Automotive Cybersecurity: How to Secure Products and Operational Technology

Automakers are large, complex organizations with valuable assets under management. They have significant cash flow, unique intellectual properties, and some of the world’s largest and most complex manufacturing facilities. On top of that, the products themselves are exactly the kind of high-ticket items criminals prefer to target.

It should come as no surprise cybercriminals continuously target every link in the automotive supply chain. The UK auto dealer Pendragon recently made headlines for one of the largest ransom demands ever made – £54 million (around $60 million USD).

Pendragon has confirmed that it continues to operate despite the attack. However, not all automotive industry enterprises are as well prepared.

The automotive industry has a unique cybersecurity risk profile. Unlike other major manufacturers, automakers must simultaneously secure their products alongside their operational technology and supply chain. This presents unique risks that simply don’t translate to other large-scale manufacturing enterprises.

For example, Honda announced a cybersecurity vulnerability in nine of its most popular models in May 2022. The vulnerability allows hackers to remote start vehicle engines by taking control of the car’s remote keyless entry system.

Most people focus on the security capabilities of the car itself, but this is only a small part of the picture. Cars are more connected than ever before, which means that cloud infrastructure security must also be part of the automakers security posture.

As the infrastructure to connect cars grows, the attack surface also grows. The more services and infrastructure automakers connect to vehicles, the more sensitive data becomes available to opportunistic cyberattackers who can monetize that data.

That infrastructure is now expanding to include electric vehicle charging stations. Internal combustion engines do not need to share any data with gas stations to get fuel. Electric vehicles have to share data with EV charging stations, which further expands the security landscape.

The final link in this chain is the manufacturing facility itself. Modern facilities are highly connected, sometimes with the same cloud-based services that individual vehicles connect to. That’s how manufacturers push firmware updates and new software to their cars directly. The supply chain isn’t limited to certified mechanics and dealerships anymore.

The convergence between information technology and operational technology is responsible for dramatic improvements in operational efficiency at automaker facilities. The ability to directly manage operational technology through cloud-enabled systems reduces costs, improves production, and simplifies management across the organization.

However, this convergence comes with risks. The energy industry was one of the pioneers of IT/OT convergence, and provides a wealth of data about its associated security risks. According to one study, 25% of energy companies reported weekly cyberattacks after implementing industry 4.0 technologies.

There is a simple reason behind this surge in cybercriminal activity. Greater connectivity means presenting a larger attack surface. If that surface is not secured adequately, attackers will find ways to exploit its vulnerabilities.

The auto industry is at the very beginning of its convergence initiative. Automakers are currently investing in sophisticated IT systems capable of managing OT workflows. However, if they do not secure these systems appropriately, they will expose themselves to preventable attacks.

The global auto industry is currently undergoing a period of digital transformation. There is a broad parallel between the changes happening today and ones that have already occurred in other industries.

For example, the mass-scale digitalization of finance happened decades ago. The cybersecurity strategy of the finance industry has been largely successful at adapting to new technologies and protecting users from widespread fraud and data exfiltration. This happened primarily because competing banks and financial institutions took the initiative to share threat intelligence and adopt a unified position against cybersecurity threats.

The automotive industry does not collaborate or share intelligence in this way. This isolates individual automakers and forces them to conduct their own intelligence. It’s likely this will have to change before the industry can earn consumers’ trust.

Automakers and their partners in the automotive supply chain must invest in securing new technological investments as they are made. The risks surrounding the auto industry are significant, but they are not insurmountable. There are several steps auto industry organizations can take right now to reduce cybersecurity risks moving forward.

BlackFog is a security vendor that provides ADX capabilities to automotive manufacturers and their partners. Find out how we can prevent cybercriminals from stealing data from your organization.