A single vehicle is estimated to comprise around 30,000 parts—from the smallest nuts, bolts and software chips to major components, smart systems, infotainment, services, and more. The development and integration of all these hardware and software parts has become increasingly digital and interconnected. This increases the attack surface that cyber criminals can target. Any disruption for any provider can have a debilitating impact across the production ecosystem.
The risks facing a digitised production ecosystem
The demand for digitised production is unlikely to slow. If anything, it will become even more complex as manufacturers and suppliers turn to digital solutions for building their digital systems. According to a 2023 Deloitte report, automotive manufacturers plan to focus on a range of smart technologies to increase operational efficiencies over the next 12 months, from robotics automation to AI.
It’s worth bearing in mind that even the most sophisticated attacks can begin very simply
Every provider is a potential access point to the entire ecosystem. It’s not just the larger providers that are at risk. Smaller suppliers and manufacturers can be an attractive option for attackers who may perceive them to be a ‘soft’ target with outdated or under-protected IT systems.
Cyber threats, from ransomware to DDoS (Distributed Denial of Service) attacks, target manufacturers and their suppliers. And targets can be hit repeatedly. For example, last year it was reported that US automotive supplier Nichirin-Flex experienced several ransomware attacks over a period of two weeks, involving three different gangs. The attackers exploited a firewall misconfiguration and went on to encrypt systems and exfiltrate data, causing severe disruption and forcing the company to switch to manual production and shipping.
It’s worth bearing in mind that even the most sophisticated attacks can begin very simply. Most cyber attacks start with an email. These can include phishing attacks that try to capture account access credentials or deliver booby-trapped attachments that contain malware. It can be hard for traditional security gateways to detect and block such attacks as they become increasingly convincing.
If an incident isn’t fully neutralised, malware can remain dormant in an infected system or attackers can install a backdoor that enables them to return at will. This raises the worrying prospect of malware activated in vehicles once they are on the road, or impacting the cyber-physical systems of manufacturing robotics, both of which—in extreme case—could pose a risk to life.
Hardening defences with a multi-layered approach
The best strategy for protection is a multi-layered approach that combines cutting-edge security technologies with user education and secure access and authentication policies. Email security should be a priority, with effective password policies and security software that leverages AI-based detection for identifying complex threats. Awareness training will help employees to spot and report any suspicious messages. Robust authentication and user access policies are another priority. At a minimum, multi-factor authentication (MFA) should be implemented, while adopting ‘Zero Trust’ measures will provide an additional layer of protection preventing attackers from navigating through the network, even if they gain access.
With more IoT and operation technology (OT) devices in use, visibility is key. Companies must keep sight of all devices being connected and disconnected from the network so that they can determine vulnerabilities or weak points in the network. It’s also important to investigate vulnerabilities and outdated components within connected devices, or the underpinning hardware and software and regularly update all software assets with the latest security patches.
As manufacturing and production processes become smarter and the supply chain more complex, the risks are also increasing. It’s as important to have measures in place for incident response as it is for attack prevention. Knowing how to respond to and mitigate an incident can significantly reduce the impact of any attack and help to ensure a seamless recovery with minimal disruption. This can avoid an incident becoming a crisis which has ripples across the supply chain.
About the author: Paul Drake is Vice President UK and Ireland at Barracuda