Automotive cyber security must be an ever-present concern in the modern car industry

Car makers are at the cutting edge of technology innovation, as they use the latest digital and engineering techniques to design and build machines that are more computer than vehicle. It’s estimated there will be 250 million of these connected cars on our roads by 2020. Cars are packed with sensors, processors, infotainment systems, connectivity and more computing power than the spacecraft that first landed on the Moon. Yet with all this innovation comes extra cyber risk: not just of the cars themselves being hacked, which is dangerous enough, but of the back-end enterprise systems that built it being attacked. One company claimed the cost of combined cyber threats to the car industry could reach $24bn by 2023, hence the need for a focus on automotive cyber security.

The rush to digitalize has meant many automotive companies investing in powerful cloud and IoT platforms, AI and big data analytics, 3D printing machines and more. But this can leave them exposed to some very traditional threats: data theft, phishing, ransomware and more.

Accelerating to a digital future with automotive cyber security

The car-making sector is strongest in Europe, the US and parts of Asia. In the US for example, it has historically been responsible for contributing 3-3.5% of GDP. But it’s not all about the big-name OEMs or auto financing companies. Hundreds of thousands of smaller suppliers and specialist manufacturers are also thriving, on the back of billions invested in R&D every year. This means digital transformation: the new watchword for automotive CIOs as they look for smarter, more efficient ways to run their organizations and design and build the vehicles of the future.

Unfortunately, every new digital initiative arguably threatens to expose such organizations to new cyber risks. Data theft can be particularly damaging for car industry firms: whether it’s stolen IP which could damage competitive advantage, or customer data, which might put it in the cross-hairs of GDPR regulators. Carmakers are also exposed to ransomware threats. In 2017, Nissan’s Sunderland plant was affected by the infamous WannaCry attack.

There are four main areas of risk identified by PricewaterhouseCoopers: factory machines; 3D printing; auto-financing; and the supply chain. OT and IoT systems inside manufacturing plants increase the risk of a remote attack designed to sabotage key processes, install ransomware or use unsecured endpoints to move laterally through the corporate network to sensitive data. 3D printers are also a source of manufacturing designs which could be stolen. Auto-finance firms are those which help customers pay for their vehicles, and as such are a target for financial and personal data. And an extended supply chain represents a major risk if auto firms don’t vet and audit their partners. Personal data on over 28,000 Porsche customers was illegally accessed after attackers targeted a supplier’s servers in early 2018.

The impact of a serious incident on a victim organization could range from clean-up and remediation costs to lost competitive advantage, legal costs, regulatory fines and reputational damage potentially causing customer churn.

The key for automotive IT leaders looking to regain the initiative is to understand the risk to their systems posed by DNS-based attacks. Only then will they be in the right position to choose smart analytics tools designed to scan this traffic for threats and integrate them neatly into existing SIEM and other security tools for optimized incident response.

Why DNS?

DNS is not on the radar of many automotive IT security teams. But it should be. It provides the essential digital signposting organizations need to function online, allowing their employees, partners and external customers to find the right websites and apps. Without it, carrying out even the most basic tasks online would be an order of magnitude more difficult. That’s because it converts the domain names humans can easily remember to the IP addresses which machines need to communicate.

The challenge is that it was not built with security in mind, so there are multiple opportunities for hackers to target DNS for malicious ends. For one, DNS servers could be hacked to redirect users unwittingly to phishing sites or web pages hosting malware. DNS traffic is also whitelisted by most firewalls, making it the perfect channel via which to hide stolen data and smuggle it out of a breached organization. DNS traffic could even be used by command and control (C2) servers to send commands to compromised hosts inside an organization.

In short, DNS is a key threat vector for attackers. According to the National Cyber Security Centre it is used in almost all cyber attacks at least some stage in the kill chain. But it can also be used to positive effect. Nominet’s NTX platform uses state-of-the-art analytics technology to spot malicious activity in large volumes of DNS traffic. The result is a system able to predict, detect and block attacks before they’ve even made an impact.