How the Automotive Industry Confronts Growing Cyber Attacks

March 5, 2024
Tim Bailey of Rockwell Automation shares insights into how automotive manufacturers and suppliers are dealing with plant floor cybersecurity issues and the lessons learned there that can be applied by all manufacturers.

The World Economic Forum reported in early 2024 that cyberattacks on the manufacturing industries increased by 15% in Q3 2023 over the previous quarter. This is notable not just for the double digit increase in attacks, but considering that, in 2022, manufacturing had the highest share of cyber-attacks among industries worldwide.

As a leader in the adoption of new plant floor automation technologies, as well as the implementation of connected systems in its products, the automotive industry often finds itself in the crosshairs of global cyber criminals.

To learn more about how the automotive industry is facing its particular cybersecurity challenges amid its continuing adoption of new plant floor technologies, Automation World connected with Tim Bailey, team lead of global automotive technical consultants at Rockwell Automation. While the focus of our discussion was on the automotive industry and its suppliers, the insights Bailey shared are useful to manufacturers across industry. 

Q: What specific manufacturing technologies do you see being most deployed today by manufacturers in the automotive industry?

Bailey: The automotive industry has been hit hard in the past few years by supply chain disruptions, chip shortages and heightened cyberattacks. Yet, even before these challenges, they were long burdened by the trade-off between quality and profit. Now, they are finding solace in smart manufacturing. The integrated approach smart manufacturing provides seamlessly combines production monitoring, quality management and manufacturing execution systems (MES) to create a well-oiled machine of efficiency. Smart manufacturing technology grants access to real-time data, guiding production and enabling the resolution of quality issues before they disrupt operations. Leading manufacturers are embracing this pragmatic approach to optimize costs and boost profitability, all without compromising quality or customer data.

Q: What is it about these smart manufacturing initiatives that open the door to new attack vectors on manufacturers?    

Bailey: With the adoption of smart manufacturing, organizations are experiencing a surge in integrated connectivity and increasingly open communication between information technology (IT) and operations technology (OT). This increased interconnectedness expands the attack surface,     exposing some previously isolated systems to the internet for the first time. Plus, many legacy technologies are not equipped to handle such exposure.

Q: Which aspects of this are of most critical concern to automotive manufacturers?

Bailey: The automotive industry's once-isolated systems are now vulnerable to cyberattacks due to outdated OT security measures. Unpatched software and sluggish response protocols in newly connected systems can also create gaps for hackers to exploit. 

Q: For years now there’s been huge growth in software and firmware to help industry deal with growing cybersecurity issues, which has been great on one hand and potentially confusing on the other. How do you advise manufacturers to best approach and analyze their cybersecurity needs?

Bailey: Automotive manufacturers face unique cybersecurity challenges as the lines between OT and IT blur and reduced/consolidated data silos unlock the potential for streamlined processes while also attracting the attention of increasingly sophisticated threat actors. To effectively avoid becoming an easy target, manufacturers must develop a comprehensive cybersecurity plan that is grounded in a deep understanding of the organization's specific risks and vulnerabilities. This plan should encompass a holistic approach to security and include a risk management component that provides an analysis of potential risks that may impact the organization. This proactive approach makes it possible for manufacturers to identify and analyze potential risk before it occurs.

Q: Are there common mistakes you see manufacturers continuing to make when it comes to cybersecurity and how can they be avoided?

Bailey: As with many industries, automotive manufacturers lack a proactive approach to cybersecurity. A great place for organizations to begin developing their proactive approach is the NIST Cybersecurity Framework, which includes best practices and guidelines to help organizations manage cybersecurity risk. The NIST framework includes several key guidelines that can benefit industry, including:

  • Asset inventory and risk assessment: A thorough inventory and risk assessment can help guide security teams toward the most important fixes before malicious actors can exploit any glaring weaknesses.
  • Patch management: Manufacturers need patching processes that minimize downtime—most prefer an infrastructure-as-a-service approach due to its minimal disruption. 
  • Logical network zoning: Establishing a proven reference architecture such as Converged Plantwide Ethernet can provide automakers with a solid foundation for proper network segmentation to prevent the lateral movement of cyberattacks. 
  • Continuous threat detection and response: Establishing a clear response plan to cyberattacks within complex networks with IT/OT convergence can be tricky but is critical. 

Q: Based on your work with the automotive industry, are there lessons to be learned from how they’re addressing cybersecurity threats that can be of value across industry?

Bailey: Some of the most basic principles of security are the most valuable. The most important is to make yourself a hard target. Those manufacturers that have been impacted many times are those who have not applied the tools and knowledge they already have at their disposal. They made themselves an easy target. Getting help where you need it and applying the principle of defense in depth are time proven.

Links for further reading on industrial cybersecurity:

About the Author

David Greenfield, editor in chief | Director of Content

David Greenfield joined Automation World in June 2011. Bringing a wealth of industry knowledge and media experience to his position, David’s contributions can be found in AW’s print and online editions and custom projects. He is also the chief program architect of the annual Automation World Conference & Expo. Earlier in his career, David was Editorial Director of Design News at UBM Electronics, and prior to joining UBM, he was Editorial Director of Control Engineering at Reed Business Information, where he also worked on Manufacturing Business Technology as Publisher. 

Sponsored Recommendations

Why Go Beyond Traditional HMI/SCADA

Traditional HMI/SCADAs are being reinvented with today's growing dependence on mobile technology. Discover how AVEVA is implementing this software into your everyday devices to...

4 Reasons to move to a subscription model for your HMI/SCADA

Software-as-a-service (SaaS) gives you the technical and financial ability to respond to the changing market and provides efficient control across your entire enterprise—not just...

Is your HMI stuck in the stone age?

What happens when you adopt modern HMI solutions? Learn more about the future of operations control with these six modern HMI must-haves to help you turbocharge operator efficiency...