IT cybersecurity aims to ensure that stakeholders can access and process data when necessary, says Srikanth Subbu CISO at Tata Electronics

Manufacturing businesses have cybersecurity, but many early adopters of new technologies (including automotive, electronics, and mechanical and plant engineering) are unprepared for current threats.

This is an exclusive interview conducted by the Editor Team of CIO News with Srikanth Subbu CISO at Tata Electronics.

What are the latest trends in cybersecurity that the motor vehicle manufacturing industry is following?

• Connected vehicles are one of the primary challenges in the automotive industry.
• Wireless communication processes make the cyber risk associated with these vehicles clear.
• With connected vehicles, once they are breached, hackers can move laterally through the vehicle’s systems and then potentially attack other systems that are also connected.
• Lateral movement through a network is of primary concern for cybercrime, and connected vehicles represent a particular risk to this type of attack.
• Vulnerabilities have deepened during the pandemic as hybrid workforces
• Phishing attacks are particularly dangerous for the automotive industry because hackers can potentially gain access to an unlimited number of systems if their attack is successful.
• Ransomware attacks can be dangerous. Companies can experience tremendous disruptions when their cloud services are disrupted, but imagine the costs of having an entire fleet of vehicles shut down.

What new trends are expected in 2024 that businesses should follow? How could the new trends impact the industry?

• Increase in industrial IoT solutions as construction, manufacturing, and engineering companies look to enhance operations and boost efficiencies.
• As Gartner predicts, 75% of the world population will have personal data covered under modern privacy regulations. The responsibility for operationalizing these requirements is passed onto technology, more specifically security, under the umbrella of the CISO’s
• Data Localization: The risks to a multicountry business strategy drive a new approach to the design and regulatory landscape, with different regions requiring different localization strategies.
• Privacy: Data processing in untrusted environments, such as the public cloud, and multiparty data sharing and analytics have become foundational to an organisation’s success.
• The increasing complexity of analytics engines and architectures mandates that vendors incorporate a by-design privacy capability.
• AI Governance: 40% of organisations had an AI data breach. Whether organisations process personal data through an AI-based module integrated into a vendor offering or a discrete platform managed by an in-house data science team, the risks to privacy and potential misuse of personal data are clear.

How could the new trends impact the industry?

• Big data analytics: Leveraging advanced analytics to access critical insights is increasing the need for manufacturing companies to engage in more data-driven decisions around sourcing, production, fulfillment, an cost reduction.
• Industrial IoT, artificial intelligence, and machine learning: With IIoT, manufacturers can interconnect unique devices within an existing internet infrastructure to make strategic decisions using real-time data and achieve various goals.
• Smart factories and manufacturing are part of the “Industry 4.0″ movement, transforming operations and shop floors in production environments across the globe. They use a combination of high-end technology such as cloud connectivity, edge computing, 5G, AI, and IIoT.
• Connect your ecosystems, such as PLM and ERP, with a strong integration solution.
• Artificial intelligence-driven solutions will soon replace traditional methods like spreadsheets and dashboards.
• These instruments can automatically probe the data, learn insights, and make recommendations.
• AI in manufacturing offers numerous benefits, such as improved productivity, reduced error rates, enhanced decision-making, and accurate trend predictions.

How can we ensure cybersecurity during motor vehicle production?

• A connected vehicle exchanges data with multiple parties, like other vehicles on the road (V2V), the surrounding infrastructure (V2I), and everything else (V2X). Within a connected vehicle, various individual segments are instrumental in the functioning of the system.
• The new architecture may look this way, wherein Electronic Control Units (ECUs) will be connected to Zonal Units, which will be collectively connected to High-Performance Computers (HPCs). The architecture will need robust security to prevent a possible breach from external threats.
• Hackers continue to find backdoors to enter vehicles remotely as technology advances and the number of software components in a vehicle grows.
• Systems and components that govern safety must be safeguarded against malicious attacks, unauthorised access, damage, or anything else that could interfere with the safety functions of a vehicle.
• More than 100 million lines of code, and it is predicted that by 2030, there will be 300 million lines of code. The loophole in even one of the components within a vehicle could enable hackers to steal data or perhaps intervene in the function.
• Ensure that access controls on the shop floor are designed to prevent anyone who shouldn’t be able to enter restricted areas to ensure safe products at all times.
• Hardware-enhanced crypto, embedded security software, secure networks, and secure vehicle architecture
• Practice ensures that developers are using coding practices that are less vulnerable to attacks.
• Know that the system is being hacked and identify the point of entry, exposed vulnerabilities, and other critical information in real time. SoCs are needed to ensure real-time detection of any such breach and tackle it in real-time.
• Mitigate the damage and immunise the fleet in hours.
• Software updates over the air and patch management

What are the challenges faced while ensuring cybersecurity during motor vehicle production?

