Disaster Recovery Journal Winter 2025

is not just to prevent intrusions, but to design systems that contain them. Software should be compartmentalized with least-privilege permissions, network segmentation, and rapid isolation capabilities. Routine exercises that simulate supplier compromise can help quantify potential blast radius and strengthen incident response coordination. n Implement Resilience Engineering : Cyber resilience must become as integral to manufacturing as mechanical redundancy. That means planning for controlled resets, hardware and software rollback paths, and “safe modes” that can decouple digital systems from physical operations in an emergency. The Economic, Strategic, and Safety Stakes Jaguar Land Rover’s shutdown is a case study in economic and operational fragility. The next crisis may not stop at the factory gate. Software supply chain attacks could compromise vehicles themselves, disrupt production silently, and create pathways for future exploitation. The stakes are economic, strategic, and, ultimately, safety-critical. The complexity of automotive supply chains—and software supply chains in particular—is only going to increase. Vehicles will become more connected and software-defined. The question is whether we build security into that complexity now, or wait for attackers to make their next move. v Martin, GE Vernova, and Vertiv as well as the US Army, US Navy, US Air Force, and dozens of other organizations, RunSafe Security identifies risk in your software supply chain, prevents exploitation of embedded systems, and monitors software for indicators of compromise and bugs. Saunders is also chairman of Ask Sage, a cloud agnostic and large language model agnostic platform that is transforming how government and business operate. He previously served as a management consultant for PricewaterhouseCoopers, a director at Thomson Reuters Special Services, and member of the management team of TARGUSinfo (sold Neustar for $800M). Saunders is a frequently sought-after speaker and panelist. Joe Saunders is founder and CEO of RunSafe Security. He leads a team of former national security cyber experts on a mission to make critical infrastructure safe. Working with companies such as Lockheed

The attackers achieved a nationwide economic impact, showing the potential for adversaries to exploit dependencies and interconnections in highly integrated manufacturing ecosystems. The more complex the supply chain, the greater the amplification of risk. Why Automotive Software Supply Chains Are at Risk Next The JLR attack exposed one layer of supply chain risk. The next may be buried in the software that runs today’s vehicles. Modern vehicles rely on hundreds of millions of lines of code, distributed across four or more layers of suppliers, including in-house development teams, third-party vendors, component manufacturers, and open-source software projects. Within that ecosystem, tens of thousands of developers contribute to the code that ultimately runs inside vehicles. Each addition, dependency, and update introduces potential exposure. This layered complexity creates a perfect environment for inherited vulnerabilities and invisible dependencies. When code from different origins merges into the same production line, a single compromise at any layer can affect the entire system. Without transparency into where components come from, what they contain, and which vulnerabilities they carry, automakers have little ability to assess their actual security posture. The implications go well beyond production downtime. A vulnerability buried in a software component could allow attackers to disable or manipulate critical functions, like braking or steering, putting safety, not just productivity, at risk. The JLR shutdown showed what a motivated attacker can achieve by disrupting IT and OT networks. A software supply chain attack puts both the safety of drivers and vehicles on the line. Motivated Attackers Are Watching and Waiting The threat group that has claimed responsibility for the JLR attack, Scattered Lapsus$ Hunters, has demonstrated patience and strategic targeting. Earlier this year, the same actors struck other organizations, gathering intelligence

that could serve future objectives. They have leveraged stolen credentials, social engineering, and compromised platforms to infiltrate multiple companies worldwide, from Google to Cloudflare to Palo Alto Networks. These campaigns illustrate that attackers are motivated, well-resourced, and persistent. They observe, map, and collect intelligence, pre-positioning themselves for maximum disruption. The JLR shutdown is a preview of what is possible when operational dependencies intersect with attacker patience and ambition. A software supply chain compromise could provide adversaries with long-term access and intelligence, enabling attacks that could affect production, vehicles, and even national transportation infrastructure. Next Steps for Supply Chain Security The automotive industry can either continue with opacity and hope to not be the victim of an attack, or invest in transparency and resilience. To move toward resilience, automakers and suppliers can take several steps. n Implement Software Bill of Materials (SBOMs) : Every tier of software manufacturer should provide transparency into components and dependencies through build-time SBOMs. Understanding the security posture of your suppliers, including the country of origin of a component, is just as important as assessing your own. Without visibility into components and dependencies, automakers cannot accurately assess exposure or respond when a vulnerability is disclosed. Transparency at scale enables faster patching, reduces uncertainty, and builds collective resilience. n Establish Shared Threat Intelligence : Shared data on vulnerabilities, threat indicators, and exploit attempts can help the entire automotive ecosystem detect and contain attacks before they spread. n Assume Breach, But Limit Spread :

Every company in the supply chain must operate under the assumption compromise is inevitable. The goal

DISASTER RECOVERY JOURNAL | WINTER 2025 23