Connected Business Technology Cybersecurity Threat Intelligence – what it is, and what it means for OEMs April 9th, 2024 With an ever more complex automotive digital landscape comes an increasingly complex cybersecurity infrastructure. An infrastructure that faces increasingly sophisticated threat actors, seeking to exploit its vulnerabilities. Cybersecurity Threat Intelligence – CTI – is a multifaceted process for better identifying, understanding, and ultimately preventing these risks. Here is what that means for OEMs, and how we at WirelessCar work with Cybersecurity Threat Intelligence. What is Cybersecurity Threat Intelligence? In a nutshell, CTI refers to information that is collected, analyzed, and used to understand a cyber threat actor's motives, targets, and attack behaviors. This intelligence helps organizations identify, prevent, and prepare for cyber threats that seek to take advantage of valuable resources. CTI is an essential component of a proactive cybersecurity strategy. Why is Cybersecurity Threat Intelligence important to OEMs? CTI should be part of any OEM’s cybersecurity ecosystem, for two main reasons: Connected cars are part a new cyber threat landscape Connected cars are as defined by their digital features as their physical functions, which provides lots of new business opportunities for OEMs. However, as the system of interfaces, software and code grows in complexity, new cyber threats and vulnerabilities emerge. CTI gives OEMs the ability to both stay ahead of threat actors and prevent them from causing actual damage. The accelerating evolution and proliferation of automotive cyber threats Cyber threat actors have new tools at their disposal, tools that will become more capable over time (with Artificial Intelligence being one of the clearest enablers). The evolution of cybersecurity threats is nothing new, but the pace and ever-changing nature of this evolution is something we have not seen before. As OEMs implement Cybersecurity Threat Intelligence in their digital ecosystems, they will be able to be at the forefront of this evolution, thus maintaining and improving the safety of their digital assets. Cybersecurity threats are not merely internal or external Traditionally, cybersecurity threats have been characterized as either internal or external. Internal threats are essentially insider threats, such as a rogue employee or a company spy. External threats can be phishing attacks or ransomware attacks, and may come from any outside party who seeks to hurt a company’s business and operations. But then, there is also what you might call the contextual threat factor: how is your company partnered or associated with suppliers and service providers that may fall victim to cybersecurity threats or attacks? No matter the number of service providers an OEM works with, and how closely associated they are, the OEM must always consider these as part of its Cybersecurity Threat Intelligence work. Some key CTI trends, and what they mean for OEMs Cybersecurity Threat Intelligence reports point to two particularly common trends affecting the automotive industry: supply chain attacks and ransomware attacks. Developing software for components in connected cars means having to import libraries and code from different sources. These assets create digital supply chains, which in turn can have vulnerabilities that OEMs need to discover and manage. CTI makes it easier to discover these vulnerabilities and to share important information, for example on how a specific software needs to be patched. Information sharing is a critical aspect of this work, as individual organizations have a very limited ability to do all of this exploratory work on their own. As for the rise of ransomware, it is relevant to talk about an emerging ransomware industry. These threat actors target assets that they believe to be lucrative: connected cars, connected fleets, or critical infrastructure such as EV charging stations. Another cyber threat catalyst has been the rapid development of generative AI, which may assist cyber criminals by generating various forms of exploits and automations. However, AI and machine learning are also helping us build better defense systems, and more robust solutions. One crucial thing to keep in mind is that threat actors operate from within a highly technical environment, whereas OEMs mostly operate within a corporate structure. Cyber threat actors thrive on their potential victims’ lack of information and proper defenses. Therefore, OEMs need to develop their cybersecurity capabilities, especially CTI. Acquiring the knowledge needed, and building a proper cybersecurity infrastructure from it, are team efforts. Such collaborations benefit the automotive industry as a whole, as well as individual companies. How WirelessCar works with Cybersecurity Threat Intelligence WirelessCar regularly collects threat intelligence reports from relevant sources. These reports include statistics, analyses, and trend updates; all related to the current cybersecurity threat situation, and how it is likely to evolve. We analyze the information, look at it in the context in which it applies to our organization and to our customers, and take proper action. In specific cases, we also advise OEMs on what actions to take if they are at risk of, or fall victim to, a cyberattack. Cybersecurity Threat Intelligence is a part of WirelessCar’s Vehicle Security Operation Center (VSOC) solution. How sharing and discussing CTI improves your cybersecurity While sharing parts of – and insights from – one’s Cybersecurity Threat Intelligence work may seem counterintuitive at first, it is actually vital that we do. The question is not whether OEMs should share their intelligence or not, but how they should share it, and with whom. ISACs (Intelligence Sharing Analysis Centers) are examples of the kinds of forums where knowledge can be shared and discussed for the benefit of entire industries. OEMs should not be wary of these kinds of initiatives, but welcome them. Cybersecurity threat actors are only becoming more and more capable, so OEMs and their service providers must always stay ahead. The prevalence of zero-day threats only increases the need for cooperation. The term "zero-day" describes the fact that developers have "zero days" to fix the issue, because it may have been exploited in the wild before. Stakeholders across the automotive industry need to work together to repel these emerging threats, in order to shape the cybersecurity infrastructure of tomorrow. At WirelessCar, we maintain a constant, internal dialog about cybersecurity threats. That includes regular Cybersecurity Threat Intelligence work, but also meeting and discussing the related matters at hand, rather than keeping our respective insights and expertise to ourselves. As a result, we are able to build even greater products – both OEM-specific and more general solutions – that are cybersecure-by-design. Meanwhile, OEMs can focus more of their resources on the features and services that set them apart from their competitors. This is one of several WirelessCar Insights articles addressing the topic of cybersecurity in the automotive industry: its challenges, its evolution, digital key technology, and more. Keep an eye out for more cybersecurity-related articles in the future, here on the WirelessCar Insights blog. Should you have any questions about our work with CTI, you are welcome to reach out to me via the address below. Gustavo Azzolin Cybersecurity Specialist Contact