As cyber threats increase, automakers and regulators are scrambling to safeguard an automotive industry as interconnected as the vehicles being produced.
A wave of thefts of luxury vehicles in Ontario shows that hackers are finding openings. In Ottawa, nearly one of every four stolen vehicles is a Lexus or high-end Toyota, taken by thieves who hack the vehicles and then drive those vehicles to Montreal for shipment across the world, say police. The thefts have prompted increases in security.
But while those thefts get attention, security experts warn that much of the industry’s exposure lies below the surface.
“People need to be aware that it’s possible to hack a vehicle, to hack the infrastructure, to hack manufacturers and their supply chains — that’s all possible to do right now, today,” said François Couderc, a Quebec City based cybersecurity specialist with the defence contractor Thales Group.
Companies are reluctant to say they’ve been hacked, fearing repeat attacks and customer and shareholder anxiety, Couderc said.
However, nearly one-third of suppliers responding to a survey by KPMG and the Automotive Parts Manufacturers’ Association (APMA) reported suffering a cyber breach in the past year. Phishing attacks — in which an employee clicks on an email link that spreads malware throughout a poorly secured network — are an easy way in.