Navigating Threats: Practical Steps for Information Security in Aerospace Artwork

The Quality Horizon Podcast

The International Aerospace Quality Group® (IAQG) sets the high standard for quality within the worldwide supply chain of the aerospace aviation, space, and defense industry. As the creator of The Quality Horizon podcast, the IAQG looks to share news and updates related to products and services of the IAQG. The podcast will feature interviews with aerospace leaders that cover a mix of topics including certification and oversight, standard revisions, OASIS v3, sector news, requirements news, relationship news, industry responses, and much more.

All Episodes

The Quality Horizon Podcast

Navigating Threats: Practical Steps for Information Security in Aerospace

May 04, 2026 • IAQG • Season 5 • Episode 2

0:00 | 10:37

In this episode of The Quality Horizon, Gerald Lindlbauer, Director of Quality at FACC, explores the vital role of information security in the aerospace supply chain. He clarifies the difference between information security and cybersecurity, noting that the former covers all forms of data protection beyond digital threats.

The discussion emphasizes building a strong security culture among employees and suppliers while looking ahead to future challenges, including integrated governance and emerging technologies for compliance and risk management.

To learn more, visit the SCMH website at scmh.iaqg.org.

Susan Matson: [00:13 – 01:06] Greetings, everyone, and welcome to the IAQG Quality Horizon. I'm your host, Susan Matson and with me today is Gerald Lindlbauer Director of Quality for FACC with a background in electronics and technical computer science. Gerald has been with his company since 2001. He's been actively involved with the IAQG since 2014. And for the last few years, he has been leading work being done on the Supply Chain Management Handbook, otherwise known as the SCMH, information security section. Now, in this case, information security is much more than password than firewalls. It's really about protecting your digital environment and staying safe online. Today, we're going to spend some time exploring how to keep information secure, recognizing potential threats, and understanding practical steps to protect yourself and your organization. Gerald, welcome to the show.

Gerald Lindlbauer: [01:06 – 01:37] Thanks for having me. Information security is every organization and for every individual who interacts with digital systems. Within information security, cybersecurity plays a vital role by specifically protecting digital assets, networks, and systems from attacks or unauthorized access. Cybersecurity is essentially a key part of a broader information security framework.

Susan Matson: [01:38 – 01:59] So let's get down to some of the basics before we dive into this. What exactly is information security and how does cybersecurity fit into that? And then additionally, what are the differences between the two and why is it important for our audience, the aerospace supply chain organizations to understand both?

Gerald Lindlbauer: [02:01 – 02:46] Information security is about protecting information in all its forms. digital and physical, from authorized access, disclosure, alteration, or destruction. It covers confidentiality, integrity, and availability of information. Cybersecurity is a subset focused on the digital side, protecting computers, networks, software, and electronic data from threats. Both are complementary. Cybersecurity enforces the digital protections within a larger information security strategy.

Susan Matson: [02:47 – 02:56] So policy, training, awareness, that applies to both. But cybersecurity focuses primarily on digital threats, right?

Gerald Lindlbauer: [02:58 – 03:03] Exactly. They work hand-in-hand to protect all types of information assets.

Susan Matson: [03:04 – 03:08] Okay, so what are the most common threats today?

Gerald Lindlbauer: [03:10 – 03:32] Yeah, people often face phishing attacks, ransomware, social engineering, weak passwords, insider threats, or malware. Cybersecurity measures specifically counter digital attacks, while awareness and vigilance help mitigate human-related risks.

Susan Matson: [03:33 – 03:36] Understanding human behavior is key then, right?

Gerald Lindlbauer: [03:37 – 03:42] Absolutely. Technology can help, but informed users make a huge difference.

Susan Matson: [03:44 – 03:55] And what are the top risks that decision makers in the aerospace supply chain organizations should prioritize when developing these information security strategies?

Gerald Lindlbauer: [03:56 – 04:21] Decision makers should focus not just on technical defenses, but on integrated governance. Aligning information security, quality, and supply chain performance. Embedding cybersecurity into the entire value stream ensures both compliance and resilience, key pillars of aerospace trust and competitiveness.

