Capping IT Off

Capping IT Off

Opinions expressed on this blog reflect the writer’s views and not the position of the Capgemini Group

Tackling cybersecurity in the automotive industry: Why you need an end-to-end approach

Category : Cybersecurity
In my last post, I discussed reasons for the automotive industry’s heightened awareness of cybersecurity. Now I’d like to talk about the actions that I believe should follow from this awareness.
 
Achieving the necessary level of security is rarely straightforward, particularly when you need to safeguard legacy components that were never designed to be connected to the internet. To ensure nothing is overlooked, and to maximize effectiveness, we always recommend that automotive clients adopt an end-to-end approach to their cybersecurity. 
 
This recommendation implies looking beyond the boundaries of a single organization, because successful cybersecurity approaches depend on collaboration across the supply chain. OEMs are now well aware that they can’t delegate responsibility for security to suppliers – yet they rely on those suppliers, especially Tier 1 suppliers, to help them implement their cybersecurity strategy. The OEM must therefore assume overall responsibility for the security of the entire vehicle and ecosystem throughout its lifecycle, while providing clear direction to suppliers as to what security requirements they need to meet.
 
To put these ideas into practice, it’s helpful to think about cybersecurity in terms of a two-dimensional model. This model identifies three focus areas that together cover the complete ecosystem: manufacturing, connected vehicle, and enterprise IT. For each of the focus areas, the model shows that it’s necessary to consider the entire product lifecycle including the plan and build phase and the run phase. 
 
Using this model, the OEM and its supply chain can ensure implementation of the right security measures to address each of the three focus areas at every phase of the lifecycle. Adopting a Defense-In-Depth paradigm also helps, because it ensures that security is built in at every level during plan and build, and maintained during run. 
 
 

About the author

Nick Gill
Nick Gill

Leave a comment

Your email address will not be published. Required fields are marked *.