FEATURE Cybersecurity
Following the recent incident at JLR, Daryl Flack, Partner at Avella Security, explores ways of minimising the impact of a cyber- attack in the automotive industry
LEARNING LESSONS IN CYBER-RESILIENCE T
he recent cyberattack on Jaguar Land Rover (JLR) has sent shockwaves through the UK manufacturing sector. Production
was forced to a halt across multiple plants, staff were left unable to work, and supply chains suffered serious disruption. For JLR, the incident was not just an IT
problem; it was a full-blown operational crisis. And while the company acted decisively to shut down systems and contain the threat, the event underscores wider lessons for resilience in the sector. One of the most important lessons from JLR’s handling of this incident was the speed of its response. The company took the difficult step of shutting down production systems. While this caused short-term pain, it was a decisive containment measure that prevented further spread and potentially more catastrophic damage. In any cyber crisis, time is of the essence. Every hour of hesitation gives attackers more opportunity to exfiltrate data, move laterally across networks, and embed themselves deeper into critical infrastructure. JLR demonstrated how immediate containment can preserve long- term operational stability. Manufacturers must take note. Effective
response depends not only on technical safeguards but also on well-rehearsed incident response playbooks. These need to outline who makes the call, what systems can be sacrificed, and how communications with staff and suppliers are handled. Without such preparation, organisations risk paralysis at the very moment decisive action is most needed. The group linked to the JLR attack has
previously claimed responsibility for breaches at other major UK organisations. This continuity of activity highlights a sobering reality: attackers are not only persistent but also increasingly focused on
automationmagazine.co.uk
manufacturing and critical infrastructure. Why? Because operational technology (OT) environments are both attractive and vulnerable. Unlike IT systems, which have seen decades of investment in cyber defences, OT environments were often designed primarily for function rather than security. Industrial robots, assembly lines, and process controllers can often run legacy software, rely on proprietary protocols, and cannot easily be patched without halting production. The attack surface widens further as these systems are connected to IoT devices, remote monitoring tools, and IT networks. Add in the complexity of global supply chains, where third-party access is often required, and attackers are presented with multiple entry points or attack vectors. Manufacturers also hold sensitive intellectual property, from process designs to trade secrets, making them prime targets for ransomware, espionage, and supply chain compromise.
In short, OT is becoming the battlefield of choice for cyber adversaries. Perhaps the most serious impact of a cyberattack that affects OT, is the threat to operational continuity. When IT systems are compromised, the disruption is significant, but usually recoverable with backups, redundancy, and recovery tools. When OT systems are hit however, the consequences ripple far beyond the factory floor. At JLR, the production shutdown immediately stalled output, but the effects extended into logistics and distribution, supplier coordination, and customer trust. This is why true resilience demands a holistic
approach. Technical firewalls and endpoint protection are essential, but they are not enough. Manufacturers must embed resilience into the fabric of their operations by separating IT and OT environments, practicing joint drills between operational and security teams, and establishing continuity plans that assume disruption will occur at some point.
So how should manufacturers respond?
There are three critical layers: technical safeguards, incident response preparedness, and governance. 1. Strengthen Technical Foundations Start with visibility. Create a full inventory of OT assets, and ensure patching and updates are applied where possible. Network segmentation is vital, limiting the blast radius of any intrusion and preventing lateral movement. Remote and third-party access should be tightly controlled. Continuous monitoring of OT networks, backed by anomaly detection, enables earlier detection of malicious activity. Backups, stored both offline and in the cloud, are essential for recovery from ransomware. Applying recognised frameworks such as IEC 62443 and NIST 800-82 helps benchmark and guide OT security. 2. Prepare for Incidents Incident response must be treated as a business-critical function. Manufacturers should create and rehearse plans that define escalation routes, decision-making authority, and communications protocols. Also, ongoing, role-specific training ensures engineers, operators, and other frontline staff can recognise and report threats quickly, reducing dwell time for attackers. 3. Elevate Governance Cyber risk is a board-level issue. Boards
must regularly review security investments, audit resilience measures, and hold management accountable for maintaining readiness. Embedding cyber resilience into corporate governance fosters a culture where security is everyone’s responsibility. Preparedness is no longer optional. It is the only way to safeguard the future of automotive manufacturing in an era of escalating cyber threats.
Avella Security
www.avella-security.com
Automation | October 2025 35
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40