Susan Matson: [04:23 – 04:30] Actively protecting yourself really is critical, but what are the steps that people can take to protect themselves and the organization?

Gerald Lindlbauer: [04:31 – 05:18] For example, using strong unique passwords, multi-factor authentication, be cautious with emails and links, keep devices updated, and backup important data. Organizations should also implement structured processes like the ISO IEC 27001, which provides a framework for managing information security systematically. Certification shows that an organization follows best practices, manages risks, trains staff, monitors system, and continuously improves. Cybersecurity practices are embedded within the ISO 27001 as part of protecting digital assets.

Susan Matson: [05:20 – 05:25] Now that sounds like a solid foundation for building a security conscious organization.

Gerald Lindlbauer: [05:27 – 05:35] Exactly. It gives everyone a clear roadmap to follow and reassures customers and partners that security is taken seriously.

Susan Matson: [05:37 – 05:59] Humans are really the first line of defense, right? This is more than just following some instructions. It's really about creating a culture. Why is cultivating that strong security culture among employees and suppliers critical for our organization, for the aerospace organizations.

Gerald Lindlbauer: [06:01 – 06:20] Yes, cultivating a strong security culture is critical. Employees must understand their role in protecting information, be aware of potential threats, and know how to respond appropriately. Training and awareness programs reinforce good habits and reduce risk.

Susan Matson: [06:22 – 06:36] Let's talk a little bit about tomorrow and those future challenges. So, Gerald, can you walk our listeners and me, for that matter, through some of the practical next steps someone can take to strengthen their information security practices?

Gerald Lindlbauer: [06:37 – 07:29] Well, the IAQG Supply Chain Management Handbook, the SCMH, provides several information security awareness models that are very helpful for building practical knowledge. These include a guidance for decision makers for especially small and medium-sized businesses. Fast track of information security, email security, internet and online tools, malicious software, mobile security, and office security. These modules support understanding of key principles, help recognize potential threats, and teach appropriate responses. By going through them, listeners may be or will be better equipped to make informed security decisions both at work and in their personal lives.

Susan Matson: [07:31 – 07:39] What future challenges do you foresee for information security in the supply chain and how should organizations prepare for them?

Gerald Lindlbauer: [07:41 – 08:03] The aerospace industry's next evolution will depend on trust, transparency, and digital resilience. Organizations that integrate information security into quality supply chain and business excellence systems rather than treating it as a standalone function will be the best positions to succeed.

Susan Matson: [08:03 – 08:09] What should organizations do to monitor supplier compliance and manage that risk?

Gerald Lindlbauer: [08:10 – 09:35] As a next step it's important to stay informed about emerging technologies and tools that can help organizations monitor and protect information. Artificial intelligence or AI is starting to play a role in certain security processes, offering potential benefits in threat detection and system monitoring. Exploring these tools can be part of ongoing improvement. To manage supplier risk effectively, aerospace organizations should integrate these platforms rather than use them in isolation like the IAQG OASIS for certification oversight, apply the SCMH guidance for process maturity and best practices, and then align information security controls with frameworks such as the National Institute of Standards and Technology, the NIST, the Cybersecurity Framework, CSF, or the European Union Agency for Cybersecurity, ENISA. leverage collaborative platforms like ExoStar, Jostka, or Trace for secure data exchange and compliance monitoring. Together, these tools enable a holistic risk management ecosystem, combining quality, compliance, and cybersecurity into one sustainable framework.

Susan Matson: [09:36 – 09:40] Wow. Thank you, Gerald. A very short, brief, but enlightening conversation.

Gerald Lindlbauer: [09:41 – 09:45] Thanks for having me. Stay secure and make informed decisions every day.

Susan Matson: [09:46 – 10:16] Absolutely. You just said it. This conversation really is about reminding all of us that our information is shared responsibility. We do need to stay aware and follow the best practices that you listed. And we'll share some of those notes in the show notes so everyone knows where to find them on the SCMH. And also, make use of the available awareness modules for strengthening your knowledge. Thank you. This is Susan Matson, and you have been listening to The Quality Horizon. Until next time, stay safe.