The automotive sector has special resilience needs, given the wide number of suppliers and vendors required to make ever-more technologically advanced vehicles. A recent spate of cyberattacks on automobile giants shows this all too keenly – and at a time of year when demand for new cars is at its strongest.
What makes the cyber-attacks on automative makers especially concerning is the dual and simultaneous impact that it can have on both the sector’s manufacturing and retail operations, demonstrating how deeply interconnected IT and operational technology (OT) systems have become across modern automotive enterprises. Recent years have seen the automotive industry make remarkable strides in digitisation and, in any other situation, this would not be a problem. Cloud-based systems drive customer relationship management and advanced analytics optimise supply chains, while connected OT environments deliver efficiency on the production floor.
Unfortunately, this interconnectedness can inadvertently create a fragile ecosystem where an attack on one system can cascade into full operational paralysis – a salutary lesson for automotive manufacturers on the important role of resilience planning in data protection. A ransomware infection or intrusion into factory control systems may not steal sensitive information, but it can stop the assembly line cold. This can be every bit as damaging as a breach of intellectual property or customer records.
Changing views on automotive cybersecurity
Too often, cybersecurity is still treated as an IT line item in a budget or compliance policy rather than a core business risk. Instead, it must be integrated into enterprise risk management frameworks and aligned directly with business continuity planning.
This necessitates thinking of defence in layers. Preventive measures are mandatory and must include non-negotiable elements such as access controls, multi-factor authentication, and network segmentation. Defences must also include continuous monitoring across IT and OT environments, and most importantly, rapid incident detection and response using tried-and-tested strategies.
Automotive manufacturers also need to widen the aperture beyond the manufacturer itself to ensure complete security across the entire supply chain. This is vital. Automotive production relies on complex, globally distributed supply chains that are increasingly digitised and interdependent. A cyber event at a Tier 1 supplier, logistics provider, or dealership network can ripple across the ecosystem with comparable effect.
Resilience within these ecosystems also requires industry-wide collaboration and proactive threat intelligence sharing, not to mention greater visibility of digital supply chains. Coordinated recovery planning must also be agreed with key partners to fully understand and prevent similar events.
Immediate priorities for automotive cybersecurity
The automotive industry has a huge task on its hands. It needs to re-examine security postures, ensure effective business continuity planning, and validate crisis response playbooks. Bluntly, automotive executives should evaluate their preparedness by asking how quickly their firms can resume operations if their core systems fail. They must also ascertain whether the company has adequate visibility into its OT environments, beyond IT infrastructure, as well as if their incident response teams are actually capable of dealing with a breach that has consequences for manufacturing plants, supply chains and customer systems. The answers to these questions will distinguish organisations ready for future disruptions from those that are not.
Automotive cybersecurity can no longer be only about compliance or technical hygiene – it must include protecting the very ability to manufacture and deliver vehicles. After all, effective attacks don’t need to involve stolen data to cause damage. When production stops, revenue also dries up, leading to potential reputational damage and strained customer relations.
Automotive cyber incidents are a wake-up call across the automotive sector. Clearly, cybersecurity is no longer simply a task that a beleaguered IT department can quietly perform. Rather, it is a core business risk that must be managed at the highest levels of leadership. By embedding resilience into every layer of operations and across the supply chain, the industry can safeguard its future against the rising tide of cyber threats.
Lorri Janssen-Anessi is BlueVoyant’s director of external cyber assessments
Read more: Cloud intrusions have skyrocketed. CISOs should wise up.
