When the United Nations Economic Commission for Europe (UNECE) drew up its WP.29 regulatory framework—UN Regulation No. 155 (R155)—it sought to establish a clear benchmark to measure automotive security standards. According to industrial electrical system specialist Thales Group, the vulnerabilities cited generally fall into three categories: vehicle hardware, communications, and applications.
However, to say that cyber security only becomes a concern once a vehicle leaves the factory is a mistake. Manufacturing processes are creating a larger surface area for an attack as they incorporate an increasing amount of connected technology. This risk was made clear in 2017 when a large-scale ransomware attack halted production at plants owned by Honda, Renault, and Nissan.
Clearly, true cyber security does and should begin with manufacturing plants.
