An IDPS Alert Is Not an Incident Response Capability

An IDPS Alert Is Not an Incident Response Capability

Detecting a suspicious event in a vehicle is not the same as knowing what to do next. In this episode of Cybersecurity Under Pressure: real attacks, real lessons, we look at one of the weakest points in automotive cybersecurity: the gap between detection and decision-making. A vehicle may report suspicious diagnostic behaviour. A backend may receive telemetry. A VSOC may flag an anomaly linked to connectivity, certificates, OTA, CAN traffic or unexpected service requests. The alert exists. But the real problem starts after that. Who owns the next action? Is it a cyber incident, a vulnerability, a supplier software defect, a quality issue or a false positive? Which ECU, software version, backend service, vehicle programme or aftersales process is affected? Can the evidence be trusted enough to support a product decision? We discuss why IDPS and VSOC tooling are not enough without pre-agreed triage criteria, trusted evidence sources, supplier forensic agreements, TARA impact rules, cybersecurity case update triggers and clear containment decision rights. Because in automotive cybersecurity, the real capability is not the alert. It is the ability to turn that alert into a defensible product decision before the incident becomes a governance problem. Listen now and subscribe to Cybersecurity Under Pressure for practical lessons on automotive cybersecurity, product risk and real-world incident response.

The Restart Bottleneck Is Not the Backup. It Is the Evidence.

After an OT cyber incident, restoring systems is only the visible part of recovery. The harder question comes next: who can prove that production is safe to restart? In this episode of Cybersecurity Under Pressure: real attacks, real lessons, we look at why OT recovery is different from IT recovery. A backup may exist. The PLC logic may appear unchanged. The virtual machine may boot. But in automotive and high-cadence manufacturing, restarting without trusted evidence can create a second crisis. We discuss engineering workstations, SCADA-related Windows servers, virtualised OT environments, dwell-time assessed baselines, out-of-band evidence, tamper-evident logs and pre-agreed IT/OT go/no-go criteria. The real challenge is not only technical recovery. It is building enough operational confidence for plant management, cybersecurity, quality and product safety to make a defensible restart decision under pressure. Because in OT, the strongest recovery teams are not the ones with the longest backup catalogue. They are the ones that can answer one question with evidence: Why is it safe to restart now? Listen now and subscribe to Cybersecurity Under Pressure for practical lessons on OT cybersecurity, industrial resilience and real-world cyber risk.

When ECUs Meet Malice

What if the most vulnerable point in automotive cybersecurity isn't the car itself, but the station that gives it its software identity, setting the stage for a potential disaster that could put lives at risk. In this episode we break down the critical intersection of product cybersecurity and factory cybersecurity, and explore the potential consequences of a compromised ECU flashing station. We walk through a real-world scenario where a flaw in the flashing process could lead to a supply chain crisis, and discuss the importance of bridging the gap between corporate and vehicle security teams. By the end of this episode, you'll understand the urgent need for a unified approach to automotive cybersecurity. The reality is that a breach at the flashing station could have far-reaching consequences, from safety issues to reputational damage, and could change the way you think about the entire automotive supply chain. Subscribe to our podcast for more insights into the latest cybersecurity threats and trends, and join the conversation on the most critical issues facing the industry today. #automotivecybersecurity #cybersecuritymatters #supplychainrisk

Zero Trust Meets Twenty Year Old Code

What happens when a twenty-year-old industrial control system meets the latest Zero Trust security protocols, and the two just can't seem to get along? In this episode we break down the challenges of implementing Zero Trust in industrial environments, where legacy devices don't speak the language of modern identity and security. We walk through real-world examples of how to design a Zero Trust architecture that works with, not against, these older systems. We argue that strong authentication and mediation are key to reducing exposure without disrupting production. The distinction between a good and a bad Zero Trust design can be the difference between a secure and a breached industrial system, with very real consequences for the people and processes that rely on it. Subscribe to our podcast for more insights into the intersection of security and industrial technology, and join the conversation about what it takes to protect our most critical systems. #ZeroTrust #OTSecurity #IndustrialCybersecurity

Beyond Backup Recovery

What happens when a production line grinds to a halt, not because of a technical failure, but because trust in the engineering environment has been lost? In this episode we break down the real cost of an OT cyber incident, and explore the complexities of recovery in operational technology environments. We walk through a real case where the question is no longer just about restoring systems, but about proving that the process can be trusted again. We argue that many organisations are weaker than they think when it comes to validating engineering workstation integrity and confirming PLC logic. The ability to quickly and effectively respond to an OT cyber incident can mean the difference between a minor disruption and a six-figure business problem, making it a critical consideration for anyone working in operational technology. Subscribe to our podcast for more insights on the intersection of technology and business, and join the conversation on the real-world implications of OT cyber incidents. #OTcybersecurity #operationaltechnology #industrialcontrolsystems