Episode Summary:

In this episode, John speaks with a cybersecurity expert Karl Schlaugh about the rising cyber threats in the automotive industry, the challenges of securing vehicles, and the impact of regulations on automotive cybersecurity. They discuss various attack vectors, the importance of patch management, and the role of regulations in enhancing vehicle security.

Key Takeaways:

• Cybercriminals target the automotive supply chain to amplify their reach.
• The automotive industry's long patch lifecycle makes it a lucrative target for cybercriminals.
• Regulations like UN ECE 155 and 156 are positively impacting automotive cybersecurity by requiring vulnerability management and encouraging transparency.
• The rise in cyber attacks on the automotive industry underscores the need for improved security measures and continuous monitoring.

Quotes:

1. "Cybercriminals always follow money. If you have malware running in a supplier, then you amplify your targets." - Karl Schlaugh
2. "The patch lifecycle in automotive is a hell of a lot longer, which is a good thing for cybercriminals." - Karl Schlaugh
3. "Regulations like UN ECE 155 and 156 are encouraging vulnerability management and transparency, which is very positive." - Karl Schlaugh

Timestamps:

• (10:35) The long patch lifecycle in the automotive industry
• (16:50) Impact of regulations on automotive cybersecurity
• (24:10) Addressing cybersecurity in older vehicles
• (28:30) Key takeaways from the cybersecurity threat landscape report
• (36:17) Discussion on industry trends and future outlook
• (41:53) Monetary impact of cyber attacks on the automotive industry
• (43:31) Importance of reputation management for OEMs

Referenced Links:

• UN ECE 155 Regulation
• UN ECE 156 Regulation
• Automotive Cyber Threat Landscape Report 2023

Connect With Karl (Kalli) Schlauch:

• LinkedIn

Connect With ASRG:

• ASRG
• LinkedIn