On Sunday, June 17, 2018, Elon Musk sent an email to all Tesla employees alleging that a malicious employee tweaked code on internal products and released company data without authorization.
In his email, Musk wrote that this employee “made direct code changes to the Tesla Manufacturing Operating System under false usernames and export[ed] large amounts of highly sensitive Tesla data to unknown third parties.”
Read more in CNBC’s article “Elon Musk emails employees about ‘extensive and damaging sabotage’ by employee”.
The employee, who has recently been fired and sued by Tesla, “placed software on the computer system that would continue to run even when he left the company,” according to the suit.
This internal attack on Tesla’s business is the latest in a string of similar breaches that have been based on shared passwords and/or a lack of access control, including the Crash Override attack, which took down part of the Ukrainian power grid, and BrickerBot, which targeted communications systems to brick millions of IoT devices across multiple industries.
Critical operations in companies across many industries have faced similar security breaches. These vulnerabilities are endemic in the industry due to the challenges that centralized IT solutions face securing role-based access to manufacturing systems and data. Current security solutions are ill-suited to protect against cyber attacks because of the lack of decentralized identity and access management capabilities that:
- Work across multiple manufacturing islands.
- Base security on the identity of the user, removing the need for users to share passwords of individual machines and applications.
- Provide granular access control, so users have access only to the data and functions appropriate for their role.
By deploying decentralized, tamperproof user authentication and access control, companies can protect their operations. With these solutions, operators can manage user and device identities, credentials, and access control policies to avoid the reputational and financial losses that follow many security breaches.