36 votes

UK's Jaguar Land Rover cyberattack shutdown to hit four weeks

12 comments

  1. [4]
    Aerrol
    Link
    They let their insurance lapse?! The hubris is breathtaking...

    They let their insurance lapse?! The hubris is breathtaking...

    16 votes
    1. [3]
      SloMoMonday
      Link Parent
      IT insurance has been a bit of a mess lately and my guess is that the normal renewal window they planned for was not nearly enough. Usual cover is for things like data breaches, service...

      IT insurance has been a bit of a mess lately and my guess is that the normal renewal window they planned for was not nearly enough. Usual cover is for things like data breaches, service disruption, software faults/errors, fintech crimes and the like. Digital first businesses are more complex, but Physical company with backoffice IT infrastructure was a fairly well understood field. And as long as you can demonstrate there is reasonable precautionary and recovery measures; it's not that hard to land on a fair deal.

      LLMs have really thrown a wrench in things. Mostly because no one really understands what they are capable of, what they risks are and what prevention/recovery even looks like. And even if the technology is not nearly as robust as they claim to be, the rapid widespread and very cheap costing has already led to a ton of problems in terms of internal and external risks. Problems that AI companies refuse to acknowledge and communicate to customers. I would not be surprised if the negotiations delay was directly caused by a decision to implement Copilot or some other seemingly innocuous decision to get on the AI bandwagon.

      The foundation of IT security are concepts like compartmentalization, permissions, controls, abstraction and user intuition. And the juvinile way a lot of people think to implement the "simple" LLMs tools means bulk dumping swaths of that strictly controlled data into a models context and prompting your way to some vauge ideal of efficiency.

      Its nice to assume no reasonable company would even consider doing such a thing. But apparently Cursor can write and adjust unit tests for code that it wrote itself and that is being so to paying customers. So standards for unreasonable are very different with this tech.

      90% of a threat actors job is done for them and all they need is access to any LLM interface to do damage. Don't remember if I posted it here but this is from last years Black Hat conference. I suspect the situation will be worse this year.

      17 votes
      1. [2]
        CannibalisticApple
        Link Parent
        Thank you for adding all this context. I was curious since the one article specifically said they "failed to finalise a cyber insurance deal brokered by Lockton ahead of the incident". That...

        Thank you for adding all this context. I was curious since the one article specifically said they "failed to finalise a cyber insurance deal brokered by Lockton ahead of the incident". That wording gave me the feeling there were some extra factors with the deal that required them to negotiate and change details for some reason. Just wasn't sure if that was due to penny-pinching attempts by the company or waiting until the last minute, or changes by the insurer, or something else.

        It makes sense that the plans can't just "auto-renew" given how technology is rapidly advancing and changing, especially with larger companies. I imagine even before the advent of AI, the terms would change each year to account for new equipment or tech since that stuff is ever-changing. And a cursory search brings up several articles about how JLR is using AI both in cars and for internal IT purposes, so likely a lot of uncertain ground to cover.

        I just want to know how close they were to finalizing a deal. Imagine if they were only a day away from signing...

        4 votes
        1. Greg
          Link Parent
          It does also make me wonder if perhaps the insurance company did some due diligence on JLR's overall cybersecurity situation and basically said "you're asking us for the equivalent of life...

          It does also make me wonder if perhaps the insurance company did some due diligence on JLR's overall cybersecurity situation and basically said "you're asking us for the equivalent of life insurance on a 106 year old chain smoker, we're not covering shit until you get it up to standard" - basically I'm thinking that it's maybe the same lack of security that caused both the renewal delays and the attack, rather than the timing being a tragic coincidence.

          9 votes
  2. [6]
    preposterous
    Link
    This sounds negligent on tata’s part… no insurance coverage and no continuity plan for a company this size (and publicly traded)?

    This sounds negligent on tata’s part… no insurance coverage and no continuity plan for a company this size (and publicly traded)?

    13 votes
    1. [2]
      Greg
      Link Parent
      Honestly even if they’d had insurance I kind of feel like when we’re talking about organisations with this level of resources, such a large impact from an attack points to negligence anyway (or at...

