Some argue the only way fully autonomous driving can succeed at scale is if every car on the road connects to a master control system that knows the speed and position of every vehicle on its grid, making sure unexpected surprises don’t turn into massive traffic jams at best or horrible multi-vehicle collisions at worst.
Then a hacker worms their way into the master control system and begins pushing virtual buttons and pulling virtual wires.
The automotive industry will not likely face that potential disaster in the foreseeable future, but it does represent the sort of caution auto manufacturers need to consider in the face of rising connectivity. It’s the sort of long-term concern that in Rockwell Automation’s latest State of Smart Manufacturing: Automotive Edition report caused cybersecurity to catapult to the number one barrier for growth perceived by automotive manufacturers.
Cybersecurity wasn’t even present on the top five list for automotive in 2023 and ranked only ninth in the general State of Smart Manufacturing report released at the end of March. Recent industry-specific cyberattacks and the sort of nightmare scenario sketched above create the sense of urgency to address the issue.
High Profile Attacks and Regulation
The manufacturing sector, as even the most casual cybersecurity observer knows, presents one of cybercriminals’ most attractive and lucrative targets. The talking points, repeated ad nauseum among experts (and reporters that cover them) include the sector’s collective lack of tolerance for pauses in production and therefore increased willingness compared to other economic sectors to pay ransom demands.
Automotive manufacturing therefore exists within a bubble of heightened cybersecurity alert to begin with. Industry-specific concerns over the last 18 months haven’t assuaged concerns.
Last year, Nissan suffered a consumer data breach through a third-party vendor and Ferrari faced a ransom demand following the theft of client contact details. This January, cyberattackers claimed to have stolen 3 TB worth of data from Hyundai Motor Europe, and in February, German battery manufacturer Varta, which supplies the automotive, consumer and industrial sectors suffered production disruption at five plants due to a cyberattack.
While not directly tied to manufacturing, according to BleepingComputer, CDK Global, a software-as-a-service provider for car dealerships is currently suffering from a massive cyberattack. CDK software ties into financing, inventory, support and service and plain-old office administration among other functions. CDK Global took down its systems in response to the cyberattack, leaving over 15,000 car dealerships unable to operate.
All of these attacks play into the automotive industry’s concerted attention on cybersecurity, says Brian Denken, commercial manager for networks and cybersecurity services, North America, at Rockwell Automation.
“These incidents, coupled with new regulations like the EU Cyber Resilience Act and updated NHTSA [National Highway Traffic Safety Administration] guidelines, and evolving standards like NIS2 in Europe and the new SEC Cybersecurity Disclosure Requirements, garner attention from the Board of Directors and investors and have pushed cybersecurity to the forefront of industry concerns,” Denken says.
Widening Attack Surfaces Increase Vulnerabilities
Potential cyberattacks in plants represent the tip of the iceberg for automotive manufacturing. Vehicle subscription services require users to share personally identifiable information. 3Software databases connect with vehicles and services to share data like VIN numbers and manufacturing details. EV charging stations hypothetically could serve as attack surfaces. Fleet management software taps into numerous vehicles simultaneously.
The increasing connectivity between vehicles provides the largest concern for auto manufacturers, says Denken.
“We’re looking at multiple types of connectivity—vehicle-to-cloud for services like navigation, vehicle-to-infrastructure for traffic management and vehicle-to-vehicle for safety communications. Each connection point expands the attack surface and presents unique security challenges that we must address to ensure safe and reliable vehicle operations,” he says.
The sheer amount of data exchanged over these networks also makes an attractive target for cybercriminals.
“This includes personal data from drivers, operational data from vehicle systems, communication data exchanged with external entities and charging data for electric vehicles. Ensuring the security of this information is vital to prevent fraud, maintain vehicle performance and safeguard user privacy. This requires advanced encryption, secure communication protocols, and continuous monitoring,” Denken says.
Plant Cybersecurity Still Really Matters
Focusing too much on the specifics of vehicle connectivity risks losing track of the degree to which automotive plants, some of the most networked plants in heavy industry, also face increasing cybersecurity risks.
According to Rockwell’s survey, at least 81% of all respondents have adopted or plan to adopt networking hardware, industrial computers, connected devices and sensors and instruments. That’s one, giant web of attack surface spread across the plant floor.
According to the survey, 84% of respondents have adopted or plan to adopt production monitoring software and quality management systems. If hackers batter down plant cybersecurity measures, these all-encompassing systems become vulnerable to manipulation.
“Every device anymore, even sensors and instrumentation, are connected to other devices throughout the environment, even all the way to the [enterprise level]. It used to be that we could ignore such simple devices as sensors or instruments, but not anymore. Sophisticated attack methods allow bad actors to target such devices and move laterally, gain deeper access, encrypt, exploit and infiltrate further into the network through unprotected and improperly segmented devices,” says Denken.
You can download the full State of Smart Manufacturing Report 2024: Automotive Edition report from the Rockwell website.
