Tackling cybersecurity in the automotive industry: Why you need an end-to-end approach

Publish date:

Achieving the necessary level of security is rarely straightforward, particularly when you need to safeguard legacy components that were never designed to be connected to the internet. To ensure nothing is overlooked, and to maximize effectiveness, we always recommend that automotive clients adopt an end-to-end approach to their cybersecurity.   

In my last post, I discussed reasons for the automotive industry’s heightened awareness of cybersecurity. Now I’d like to talk about the actions that I believe should follow from this awareness.
Achieving the necessary level of security is rarely straightforward, particularly when you need to safeguard legacy components that were never designed to be connected to the internet. To ensure nothing is overlooked, and to maximize effectiveness, we always recommend that automotive clients adopt an end-to-end approach to their cybersecurity.
This recommendation implies looking beyond the boundaries of a single organization, because successful cybersecurity approaches depend on collaboration across the supply chain. OEMs are now well aware that they can’t delegate responsibility for security to suppliers – yet they rely on those suppliers, especially Tier 1 suppliers, to help them implement their cybersecurity strategy. The OEM must therefore assume overall responsibility for the security of the entire vehicle and ecosystem throughout its lifecycle, while providing clear direction to suppliers as to what security requirements they need to meet.
To put these ideas into practice, it’s helpful to think about cybersecurity in terms of a two-dimensional model. This model identifies three focus areas that together cover the complete ecosystem: manufacturing, connected vehicle, and enterprise IT. For each of the focus areas, the model shows that it’s necessary to consider the entire product lifecycle including the plan and build phase and the run phase.
Using this model, the OEM and its supply chain can ensure implementation of the right security measures to address each of the three focus areas at every phase of the lifecycle. Adopting a Defense-In-Depth paradigm also helps, because it ensures that security is built in at every level during plan and build, and maintained during run.

Related Posts

Cybersecurity

Capgemini presents Next Generation Security Operation Center

Christer Jansson
June 14, 2018
Next generation security operation centers (SOCs) resolve the need for cybersecurity skills and help organizations counter threats
Cybersecurity

Selling security and privacy: Why cybersecurity is the new competitive advantage for retailers

Subrahmanyam KVJ
May 28, 2018
Consumers now see cybersecurity and data privacy as one of the three main reasons to select a retailer, beating even price. In India, it even comes out on top as the number-one reason to do business with a particular retailer.
Cybersecurity

Are you prepared for the GDPR?

Peter Hansen
May 17, 2018
The general issue lies with anyone with justified and managed access to process data, for its purpose, since that’s the business need and actual reason for the data existing in the first place.
cookies.

By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.

Close

Close cookie information