      Honestly even if they’d had insurance I kind of feel like when we’re talking about organisations with this level of resources, such a large impact from an attack points to negligence anyway (or at least incompetence, which is a fine line when your job as leader of a significant organisation is to hire and oversee competent specialists in whatever areas are needed).

      They’re apparently losing ~$10m/day from this, and the cost of keeping a decent disaster recovery team on staff with all the resources they need should be somewhere in the low single digit millions per year, so they’ve torpedoed themselves for the sake of saving a few hours of potential losses. Which are now actual losses because of that.

      17 votes
      1. preposterous
        Link Parent
        This hopefully teaches a lesson to MBAs everywhere that security isnt a nice to have. Right…

        This hopefully teaches a lesson to MBAs everywhere that security isnt a nice to have. Right…

        7 votes
    2. [3]
      whbboyd
      Link Parent
      As a point of… clarity? Additional confusion? IDK. But anyway, Jaguar ("Jaguar Land Rover", "JLR") outsourced their cybersecurity to a company called "Tata Consultancy Services", or TCS, which is...

      As a point of… clarity? Additional confusion? IDK. But anyway, Jaguar ("Jaguar Land Rover", "JLR") outsourced their cybersecurity to a company called "Tata Consultancy Services", or TCS, which is also owned by Tata Group, the umbrella company. It's not clear to me (and probably, intentionally, to anyone) if this was JLR's MBAs stupidly jumping at a sweetheart deal offered by their owner; Tata Group handing down a decision to further consolidate their holdings; or just run-of-the-mill corporate incompetence.

      TCS has, obviously, completely and utterly failed at their job, but it's very important that nobody be allowed to scapegoat them. Whoever pulled the strings here made the intentional decision to gut JLR's security, and they should be the ones held to account for the harm done.

      5 votes
      1. [2]
        DeaconBlue
        Link Parent
        Serious question, what does "held to account" mean in this context? Are any of the situations that you listed actually against any UK laws? If not, isn't holding them accountable just kind of...

        Serious question, what does "held to account" mean in this context? Are any of the situations that you listed actually against any UK laws? If not, isn't holding them accountable just kind of firing them and getting them out of the corporate structure?

        2 votes
        1. preposterous
          Link Parent
          Safeguarding shareholders interests is what they can be liable for I’d wager.

          Safeguarding shareholders interests is what they can be liable for I’d wager.

          3 votes
  3. skybrian
    Link
    From the article: ... And here's an update from the Guardian: UK government will underwrite £1.5bn loan guarantee to Jaguar Land Rover after cyber-attack ... ...

    From the article:

    Britain's biggest carmaker Jaguar Land Rover is extending the closure of its factories until October 1 following a cyberattack in early September that has left its operations paralysed and smaller suppliers struggling.

    The luxury carmaker, owned by India's Tata Motors (TAMO.NS), opens new tab, has three factories in Britain, which together produce about 1,000 cars per day. The company is losing 50 million pounds ($68 million) a week, according to the BBC, with many of its 33,000 staff told to stay at home.

    ...

    The automaker failed to finalise a cyber insurance deal brokered by Lockton ahead of the incident, and appears to be uninsured directly for the attack, three senior cyber insurance market sources told The Insurer. JLR declined to comment.

    British business minister Peter Kyle and industry minister Chris McDonald visited JLR on Tuesday and talked to the CEO and senior executives about the impacts of the attack and how the company can work towards restarting production.

    And here's an update from the Guardian:

    UK government will underwrite £1.5bn loan guarantee to Jaguar Land Rover after cyber-attack

    The loan, from a commercial bank, is expected to give the company’s suppliers some certainty.

    The government will give its backing to the loan through the export development guarantee, which is aimed at helping UK exporters.

    It will be paid back over five years.

    ...

    On Saturday, a report in the Sunday Times said JLR was planning to reopen its £500m engine manufacturing centre in early October, with suppliers put on notice that production at its Wolverhampton facility would resume on 6 October subject to tests.

    ...

    Following the cyber-attack, the company was forced to shut down most of the systems it uses to track parts, vehicles and tooling in its factories, as well as everything to do with selling its luxury Range Rover, Discovery and Defender SUVs.

    JLR has subsequently restarted some IT systems and regained the ability to repay suppliers, send parts to mechanics to repair vehicles on the road, and send finished cars at its factories to showrooms.

    10 votes