, and Dassault Aviation. Today, it brings together around fifty members and several hundred beneficiaries, notably through professional federations. Our role is to monitor threats, issue alerts, share information, and support organizations when an incident occurs. This is fundamental, as the robustness of the whole often depends on the weakest link. Every morning, CISOs exchange information and share "weak signals." During the CrowdStrike incident in July 2024, some players were pre-alerted very early, which allowed for better anticipation.
"In cyber, aviation saves time through mutualization" - Marion Buchet
How do you measure the cyber maturity of your ecosystem?
The approach is based on several levels. There are audit frameworks like Air Cyber, which aim to structure and secure the aeronautical supply chain. On our end, we monitor the digital footprint of our members, including information about them circulating on the dark web, and provide operational recommendations to strengthen their cybersecurity. Cyber rating has truly allowed us to scale. Previously, analyzing a digital footprint could take several weeks for a single player. Today, cyber rating allows our members to automatically identify their vulnerabilities. What often makes the difference in aviation is mutualization. Feedback and lessons learned circulate because the most mature organizations understand that this collective dynamic strengthens the entire industry, especially in the face of increasingly stringent regulatory and operational requirements.
About Marion Buchet
After 20 years as a fighter pilot in the Air and Space Force, Marion Buchet joined the private sector before taking the lead of CERT Aviation in 2023. She holds a Master’s degree in Psychology and a Global Executive MBA from HEC, the London School of Economics, and New York University. She is also an auditor of the Institut des Hautes Études de la Défense Nationale (IHEDN).
