Connected factories in focus: Cyberattacks cost automotive industry billions

According to experts, the global automotive industry is facing a digital threat landscape that has reached new dimensions in its intensity and economic consequences. While previously primarily classic IT systems in offices were the target of hackers, the heart of the industry is now coming into focus: production.

An updated white paper by the Center of Automotive Management (CAM), based in Bergisch Gladbach, written in cooperation with Cisco, illustrates the development. The estimated damages for the sector have thus risen to over 20 billion US dollars – a twentyfold increase compared to 2022. Major names such as Toyota, Honda, Jaguar Land Rover, Bridgestone, or Thyssenkrupp Automotive have already had painful experiences with production downtimes and interrupted supply chains.

CAM's analysis of attack targets reveals a noticeable shift within the automotive ecosystem. It is not the large manufacturers, the so-called OEMs, who are at the forefront of cyberattacks, but rather the suppliers. According to a VicOne study cited in the white paper, almost 57 percent of all relevant attacks are directed at suppliers.

Dealers follow with around 22 percent, while vehicle manufacturers themselves account for just under 10 percent of direct attack targets. The figures indicate that cybercriminals are specifically targeting the supposedly weakest link in the highly interconnected value chain. This is because a standstill at a specialized supplier can bring entire assembly lines at manufacturers to a halt in a very short time.

IT and OT merge to form an entry point

The reason why the attacks are so effective nowadays is the progressive convergence of Information Technology (IT) and Operational Technology (OT). Modern factories are highly digitized: cloud platforms, AI-supported control systems, and networked robotics form a dense network. Professional ransomware groups and state-sponsored actors are using these new attack vectors to penetrate from office communication deep into the control logic of individual machines.

CAM Director Stefan Bratzel warns that production stoppages today could cause damages in the tens of millions per day. Cybersecurity has thus evolved from a purely IT issue to an existential question of operational security.

In an accompanying survey of industry representatives, the authors identified the biggest pain points. At the top of the list are cloud security and risks from remote work, closely followed by classic ransomware and malware attacks.

However, newer threat areas such as AI-based attacks and vulnerabilities in connected vehicles themselves are also causing increasing concern among decision-makers. To make matters worse, many plants still use a mix of state-of-the-art technology and outdated legacy systems. These heterogeneous landscapes are often difficult to segment and offer numerous entry points.

New standards as a management task

In addition to technological hurdles, structural problems are slowing down defense efforts, according to the analysis. There is a shortage of skilled workers in the specific area of OT security, as the white paper states. Furthermore, clear role models for responsibilities in production are often lacking. At the same time, the pressure from regulatory requirements at national and international levels is growing.

According to the experts, cybersecurity is thus definitively becoming a management task that must combine technical know-how with legal and strategic foresight. Thorsten Rosendahl from Cisco's security unit Talos emphasizes that a holistic approach is vital for survival. This approach must no longer allow a separation between office IT and the factory floor.

To provide companies with guidance in this field, the white paper introduces the so-called 4C model. This assessment framework considers cybersecurity as a strategic tool and is divided into the areas of Competencies, Cooperations, Culture, and Strategy. It is not just about deploying the latest firewall. Rather, the central question is whether the personnel have the right skills, how securely the partners are connected, and whether a genuine security culture is lived within the organization. The authors emphasize: Only through this interplay can sustainable cyber resilience be built, which will secure the economic location and its industrial value creation in the long term.

(nen)