4 Common Cybersecurity Risks in Automotive Manufacturing

By Joe Agee, Leader, Global Network & Security Services, Rockwell Automation

Recent high-profile cyberattacks have put a spotlight on growing levels of cybersecurity risks in the automotive sector. The industry needs to quickly increase awareness of the current attack surface, often through the installed base of network assets, including machines and devices on plant floors.

Successful attacks create financial risks from ransomware shutdowns, data loss and expensive recovery processes. They also create physical safety risks on automotive plant floors and lengthy supply chain disruptions and can result in litigation.

Fortunately, every automotive manufacturer can take steps to close common cybersecurity gaps. And it’s much more cost-efficient to strengthen cyber resiliency up front than to allow high-priority, curable gaps to remain unresolved.

Here are four common installed-base vulnerabilities targeted by threat actors.

1. OT/ICS Network and Asset Security

Over the last decade, automotive manufacturers opened communications protocols and allowed plant-floor data collection with an IIoT ecosystem of sensors and actuators. Data sharing from OT to IT has supported plant-floor efficiencies and cost reductions through detailed data analysis within enterprise systems.

However, the explosion of data-driven insights from increased connectivity across the OT/IT boundary has increased risk with the rise of sophisticated threat actors. Effective cybersecurity starts with knowing exactly what’s on networks to proactively secure what’s legitimate while removing and blocking what isn’t.

Without proper security, threat actors can breach the system with the potential of locking up controllers for ransom, controlling the physical actions of machines, altering recipe data, and even creating worker safety hazards.

Automotive manufacturers require a current and up-to-date understanding of all installed-base assets with visibility to known or unknown vulnerabilities. A thorough risk assessment methodology within their OT environments will help understand and mitigate security vulnerabilities associated with increased data flow.

This risk assessment can flag poor practices such as a lack of incident detection capabilities in industrial demilitarized zones (IDMZs), communication protocol risks or unsecured or unauthorized IIoT devices.

2. Poor Patch Management

Weak patch management of the installed base is hugely problematic. According to cyber risk assessment company Black Kite, 71% of automotive companies score poorly on patch management.

From plant-floor PCs to programmable logic controllers (PLCs), devices running outdated versions of operating systems or software are highly susceptible to cyberattacks. Patches often address critical software security vulnerabilities. Not applying them on time carries high risk, making it relatively trivial for malicious actors to exploit outdated versions with known security flaws.

While poor patch management poses automotive cybersecurity risks, it’s also understandable in the context of production-critical plant-floor devices. In the IT world, it’s straightforward to establish a patching routine for servers and workstations, resulting in minimal business disruption.

On plant floors, patching means the potential for downtime on production machines that keep things ticking, and those responsible for OT environments are understandably opposed to any level of downtime. Risk increases when production environments operate with physical servers and haven't yet been migrated to virtual compute infrastructures with 24x7 monitoring and administration of OT data centers.

Addressing OT patch management calls for a structured strategy with a minimal production disruption footprint. Asset inventory is critical to provide an overview of every plant floor device, the software versions running on them, and their unpatched vulnerabilities. Also useful is a cybersecurity advisor experienced in production operations to avoid common pitfalls and help balance effective security with production uptime.

3. OT Security Knowledge Gaps

OT security knowledge gaps are another source of vulnerabilities, because you can’t protect what you don’t know.

For example, start-ups in the electric vehicle space might cover all the bases for IT cybersecurity to an extremely high degree, yet neglect OT vulnerabilities. Viruses, worms and weaknesses at the automation level may propagate through the network and pose threats to equipment. The most infamous example is Stuxnet, which targeted PLCs via Windows exploits.

Increasing OT security starts with tested and validated reference architectures such as Converged Plantwide Ethernet (CPwE), which provides a solid foundation for securing automotive plants. Assistance from experts in such architectures can help deploy firewalls and establish IDMZs to bolster plant-floor security.

Additionally, adopting cybersecurity solutions aligned with the five pillars of the NIST framework — identify, protect, detect, respond, and recover — can greatly mature both IT and OT cybersecurity.

Podcast

Lessons from the Colonial Pipeline Cyberattack

The ransomware attack that shut down the Colonial Pipeline on May 7, 2021, is considered the most impactful cyberattack against U.S. critical infrastructure. In this episode of the award-winning “Automation Chat” podcast from The Journal From Rockwell Automation and Our PartnerNetwork™ magazine, Executive Editor Theresa Houck talks with Grant Geyer, Chief Product Officer at Claroty, to examine how the Colonial Pipeline cyberattack happened and its impact.

Also learn about the asset operator’s role as the first line of defense; how converged IT/OT networks are vital for ICS efficiency, but also increase the attack surface available — and what to do about it; the technical and organizational features of a well-thought-out cyber defense; lessons learned that are useful for every industrial firm and critical infrastructure facility. And much more.

Listen on your favorite podcast app or on the web, or watch their conversation on YouTube.

Listen Now Watch Now

4. Credential Compromise

Despite the complexity of modern cybersecurity solutions and the sophisticated tactics used by malicious actors, many attacks initially exploit shockingly simple vulnerabilities. The most recent high-profile example is the 2021 Colonial Pipeline hack (see sidebar), in which intruders used a password stolen from a previous dark web data leak to access a VPN account and gain network access.

In an automotive installed base context, credential compromises could result in malicious parties accessing plant floor computers and devices with default or weak username-password pairs. Shared passwords and remote access, more common in our COVID-19 era, can introduce compromises where attackers gain control of machines or confidential data.

Zero Trust, an approach that hardens cybersecurity by removing excess or assumed trust from prioritized data, assets, applications,and services (DAAS), emphasizes strong identity and access controls as critical protection. Multifactor authentication, regular password changes, least privileged access and other techniques can be used to grant access to authorized users, for authorized reasons, and at authorized times only.

Learn about Rockwell Automation cybersecurity solutions.

Like this article? Sign up for the digital magazine (8x/year) of The Journal From Rockwell Automation and Our PartnerNetwork and get articles like this delivered right to your inbox.

^{The Journal From Rockwell Automation and Our PartnerNetwork™ is published by Endeavor Business Media.}