The CDK Global attack is a wake-up call, showing that threat actors see the automotive industry as a lucrative target.By Andrew Lintell
With the automotive industry running on high-value transactions, the sector’s extensive financial and sensitive data makes it a prime target for cyber attackers. The ransomware attack on CDK Global, which compromised the data of thousands of dealership customers and caused days of downtime, underscores this vulnerability. The impact of such attacks goes beyond data theft, disrupting the entire supply chain like a traffic jam that halts the flow of goods. When a key player is compromised, the ripple effects can lead to widespread delays and inefficiencies.
Compounding this issue is the industry’s use of both traditional IT and Operational Technology (OT) systems, such as industrial control systems (ICS) and programmable logic controllers (PLCs). These systems are mainstays for automotive OEMs, but increasingly common in dealership and fleet management too. Strong security measures for both IT and OT are essential to maintaining supply chain integrity and preventing the extensive consequences of cyber attacks, ensuring the automotive supply chain operates smoothly.
Mitigating advanced cyber risks
The recent cyber attack on CDK Global, which forced the company to take its systems offline, highlights the fragility of the automotive supply chain. This incident disrupted around 15,000 dealerships in the US and showed how one broken link in the chain can have a major knock-on effect on operations.
Adversaries can also exploit vulnerabilities to orchestrate sophisticated attacks and infiltrate networks. This means weaknesses in IT systems, such as remote access solutions and cloud applications, can be exploited through methods like phishing attacks, malware infections, or exploiting software vulnerabilities to gain unauthorised access. Once infiltrators breach the IT network, they can move laterally to access OT networks, potentially causing severe disruption to production and operations.
This cross-system exposure means that a vulnerability in one domain can jeopardise the entire supply chain. Furthermore, digitisation and remote work has exacerbated this issue. Always-on VPNs, for example, have become common, offering real-time data exchange and remote access. However, this constant connectivity increases the amount of entry points for cyber criminals to enter the network environment.
If a user account or application is compromised, adversaries can gain unrestricted access. Many always-on VPNs lack strong security measures, making them particularly vulnerable. To mitigate these risks, automotive organisations must ensure that only authorised personnel connect by implementing multi-factor authentication (MFA), network segmentation and stringent access control protocols.
The challenge of managing security across IT and OT
Managing both IT and OT security is crucial in the automotive industry. Automotive companies rely heavily on cyber-physical systems (CPS), like fleet management that connects with the vehicle.
On the manufacturing side, digital assets are intricately connected with physical processes using OT systems like Supervisory Control and Data Acquisition (SCADA) systems. These systems are essential for overseeing and evaluating industrial equipment and operations and warn against detected issues in the industrial process of the automotive sector.
As IT and OT networks converge, increased visibility over assets is necessary to manage the expanding attack surface exploited by cyber criminals. Without proper security, these interconnected networks are vulnerable to breaches, data theft, and operational disruptions. Traditional IT security tools often struggle to monitor OT-specific protocols, leading to gaps in threat detection and response, which can result in equipment malfunctions or unsafe conditions.
Historically, OT systems were manual and isolated from IT networks. While digital integration has improved efficiency through automation and remote access, it has also exposed these systems to new vulnerabilities. OT systems often do not align well with standard IT management and security solutions, complicating threat identification.
To address these challenges, cohesive security strategies across IT and OT domains are needed. However, IT security teams are often perceived as overly cautious, and as “the department that cries wolf,” often due to their vigilance and insistence on secure practices across all departments. This can lead to their initiatives being viewed as formalities rather than essential operations components. However, the board must look beyond these stereotypes to recognise the genuine threat posed by OT security risks and understand the importance of supply chain security.
Making the case for cyber investment
Security teams need to ensure that boards are presented with all the facts and the threat posed by ransomware attacks is communicated effectively. Clear examples of recent OT security breaches must be presented by security teams, highlighting their operational and financial impacts. By aligning OT security initiatives with business objectives, they can show how these measures prevent production downtime, safeguard the company’s reputation, and ensure regulatory compliance.
Additionally, emphasising the return on investment (ROI) and including specific examples of cost savings, like avoiding breaches and fines, is crucial to overcoming budgetary challenges. Regular briefings with the board on evolving threats and progress in OT security help ensure ongoing support and necessary investments.
The imperative for proactive security measures
With the rise in ransomware attacks on IT and OT environments, the need for comprehensive visibility across all CPS components has never been greater. Effective asset management is crucial for maintaining operational resilience, especially as threats become more persistent. Automotive companies must monitor OT networks continuously to detect misconfigurations or unauthorised activities, signalling early stages of cybe rattacks or system failures.
Identifying vulnerabilities is only the first step; assessing their context and impact is essential. Given the high cost of downtime, around £7,500 per hours, dedicated cyber security solutions are needed to match assets to known vulnerabilities and prioritise remediation.
To strengthen security, automotive organisations should implement comprehensive asset visibility, investing in tools for detailed, continuous monitoring of IT and OT assets. They also need to integrate IT and OT security, developing cohesive strategies that protect both domains, using solutions compatible with OT protocols. At the same time, adopting advanced detection technologies is important, as is continuous risk assessment. And finally, they should enhance incident response, establishing response plans and training staff to handle security incidents.
By focusing on these priorities, automotive companies can build a powerful security framework to protect against evolving threats and ensure operational integrity.
The CDK Global attack is a wake-up call, showing that threat actors see the automotive industry as a lucrative target. The attack significantly impacted the sector and hampered the sales growth of companies like Ford. Dealers, manufacturers, and other firms that service the industry should take note of the widespread disruption the attack caused. Discussing this issue with the board will help security teams provide a clear picture of what they need to protect a company’s network. Ensuring comprehensive visibility, stringent access controls, and continuous monitoring can safeguard critical operations and prevent future disruptions.
By Andrew Lintell, General Manager, EMEA at Claroty