Navigating the Automotive Cyber Threat Landscape
Cyber Threats to the Automotive Industry
The automotive cyber threat is a critical aspect of our interconnected world, impacting not just personal vehicles but the entire supply chain. In the era of intelligent vehicles and autonomous driving capabilities, the complexity of software and hardware raises concerns about cyber threats. Between 2021 and 2022, global cyber-attacks on the automotive industry rose by 32%, and this trend is expected to continue in 2024. Resilinc, a global leader in supply chain assurance, has already stated that 255 attacks have occurred within the automotive industry in 2024. This number will have increased by the time you read this.
A prime example of how serious the cyber threat is to the industry, is the 2022 Toyota supplier cyber-attack, costing around $375 million and halted operations across 14 factories[1 & 2]. Similarly, a 2023 Tesla incident compromised the data of 75-100k employees[3]. The vulnerabilities extend beyond manufacturing; the data collected by modern cars, from drivers’ behaviour to location, has become a target for cyber-criminals.
Compromising Automotive Security: Weak Links in the Chain
It’s not only the supply chains that construct our vehicles, but also the additional components or systems that are integrated into the car after its initial assembly. The modern car collects data, this may sound strange, but it is true. This data can range from drivers’ behaviour, to where you are in the world. Some insurers will offer cheaper car insurance to place a small box (Telematics) in your vehicle that monitors how you drive. This is a treasure trove of data and has become extremely interesting to the cyber-criminal who seek to exploit personal data, so ensuring data privacy measures is key.
To build a single car, as you can imagine, the supply chain is massive, where the component parts of the car you drive are derived from a number of sources. This brings with it challenges. One, just one, third party supplier, or weak link in the chain can compromise the security of the entire system, not only within the car you are driving, but across a network of them, and as with any form of manufacturing, a break in the supply chain can have butterfly effect consequences.
Turning Point: Automotive Industry Leaders’ Concerns
The automotive industry is at a turning point. Advances in technology coupled with the advancement in the cyber-criminal must be considered. Two thirds of automotive industry leaders believe that the automotive supply chain is at risk[4], I do wonder what the other third are doing to believe they are not?
July 2024 will see the implementation of EU General Safety Regulation, which although has been around since 2022, will be enforced on new vehicles from 7th July this year, and let’s be honest, we as a country like driving European vehicles. This new enforcement is to provide a cyber security management system for new vehicle with harsh penalties for those that do not meet the standard.
Hope Amidst Challenges: Navigating Compliance Standards
Despite the challenges, there’s hope. Various standards exist to address cybersecurity concerns, and as outlined in our 2023 Blog, What are the Compliance Challenges Facing the Automotive Sector?, there are solutions to ensure a secure journey in the automotive industry. Whether it’s meeting ISO27001 requirements or advancing your ISO21434 or TISAX goals, Risk Evolves is your partner in navigating and mitigating automotive cyber threats.
Risk Evolves: Your Partner for Automotive Security
We’ll take your unique requirements and provide you with straightforward and concise solutions, outlining exactly what is needed.
Let us help you in driving to a successful future, being in your passenger seat every step of the way.
Contact our experts for a no-obligation discussion. Don't wait, safeguard your automotive journey today!
Get in Touch01926 800710[2] Toyota to close Japanese factories after suspected cyber-attack – BBC News
[3] Report: ‘massive’ Tesla leak reveals data breaches, thousands of safety complaints | Tesla | The Guardian
[4] Automotive supply chain vulnerable to attack as cybersecurity regulation looms | CSO Online