Cybersecurity at Volvo: An integrated approach to IT/OT convergence

27 Nov 2024

Cybersecurity and IT/OT convergence: lessons from Volvo for a safer future

In a world where information (IT) and operational technologies (OT) are converging, Volvo exemplifies the importance of a strategic approach to securing its infrastructures and protecting industrial activities. At Lyon Cyber Expo, Bastien Laforêt, Head of the Digital Quality and Operations division, shared his insights on best practices, the risks associated with IoT, and methods to foster cybersecurity resilience within large industrial groups.

 

The Volvo group: a global leader facing digital challenges

With 104,000 employees across 18 countries, Volvo is much more than a truck manufacturer. French factories such as those in Bourg-en-Bresse and Vénissieux play a crucial role, particularly in electromobility. However, this globalization also makes the group vulnerable to targeted cyberattacks. Bastien Laforêt highlights that the convergence of IT/OT complicates securing assembly lines, with each factory having its own specificities.

 

The Target example: A pioneering attack

To illustrate the risks, the conference discussed the 2013 Target breach, where hackers exploited a weakness in an HVAC vendor’s system. By infiltrating the network, they compromised the payment terminals in 1,900 stores, stealing banking data from 110 million customers. This attack demonstrates that the security of an ecosystem also depends on the vigilance of external partners.

 

The three pillars of cybersecurity at Volvo

 

1. Security by Design: At Volvo, every system, whether old or new, is integrated into a security strategy from the outset. Obsolete equipment is isolated within “protective bubbles.” The goal is to ensure their operation while minimizing risks.

2. A culture of enhanced vigilance: Volvo invests in engaging training to raise employee awareness about cyber risks. For factory workers, simplified educational initiatives aim to reinforce good habits, such as avoiding connecting personal devices to industrial systems.

3. A three-line defense governance:

    • Operational: real-time tracking of vulnerabilities.
    • Governance: establishment of common rules, such as adopting NIS2 standards.
    • Audit: rigorous checks to ensure the application of security protocols.

      The challenges of tomorrow: resilience at the core of strategy

      Cyberattacks are constantly evolving, and Volvo is aware of this. By working on a comprehensive map of its connected equipment and integrating standards such as IEC 62443, the group shows that it’s not enough to simply protect—it’s essential to anticipate and respond swiftly. To succeed, Volvo combines digital tools, strong collaboration between IT and OT teams, and partnerships with external cybersecurity experts.

      Conclusion: Protecting Without Slowing Production

      At Volvo, cybersecurity is not optional. It is crucial for protecting customers, ensuring business continuity, and maintaining partner trust. This conference serves as a reminder that investing in cybersecurity, even for SMEs, is now a strategic imperative.

      Access the conference replay (FR)

      Lyon Cyber Expo, 19 september 2024, Confluence Auditorium – Synopsis

      In a world where technology is evolving at breakneck speed, cyber security has become a major concern for businesses of all sizes. As a global manufacturer, Volvo is at the forefront of cyber risk management, adopting a site-wide security strategy that addresses the challenges posed by the convergence of traditional information technology (IT) and operational technology (OT). While IT/OT convergence offers considerable advantages in terms of operational efficiency and capacity for innovation, it also exposes businesses to new cyber risks. From integrating security into the design of its products and systems to promoting a culture of vigilance where every employee is trained to recognise and report suspicious activity, from using the IEC 62443 standard to structure its industrial cyber security approach to developing strategic partnerships with industry leaders, find out how Volvo is responding to these challenges and making an ongoing commitment to the security of its operations, employees and customers.

      Photo credit: Volvo Group