The recent cyberattack on Jaguar Land Rover (JLR), which forced factory closures and disrupted production, is another reminder of how vulnerable connected industries have become. Modern automotive and manufacturing operations rely on networks of connected devices, from robotic arms on the production line to electronic control units (ECUs) inside vehicles. When security breaks down, the consequences quickly ripple across operations, supply chains, and customers. 

Connected Factories, Connected Risks 

Reports confirm that JLR’s UK operations were significantly disrupted by the incident. While the breach was most likely due to an IT-based attack, it highlights how vulnerable global supply chains are, particularly in automotive. IoT and OT devices are increasingly becoming the weak link as IT systems are hardened against common attacks like phishing. 

These environments face unique challenges: 

• Devices often run for years without patching or updates 

• Default or hardcoded credentials still exist in many deployments 

• Third party software and suppliers create hidden dependencies 

• The scale of connected endpoints makes manual management impossible 

For global manufacturers, this creates a wide attack surface where disruption can be swift and costly. 

Why Identity and Access Management Is Central 

The JLR incident highlights the importance of identity and access management (IAM) for IoT and OT devices. Just as employees and systems in IT networks require strong authentication, connected devices also need unique, verifiable identities. Without this foundation, it becomes difficult to know which devices to trust, which actions to allow, and how to respond when compromise occurs. 

Key principles of effective IAM for IoT include: 

• Assigning each device a unique cryptographic identity 

• Automating the issuance, rotation, and revocation of credentials 

• Applying Zero Trust principles, where no device or connection is trusted by default 

• Monitoring device behavior for anomalies or signs of compromise 

Building Resilience in Automotive and Manufacturing 

For automotive manufacturers, strong device identity is no longer only about compliance with regulations such as UNECE WP.29 or ISO/SAE 21434. It is a resilience strategy. By ensuring that every device can be authenticated and every action can be validated, organizations gain the ability to contain threats, limit lateral movement, and recover faster from disruptions. 

For a deeper exploration of how manufacturers can strengthen connected vehicle security, Device Authority has published a white paper on the benefits of OEM-owned Key Management Systems (KMS) for Connected Vehicles. It outlines how taking ownership of cryptographic key management can enhance security, compliance, and operational control across the automotive ecosystem.
Read the white paper here 

What Leaders Can Take Away 

The lessons from the Jaguar Land Rover attack are relevant across sectors: 

1. Identity is a foundation for trust. If a device cannot be trusted, neither can the data or actions it produces. 

1. Automation reduces risk. Human-driven processes cannot keep pace with the number of devices in modern operations. 

1. Zero Trust is not just for IT. IoT and OT must be part of the strategy if organizations want end-to-end protection. 

Looking Ahead 

The rise in cyber incidents across automotive and manufacturing makes clear that connected operations need stronger safeguards. Building resilience starts with securing device identities and automating their management throughout the lifecycle. 

Cybersecurity for connected industries is not simply about protecting technology. It is about ensuring business continuity, safeguarding jobs, and protecting customers from the fallout of disruption.