Aviation companies twice as likely to be hacked if they do business in China

The COMAC C919 Passenger Jet
In anticipation of speaking at the AIAA conference in Los Angeles on August 12-14, I've been researching aviation companies with joint ventures in China and how many of them have reported being the victim of a cyber attack (successful or not). I identified 11 U.S. companies who were working with Chinese partners on the COMAC C919 aircraft and of those 11, 7 (64%) have publicly acknowledged being the victim of a cyber attack at some point in the last few years. No aggressors were named and some of the acknowledgments had to do with unsuccessful attempts only.

That percentage, in itself, didn't seem too surprising so I decided to look at 11 more randomly selected U.S. aviation companies and of those, only 3 (27%) publicly acknowledged being the victim of a cyber attack. However, after digging a little further, I learned that of those 3 companies, 2 (67%) also had joint ventures in China! Our sample suggests that aerospace companies who have joint ventures in China are being attacked more than twice as often as aerospace companies who don't have joint ventures in the PRC.

We aren't suggesting that China is behind the attacks. Rather, that technology which is valuable to China is also valuable to international hacker groups who believe that they can find a buyer for the stolen data.

As far as I know, this is the first study of its kind to demonstrate that a specific industrial sector (Aerospace) of high value to the Chinese government yields an increased risk of cyber attack to U.S. aerospace companies who are doing business in China. I'll be discussing the implications of this study during my presentation at the AIAA conference on August 12th and will be taking a deep dive into our research at a Suits and Spooks luncheon event in McLean, VA on Sept 10th. Our venue in McLean has limited seating so register early.