Steve O Connor, Director of Information Technology, Aston Martin Lagonda, on dealing with critical security challenges in the automotive industry
How far could cyberattacks impact the automotive industry?
When Wannacry hit in 2017, we were able to avoid any serious breaches by following a strict patching schedule. But this attack made us think about our security posture and whether our security would be able to withstand further attacks – hence switching to SentinelOne’s Vigilance product.
In terms of the impact on the industry, cyberattacks can cause a host of problems with user safety – as a worst-case scenario. Hackers can, hypothetically, glitch systems responsible for safety measures, such as traction controls. However, many threat actors see data as their end goal and so the automotive industry needs to invest in robust end-to-end encryption alongside other measures to mitigate potential threats.
What is Aston Martin’s approach to cybersecurity in this age of connected and autonomous cars?
A key focus for us in our approach is our future IT function, and IT strategy, within the business and supply chains. With new vehicles, such as connected cars, cybersecurity has become one of the key areas for car companies and, especially for us with the incumbent regulations, this puts a real focus on security and protecting the brand, as well as customer data.
As data continues to generate at such a rapid pace, human beings won’t be able to keep up. As a relatively small company, we need to continue to deliver and stay ahead of the trends. Starting with day-to-day IT, we want to delve deeper into unlocking what AI and Machine Learning can bring to the table in helping us automate processes and keep up with the data workload. Our CAD engineers, for example, are designing at double their data sizes now vs five years ago. This massive increase in data being generated by the organisation means that we will all need to utilise AI and Machine learning around data lakes and data warehouses to manage it and most importantly, to utilise insights from AI and Machine learning to further our own knowledge of the threat landscape moving forward.
How do you address supply chain risks?
Today we have a set of standards that we expect our supply chain to adhere to with our data and information. That goes as far as how we securely exchange data using services provided by Aston Martin.
The future is where this area gets particularly interesting for us in light of the incoming UN Regulation on uniform provisions concerning the approval of vehicles with regard to cybersecurity and UN Regulation on uniform provisions concerning the approval of software update processes. These regulations mean that as an OEM we need to have a robust set of cybersecurity standards that meet the regulation. This will then need to be adopted by our supply chain. These regulations by their very nature are designed to mitigate the cybersecurity risks and when adopted by the supply chain will give us that continuing confidence in our cybersecurity posture.
Car hacks have attracted a lot of media attention. What are the ways to prevent it?
With new connected car regulations already in place, and more coming into effect, from the United Nations Economic Commission for Europe (UNECE), car manufacturers will have to be vigilant in tightening up their security postures around new connectivity within their cars.
Continuous vulnerability testing, regular software updates and limiting the number of devices attached to your car can help mitigate potential threats. We already do a lot of this today, we need to treat the car as a critical connected device and secure it as such. For car manufacturers, end to end encryption will be one of the keys to the future for protecting customer data, such as location data and driving usage, from ending up in the wrong hands.