The most dangerous defect in your plant isn't dimensional. It's the unpatched HMI on your coordinate measuring machine — the one sitting on a flat network, running a Windows build from 2019, that nobody in quality has ever thought to inspect. I can walk into any aerospace facility in North America and find it within twenty minutes. Not because I'm clever. Because I'm looking where quality engineers are trained not to.

Cybersecurity is a quality failure mode, not an IT problem

Those of us straddling both worlds have been arguing this for a while, and the pressure is now visible in the trade press: cybersecurity expectations are being folded into aerospace quality management, and most plants are structurally unprepared. We spent two decades building quality systems that assume the integrity of electronic records, digital traceability, and supplier data feeds. Nobody asked what happens when the infrastructure carrying that data is compromised.

A cybersecurity breach in a manufacturing plant is not an IT incident. It is a quality system failure. When ransomware locks the server holding your electronic device history records, your traceability doesn't degrade gracefully — it collapses. When someone alters a measurement result in a networked CMM database, your certificate of conformity becomes a lie printed on company letterhead. And when a supplier portal credential is phished, you have an uncontrolled change to your incoming material process: no 8D, no PFMEA update, no containment.

AS9100 has always required control of records. It has always required data integrity. What is changing is that auditors are beginning to understand that "control" means more than locked cabinets and a password policy drafted by someone who left the company in 2017.

Three control gaps I find in every aerospace plant

I hold a CEH certification, and I'm listed on T-Mobile's public bug-bounty Hall of Fame for a clickjacking vulnerability I found and disclosed responsibly. That work changed what I look for on a factory floor. Spend enough time thinking like an attacker — probing assumptions, testing boundaries, looking for the path of least resistance — and you start seeing the same class of unexamined vulnerabilities that plague web applications, replicated in operational technology where the stakes are dimensional tolerances and airworthiness.

Every plant I walk through — tier-one supplier or OEM final assembly — has the same three gaps:

  • Unsegmented OT networks. The flat network where the CMM talks to the ERP talks to the HVAC talks to the visitor Wi-Fi. No VLAN segmentation, no access control lists, no monitoring. Touch any node, own the entire estate.
  • Default credentials on inspection equipment. The CMM, the leak tester, the torque wrench calibration station — all shipped with admin/admin or vendor-default passwords that were never changed because "it's not connected to the internet." Except it is, through six hops nobody mapped.
  • Supplier portals with no quality-driven access governance. The EDI feed, the PPAP submission portal, the nonconformance tracking system — all administered by IT account managers who have never heard of AS9100. Quality has no say in who gets access, what they can modify, or what happens when a supplier credential is compromised.

A red-team mindset for PFMEA

This is where the two professions converge. When I found the T-Mobile vulnerability, I didn't read their source code. I understood how the system was supposed to behave, then asked: what if someone interacts with it in a way the designers never imagined? That question now drives every PFMEA review I run.

A cybersecurity-informed PFMEA surfaces failure modes that traditional process FMEA ignores. A tampered calibration database invalidates every measurement taken since the last calibration event. A 72-hour MES outage destroys your ability to reconstruct a device history record for an in-flight investigation. A supplier portal accessed with stolen credentials means every lot accepted under that account in the last twelve months is now suspect.

These are failure modes. They have severity, occurrence, and detection scores like any other process risk. Most quality teams score occurrence as "1" because they have never assessed the attack surface, and detection as "2" because they assume the firewall will tell them. Both numbers are almost always fiction.

I run routing verification KPIs at Airbus that cut internal lead time by 97%. That same discipline — verifying that every step in a process actually performs as documented — applies to OT security. You don't assume the network is segmented. You verify it. You don't assume the CMM credentials were changed at commissioning. You verify it. You don't assume the supplier portal enforces role-based access. You verify it.

Quality management and ethical hacking are the same discipline — you find how the system fails before someone else does it for you.

The auditor is learning. Are you?

AS9100 revision cycles are moving toward explicit cybersecurity expectations. Auditors are getting trained. The questions are shifting — not "do you have a password policy" but "show me how you ensure the integrity of electronic records across your inspection equipment network." Different question. Different answer required.

I delivered a 50% reduction in EASA audit findings in a single cycle, and clean external audits consistently since. The pattern never changes: plants that pass comfortably are the ones that treated cybersecurity as a quality control issue eighteen months before the audit, not three weeks after the booking confirmation.

Key takeaways

  • Treat every networked inspection device as a PFMEA failure mode with its own severity, occurrence, and detection scoring — not as an IT asset outside quality governance.
  • Walk your OT network with your IT team and physically verify segmentation, credential hygiene, and port exposure on at least one CMM, leak tester, and calibration station. What you find will not be encouraging.
  • Demand quality-driven access governance for every supplier portal that feeds material acceptance, PPAP, or nonconformance data — IT alone cannot assess the conformity risk.
  • Prepare your AS9100 audit responses around records integrity questions, not password policy questions. The auditors have moved; your documentation needs to catch up.

The quality directors who will struggle in the next two audit cycles are the ones who still believe network security is someone else's perimeter problem. It isn't a perimeter. It is a process input, a records infrastructure, and a conformity risk sitting inside your own quality system. When your electronic DHR becomes unreliable because someone in a different country found the same default password your integrator installed three years ago and never changed, your quality system hasn't been hacked. It has failed — on your watch, under your standard, with your signature on the audit report that said everything was under control.