A Cyberattack on Jaguar Land Rover Is Causing a Supply Chain Disaster

Almost immediately after the cyber attack, a group of Telegram called the dispersed lapsus hunters, claimed the responsibility for hacking. The name of the group implies a potential collaboration between three cowardly hacking collectives – Spander Spider, $ and brilliant hunters – which have been at the origin of some of the most publicized cyber attacks in recent years. They often consist of young English -speaking cybercriminals that target large companies.

Vehicle construction is an extremely complex process. Hundreds of different companies provide parts, materials, electronics, and even more for vehicle manufacturers, and these large supply chain networks are often based on “just in time” manufacturing. This means that they order parts and services to be provided in the specific quantities necessary and exactly when they need it – parts of parts are unlikely to be held by automobile manufacturers.

“The supplier networks that provide these manufacturing plants, they are all set up for efficiency – economic efficiency, as well as logistical efficiency,” said Siraj Ahmed Shaikh, Systems Security Professor at Swansea University. “There is a very carefully orchestrated supply chain,” adds Shaikh, speaking of automotive manufacturing in general. “There is critical dependence for suppliers who provide this type of operation. As soon as there is a disturbance in this type of installation, all suppliers are affected. ”

A company that manufactures glass roofs has started to fire workers, according to a Telegraph report. Meanwhile, another company told the BBC that it had dismissed around 40 people so far. The French Automobile Company Opthobility, which employs 38,000 people on 150 sites, told Wired that it made changes and monitored events. “Optional reconfigures its production on certain sites due to the closure of its production by one of its customers based in the United Kingdom and according to the evolution of the situation,” said a spokesperson for the company.

Although it is not clear which specific JLR systems have been affected by pirates and which JLR systems have taken offline proactively, many have probably been released to prevent the attack from worsening. “It is very difficult to ensure containment while you still have links between various systems,” explains Orla Cox, head of cybersecurity EMEA communications at FTI Consulting, who responds to cyber attacks and works on surveys. “Often also, there will be dependencies on different systems: you approach one, so it means that it has an effect on another.”

Whenever there is a hacking in a part of a supply chain – whether it is a manufacturer at the top of the pyramid or a lower company in the pipeline – digital connections between companies can be separated to prevent attackers from spreading from one network to another. Connections via VPN or API can be stopped, says Cox. “Some may even take stronger measures such as blocking of domains and IP addresses. Then, things like emails are no longer usable between the two organizations. ”

The complexity of digital and physical supply chains, extending to dozens of companies and production systems just in time, means that it is likely that everything in line and working speed fully. MacColl, the Rusi researcher, says that cybersecurity problems often fail to be debated at the highest level of British policy, but adds that this time could be different due to the extent of the disturbance. “This incident has the potential to reduce due to job losses and the fact that deputies in the constituencies affected by this will receive calls,” he said. This breakthrough has already started.