• The application of digital signatures to software is inconsistent; requirements should be in place to enable complete validation of the software to ensure its integrity at each level in the supply chain.
• Supply chain vulnerabilities—the frequent integration of third-party software, components, applications, and communications protocols—present an array of major cybersecurity weaknesses and quality-control issues.
• The application of digital signatures to software is inconsistent, and the software must ensure its integrity at each level in the supply chain.
• Follow the IT cybersecurity standard process and map cybersecurity solutions from IT to automotive.
• Most vehicle OEMs focus on the mechanicals; Tier 1 suppliers typically make all of the electronic design decisions.
• Multiple Interconnected Systems: A vehicle platform consists of many component types, including sensors, simple logic circuits, complex onboard computers, embedded operating systems, and proprietary chipsets. It’s challenging to combine Windows, macOS, Linux, and Java virtual machines into a single cohesive configuration.
• Consequences of Malfunction: Software errors in a smartphone do not carry the same consequences as in a vehicle.
• Are we following the safety standard for vehicles (ISO 26262)?

What are the benefits of implementing cybersecurity in the industry from the production stage?

• New technologies are leading to the creation of smart factories, in which digitization and interconnected devices benefit productivity, flexibility, awareness, and efficiency.
• Artificial intelligence (AI) and machine learning (ML) technology leads to more productivity and efficiency, faster product development, and better quality control, among other benefits.
• AI can boost productivity and manage manufacturing processes; it also represents a new method cybercriminals can use to attack the industry.
• Internet of Things (IoT) or Industrial Internet of Things (IIoT): physical devices with sensors and software (wearable tech) to communicate information about the physical world and make changes on the fly. Industrial applications include IIoT endpoints used as industrial control system (ICS) devices since many can contain an actuation component. There will be more than 80 billion connected IoT devices by 2025.
• Without proper authentication, hackers could easily use IoT devices to steal personal data and conduct phishing attacks.
• 3-D Printing: 3D objects from CAD drawings have been particularly useful for prototyping in manufacturing. peeds up design and production
• Virtual Reality (VR) and Augmented Reality (AR): VR is the immersive experience in a digitally-rendered environment, whereas augmented reality refers to the layering of digital information over the physical world. Still, virtual reality and augmented reality devices increase attack surfaces. Without proper security measures

CIA (confidentiality, integrity, and availability) is the typical underpinning guideline:

• Confidentiality: IT practices must protect sensitive data.
• Integrity: Protected data needs to be up-to-date and intact to maintain its usefulness and compliance with applicable regulations.
• Availability: IT cybersecurity aims to ensure that stakeholders can access and process data when necessary.

Traditional operational technology (OT) security

• Control: The company must retain control of its machinery to keep production going and maintain the safety of its processes.
• Availability: Downtime carries a high cost and has the potential for massive disruption due to long supply chains.
• Integrity: Inaccurate or incomplete data could risk the safety of those involved in industrial processes or end users of the products.
• Confidentiality: It’s only after the other factors are satisfied that the confidentiality of data is considered.
• Manufacturing businesses have cybersecurity, but many early adopters of new technologies (including automotive, electronics, and mechanical and plant engineering) are unprepared for current threats.
• Cyber Security Maturity Assessment: once a year
• Cyber Security Risk Assessment: 6 Months
• Red Teaming: once a year
• ISO/NIST standard
• Cyber Security Awareness and Training for Employees
• Strong password policies
• MFA
• Regular patches and firmware
• Supply chain risk assessment
• Continuous monitoring

Also read: Blockchain Revolution: Transforming Lead Generation in the Digital Age

Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter

About us:

CIO News, a proprietary of Mercadeo, produces award-winning content and resources for IT leaders across any industry through print articles and recorded video interviews on topics in the technology sector such as Digital Transformation, Artificial Intelligence (AI), Machine Learning (ML), Cloud, Robotics, Cyber-security, Data, Analytics, SOC, SASE, among other technology topics.