Risk Evolves Logo Need help now?

Automotive Cyber Threat: Is the supply chain over the speed limit?

Imagine hurtling down the road, only to have your brakes suddenly disabled through a cyberattack. The once seamless integration of technology in your car has now become a vulnerability. This chilling scenario is no longer science fiction – it’s the new reality of the automotive industry, where the intricate web of the supply chain is facing unprecedented cyber threats.

Navigating the Automotive Cyber Threat Landscape

The modern family car is no longer a simple vehicle that provides the means for us to get from point A to point B. Long drives in the country are no longer ruined by having to crank windows up and down depending on the weather (for those of us that remember doing this). The modern car is a rolling computer. The rise of ‘intelligent’ vehicles equipped with everything from entertainment systems, electronic charging, hybrid engines and digital mapping has opened a world of cyber threats, ranging from vehicle tracking to remote vehicle control. Each component within these rolling IT systems requires a vast supply chain to ensure that they can get off the manufacturing line and onto the road.

Cyber Threats to the Automotive Industry

The automotive cyber threat is a critical aspect of our interconnected world, impacting not just personal vehicles but the entire supply chain. In the era of intelligent vehicles and autonomous driving capabilities, the complexity of software and hardware raises concerns about cyber threats. Between 2021 and 2022, global cyber-attacks on the automotive industry rose by 32%, and this trend is expected to continue in 2024. Resilinc, a global leader in supply chain assurance, has already stated that 255 attacks have occurred within the automotive industry in 2024. This number will have increased by the time you read this.

A prime example of how serious the cyber threat is to the industry, is the 2022 Toyota supplier cyber-attack, costing around $375 million and halted operations across 14 factories[1 & 2]. Similarly, a 2023 Tesla incident compromised the data of 75-100k employees[3]. The vulnerabilities extend beyond manufacturing; the data collected by modern cars, from drivers’ behaviour to location, has become a target for cyber-criminals.

Compromising Automotive Security: Weak Links in the Chain

It’s not only the supply chains that construct our vehicles, but also the additional components or systems that are integrated into the car after its initial assembly. The modern car collects data, this may sound strange, but it is true. This data can range from drivers’ behaviour, to where you are in the world. Some insurers will offer cheaper car insurance to place a small box (Telematics) in your vehicle that monitors how you drive. This is a treasure trove of data and has become extremely interesting to the cyber-criminal who seek to exploit personal data, so ensuring data privacy measures is key.

To build a single car, as you can imagine, the supply chain is massive, where the component parts of the car you drive are derived from a number of sources. This brings with it challenges. One, just one, third party supplier, or weak link in the chain can compromise the security of the entire system, not only within the car you are driving, but across a network of them, and as with any form of manufacturing, a break in the supply chain can have butterfly effect consequences.

Turning Point: Automotive Industry Leaders’ Concerns

The automotive industry is at a turning point. Advances in technology coupled with the advancement in the cyber-criminal must be considered. Two thirds of automotive industry leaders believe that the automotive supply chain is at risk[4], I do wonder what the other third are doing to believe they are not?

July 2024 will see the implementation of EU General Safety Regulation, which although has been around since 2022, will be enforced on new vehicles from 7th July this year, and let’s be honest, we as a country like driving European vehicles. This new enforcement is to provide a cyber security management system for new vehicle with harsh penalties for those that do not meet the standard.

Hope Amidst Challenges: Navigating Compliance Standards

Despite the challenges, there’s hope. Various standards exist to address cybersecurity concerns, and as outlined in our 2023 Blog, What are the Compliance Challenges Facing the Automotive Sector?, there are solutions to ensure a secure journey in the automotive industry. Whether it’s meeting ISO27001 requirements or advancing your ISO21434 or TISAX goals, Risk Evolves is your partner in navigating and mitigating automotive cyber threats.

Risk Evolves: Your Partner for Automotive Security

We’ll take your unique requirements and provide you with straightforward and concise solutions, outlining exactly what is needed.
Let us help you in driving to a successful future, being in your passenger seat every step of the way. 

Contact our experts for a no-obligation discussion. Don't wait, safeguard your automotive journey today!

Get in Touch01926 800710
[1] Toyota supplier cyberattack shows big vulnerability that small firms bring | Reuters
[2] Toyota to close Japanese factories after suspected cyber-attack – BBC News
[3] Report: ‘massive’ Tesla leak reveals data breaches, thousands of safety complaints | Tesla | The Guardian
[4] Automotive supply chain vulnerable to attack as cybersecurity regulation looms | CSO Online
492 Views
Share :
Tags :,   ,   

MD for Risk Evolves, Helen has worked in the IT industry since 1986. Helen is a leader in the areas of risk management and operational improvement, and works with companies in senior governance, risk and compliance roles. She is a member of the British Standards Institute and is a member of the BSI Committee creating a new guidance standard to assist organisations on how to become cyber resilient. Helen and the team at Risk Evolves work with organisations to improve their resilience through stronger process implementation and better communication and education of staff.

Related Post
  • 28 March 2024

Cyber Essentials Price Increase – Is It Still

  • 8 February 2024

Trello Data Leak: Millions Affected! Protect Yourself Now

  • 1 February 2024

Cybersecurity’s Secret Weapon? Mums! My Unexpected Career Change

  • 30 January 2024

Certify Safe, Not Sorry: Avoid Cyber Essentials Certification

  • 21 September 2023

Enhancing Cyber Security with MyNCSC Toolbox