The cyber attack on Jaguar Land Rover (JLR) sent shockwaves through the automotive industry. Incidents on this scale are becoming more common because the digitisation of industrial facilities has left operational technologies exposed to new threats. Jon Connet, the Chief Product Officer at SaaS-based IoT connectivity solutions provider, Aeris, explores the complexities manufacturers now face, and what can be done to prevent and mitigate future attacks.
Reports indicate that JLR was hit by a ransomware attack that shut production down for five weeks. This would imply that the breach made it as far as the factory floor. Which raises serious questions about how malicious actors can gain a foothold inside a major facility. Another major issue is the fact that manufacturers like JLR operate on a ‘Just in Time’ (JIT) basis to drive down costs and maintain efficiencies. This reduces inventory because a component can be delivered within hours of it being applied to a vehicle. It’s a perfect model for making luxury cars built to the buyer’s specification. But it’s a system that requires substantial digitization across the entire assembly line, which has transformed manufacturing plants into hyper-connected environments, linked to complex supply chains and ordering systems. This has created new attack surfaces that dramatically increase the security risks for manufacturing and huge ripple effects for supply chains, especially if a data breach happens inside the facility.
Exposing the flaws in onsite security
Automotive assembly lines are powered by what is referred to as ‘operational technology’ or OT systems that support everything from robots to workstations, conveyor belts and quality control systems. OT systems interface with almost every aspect of factory floor operations, which are becoming more sophisticated by the day. Workstations and terminals and the cars are connected via fixed line, Wi-Fi and cellular connections. The cars themselves are installed with cellular modems. The robots assembling the cars potentially have fixed or cellular connections back to the automation vendor. This mix of IOT and OT technologies and connections are creating an ever-expanding attack surface, like a balloon that is getting bigger, until someone pops it with a pin.
The boundary lines between OT systems and IT have become increasingly blurred over the last decade and in that time OT security has not kept pace with IT security. Businesses have prioritised the protection of their digital assets, but they’re only just now waking up to the risks to their cyber-physical assets. The current factory floor systems are mainly passive tools and they’re not extensive enough to cover every device, programmable logic controller or router spread across the site. In the wake of JLR, businesses should be auditing their environments to assess just how exposed their facilities and their supply chains are to this type of attack.
Why was the cost so high?
This comes back to the JIT model and JLR’s discrete manufacturing process that enables businesses to produce custom-made products with low inventory and overhead. That entire process is designed to operate on a precise model where parts are delivered the moment they’re needed. This involves vast and complex supply chains, involving companies that span the automotive ecosystem, that depend on the assembly line being up and running. The moment you halt production that has a serious knock-on effect on the network of suppliers.
The manufacturer cannot afford to have a production line standing idle, the cost to the business is enormous. Those fixed costs amplified through other suppliers in the supply chain who will also lose out because they will have stock they cannot deliver. The entire ecosystem is left in financial limbo. In the meantime, customer orders are not being fulfilled, and goods are not being sold. That doesn’t even account for regulatory fines that might be incurred. It’s a huge crisis and we’re seeing the ripple effects now with billions of pounds being lost as a result.
What lessons can be learned from the JLR incident?
It’s time to reflect. Particularly CISOs and CSOs responsible for industrial facilities. They’re going to be asked all sorts of difficult questions by the board and other stakeholders about their organisation’s susceptibility to attacks of this nature. It all comes back to the blurring of lines between OT and IT security. There was a time when factories were air gapped from branch offices or corporate headquarters. That is no longer the case. The convergence of IT and OT – the digitization of the factory and the move to cloud architectures to manage suppliers, vendors and the broader tech stack – have led to all areas of the business and operations, including manufacturing, becoming interconnected; increasing the risk of attacks on physical assets.
We now face a new reality of cyber-physical risks that impact machines, production lines and people. The risks are only going to escalate as manufacturing and other industrial processes become more sophisticated with the introduction of AI and other technologies. Security teams will need to bridge the gap between IT and OT security. This is to prevent malicious actors getting inside OT systems that can cripple production lines and paralyse supply chains. They need to treat cybersecurity much more holistically. The entry point for a hacker is no longer just a server, a laptop or a smartphone, it’s an entire factory, a fleet of connected cars or IOT devices deployed all over the world. Companies need to have full visibility across that footprint. Machines and devices behave in accordance with their role and their programming. Real-time monitoring allows you to spot unusual behaviour patterns that might indicate a breach or someone tampering with a device. Otherwise, companies will be left completely blind to what is happening, until it’s too late.
Author biography:
Jon Connet is Chief Product Officer at SaaS-based IoT connectivity solutions provider Aeris, where he is driving cybersecurity initiatives, SaaS transformation and global carrier expansion for the company’s market-leading IoT Connectivity Management Platform. Previously, Jon was Chief Strategy Officer at Forescout Technologies, a company specialising in IoT Network Access Control, and held various senior leadership roles at Symantec.
