Missing Cybersecurity Evidence Can Delay Production

Missing Cybersecurity Evidence Can Delay Production

The next production delay may not come from a missing component. It may come from missing cybersecurity evidence. In this episode of Cybersecurity Under Pressure: real attacks, real lessons, we look at a growing risk in automotive supply chains: suppliers may deliver the ECU, the software may work, and the release plan may look under control. Then a vulnerability appears, a VSOC event raises questions, or the OEM asks whether a specific component, diagnostic function, OTA path, certificate or backend dependency is affected. Suddenly, the blocking item is not hardware. It is evidence. We discuss why generic documentation is not enough during a real incident. Automotive teams need decision-grade evidence: affected-version mapping, VEX-enriched SBOMs, vulnerability impact analysis, TARA delta, V&V evidence, mitigation status, incident timelines, escalation contacts and cybersecurity case support. A raw SBOM can become a trap. Without exploitability justification, engineering teams may waste critical time chasing theoretical CVEs that are not reachable in the actual ECU architecture. The supplier must own the first exploitability assessment, while the OEM or Tier 1 still owns the final risk decision. Because supplier governance is no longer just a purchasing annex. It is a production resilience control. Listen now and subscribe to Cybersecurity Under Pressure for practical lessons on automotive cybersecurity, supply chain risk and real-world product incident response.

An IDPS Alert Is Not an Incident Response Capability

Detecting a suspicious event in a vehicle is not the same as knowing what to do next. In this episode of Cybersecurity Under Pressure: real attacks, real lessons, we look at one of the weakest points in automotive cybersecurity: the gap between detection and decision-making. A vehicle may report suspicious diagnostic behaviour. A backend may receive telemetry. A VSOC may flag an anomaly linked to connectivity, certificates, OTA, CAN traffic or unexpected service requests. The alert exists. But the real problem starts after that. Who owns the next action? Is it a cyber incident, a vulnerability, a supplier software defect, a quality issue or a false positive? Which ECU, software version, backend service, vehicle programme or aftersales process is affected? Can the evidence be trusted enough to support a product decision? We discuss why IDPS and VSOC tooling are not enough without pre-agreed triage criteria, trusted evidence sources, supplier forensic agreements, TARA impact rules, cybersecurity case update triggers and clear containment decision rights. Because in automotive cybersecurity, the real capability is not the alert. It is the ability to turn that alert into a defensible product decision before the incident becomes a governance problem. Listen now and subscribe to Cybersecurity Under Pressure for practical lessons on automotive cybersecurity, product risk and real-world incident response.

The Restart Bottleneck Is Not the Backup. It Is the Evidence.

After an OT cyber incident, restoring systems is only the visible part of recovery. The harder question comes next: who can prove that production is safe to restart? In this episode of Cybersecurity Under Pressure: real attacks, real lessons, we look at why OT recovery is different from IT recovery. A backup may exist. The PLC logic may appear unchanged. The virtual machine may boot. But in automotive and high-cadence manufacturing, restarting without trusted evidence can create a second crisis. We discuss engineering workstations, SCADA-related Windows servers, virtualised OT environments, dwell-time assessed baselines, out-of-band evidence, tamper-evident logs and pre-agreed IT/OT go/no-go criteria. The real challenge is not only technical recovery. It is building enough operational confidence for plant management, cybersecurity, quality and product safety to make a defensible restart decision under pressure. Because in OT, the strongest recovery teams are not the ones with the longest backup catalogue. They are the ones that can answer one question with evidence: Why is it safe to restart now? Listen now and subscribe to Cybersecurity Under Pressure for practical lessons on OT cybersecurity, industrial resilience and real-world cyber risk.

When ECUs Meet Malice

What if the most vulnerable point in automotive cybersecurity isn't the car itself, but the station that gives it its software identity, setting the stage for a potential disaster that could put lives at risk. In this episode we break down the critical intersection of product cybersecurity and factory cybersecurity, and explore the potential consequences of a compromised ECU flashing station. We walk through a real-world scenario where a flaw in the flashing process could lead to a supply chain crisis, and discuss the importance of bridging the gap between corporate and vehicle security teams. By the end of this episode, you'll understand the urgent need for a unified approach to automotive cybersecurity. The reality is that a breach at the flashing station could have far-reaching consequences, from safety issues to reputational damage, and could change the way you think about the entire automotive supply chain. Subscribe to our podcast for more insights into the latest cybersecurity threats and trends, and join the conversation on the most critical issues facing the industry today. #automotivecybersecurity #cybersecuritymatters #supplychainrisk

Zero Trust Meets Twenty Year Old Code

What happens when a twenty-year-old industrial control system meets the latest Zero Trust security protocols, and the two just can't seem to get along? In this episode we break down the challenges of implementing Zero Trust in industrial environments, where legacy devices don't speak the language of modern identity and security. We walk through real-world examples of how to design a Zero Trust architecture that works with, not against, these older systems. We argue that strong authentication and mediation are key to reducing exposure without disrupting production. The distinction between a good and a bad Zero Trust design can be the difference between a secure and a breached industrial system, with very real consequences for the people and processes that rely on it. Subscribe to our podcast for more insights into the intersection of security and industrial technology, and join the conversation about what it takes to protect our most critical systems. #ZeroTrust #OTSecurity #IndustrialCybersecurity