The world is amid the worst crime epidemic in recorded history. Since the beginning of the COVID-19 pandemic,  cybercrime has risen 600%. In 2015, cybercrime cost companies across the world $3 trillion USD and that number is on track to more than triple to  $10.5 trillion USD by 2025. Cybercrime is driving the greatest transfer of economic wealth in history

The rapid digitization of the automotive industry has placed them squarely the sights of the cyber criminals. The last five years has seen a dramatic surge in theft targeting keyless entry systems with sophisticated radio attacks, and more recently ransomware attacks against manufacturers and suppliers. Some reports claim automotive cybersecurity attacks have grown by over 500% in this period.

The automotive industry is not deaf to this problem, but faces a chronic shortage of cybersecurity skills. This is not specific to the industry: according to the  International System Security Certification Consortium there remains over 4 million unfilled cybersecurity positions across the world. As widespread attacks increase in both frequency and complexity, the critical need for cybersecurity professionals grows even faster.

What can be done?

1.  Seed the fields

A US survey of 4000 millennials found that 67% of men and 77% of women had never had a high school teacher or careers counsellor mention the idea of a cybersecurity career to them. The EU Agency for Cybersecurity’s 2021 report offered several recommendations:

• Increase promotion of and enrolment in cybersecurity programmes
• A unified approach across Government, Industry and Universities
• Ongoing monitoring of the cybersecurity market’s trends and needs

Of course, the resulting cybersecurity expertise will be of little use in facing the immediate threats.

2.  Source Locally

The skill shortage is amplified in industries like automotive which need cybersecurity expertise to be combined with familiarity in established engineering practices. General cybersecurity specialists who do not have established engineering experience find it difficult to integrate their expertise into the product development process. For this reason, automotive companies often find it better to retrain existing engineers as cybersecurity specialists.

The EU funded Drives Program is a good example of an industry coordinated approach to identifying gaps in roles and skill levels, and then generating the necessary training programmes. However, a vocational role-based perspective limits its agility - a key ingredient for rapid response to current threats.

3.  Right Time, Right Place

The greatest benefit comes from grafting the cybersecurity skills into the existing engineering roles. Many critical cybersecurity mitigations are not best performed by experts, but by the software and hardware engineers that are building the systems. These are preventive controls that thwart cybersecurity vulnerabilities before they are introduced (as discussed in an earlier post).

This requires a different kind style of training – not focused on vocational roles, but providing specific skills for the task at hand, delivered just when it is needed. Such agile cybersecurity training efficiently generates cybersecurity capability exactly when and where it is most effective.