The Cybersecurity Gap in Automotive: Rapid In-Car Innovation vs. Lagging Manufacturing Systems

By Marc Brown

The automotive industry has become synonymous with innovation. From electric vehicles to self-driving technology, in-car systems continue to break boundaries, delivering unparalleled convenience, connectivity, and user experience. However, while the spotlight shines brightly on these advancements, there's a critical area lagging behind: automotive manufacturing cybersecurity.

A Tale of Two Worlds: In-Car Systems vs. Manufacturing

Automotive in-car systems are on the cutting edge of technology, integrating AI, IoT, and advanced connectivity to redefine mobility. These innovations are built with security at the forefront, incorporating robust mechanisms to protect against cyber threats targeting drivers and passengers. In fact, these systems undergo rigorous testing at premier cybersecurity events like DefCon, where ethical hackers annually put them to the test, as well as at many other specialized industry forums. This continuous scrutiny ensures that in-car systems are becoming some of the most secure components of modern vehicles, raising the bar for automotive cybersecurity.

In contrast, the manufacturing side of the automotive industry—despite being responsible for producing these high-tech vehicles—has struggled to keep pace with cybersecurity advancements. Like many other manufacturing sectors, automotive production facilities often depend on OT/ICS systems that lack modern cybersecurity robustness, legacy equipment, and minimal adoption of standard IT security tools. This gap creates significant exposures, leaving manufacturing operations increasingly at risk of cyberattacks.

Why the Manufacturing Lag is a Growing Concern

1. Increased Attack Surface: Automotive manufacturing relies on a complex network of suppliers, systems, and technologies, many lacking modern security controls. This ecosystem is a prime target for ransomware, insider threats, and supply chain attacks, which could disrupt production at a massive scale.
2. Legacy Systems and OT/ICS Environments: Many manufacturing facilities still rely on legacy OT/ICS systems that were never designed with cybersecurity in mind. These systems often lack essential security measures such as encryption, patch management, and network segmentation, leaving them highly vulnerable to attacks. Compounding the issue, most OT/ICS environments are rarely tested through cyber attack tabletop exercises or purple team engagements, further limiting their preparedness to handle real-world threats.
3. Underutilization of IT Security Tools: While in-car systems benefit from a strong industry focus on security and technological advancement, manufacturing environments often fail to adopt modern IT security tools such as real-time monitoring, threat emulation and validation, anomaly detection, and endpoint protection. This absence of routine cybersecurity practices exacerbates the gap between innovation in vehicle technology and protecting the systems that produce them.

Bridging the Gap: Prioritizing Manufacturing Cybersecurity

To address these challenges, the automotive industry must bring the same level of focus and innovation to manufacturing cybersecurity as it does to in-car systems. Here are three key steps to close the gap:

1. Adopt and Enforce Cybersecurity Standards for OT and ICS: Implement, deploy, and validate frameworks like NIST or IEC 62443 to enhance the security of OT/ICS environments. These standards provide a roadmap for protecting manufacturing systems from emerging threats.
2. Integrate Threat Emulation and Validation: Use tools like adversarial threat emulation to test exposures in manufacturing systems/processes and validate existing defenses. Proactively identifying gaps reduces the risk of disruptions.
3. Educate and Align Teams: Security must be a shared responsibility across IT, OT, and leadership. Training programs and regular tabletop or purple team exercises can help align stakeholders and build a culture of cybersecurity awareness.

Conclusion

The automotive industry's focus on innovation has led to incredible advancements in in-car technology, but it's time for manufacturing to catch up. By investing in modern cybersecurity practices, manufacturers can protect their operations, ensure continuity, and maintain the trust of their customers.

Let’s ensure that the same spirit of innovation driving our vehicles also fuels the safety and resilience of the systems that build them—a challenge not unique to automotive but one that exists across most industries. 🚗🔒

To learn more, visit scythe.io.