Chris: Looking at the overall supply chain is one of the most powerful components or processes that an automotive manufacturer can do. The pressure of getting components ready to go to market is unbelievably compressed. Even though, for the outsider, it may seem like a very long time between vehicle models, it’s actually relatively short.
So when we look at the survey, and 19% of respondents said they don’t do enough security testing during the requirements and design phase, and only 28% said that development and testing is where they do a lot of the testing, it is clear that effective testing is happening far too late. For the majority, testing is post-release, which can lead to a 6x–14x increase in cost.
So if we enable suppliers to improve cyber security testing and vulnerability management early through the supply chain, we get a much better result.
Tim: That’s right. You really need to take a risk-based, process-driven approach to building cyber security throughout your product development life cycle. But the twist is, that life cycle has to include a whole bunch of different-tiered suppliers that bring it together. Right now, you’re seeing too much of a catch-basin approach, where there is holistic testing after it’s all done. It’s good to try to find all these vulnerabilities. But it should be done during the design phase.