Red Teaming in the Automotive Industry

Red teaming is a crucial aspect of cybersecurity in the automotive industry. By following the tactics, techniques and procedures (TTPs) of real attackers, red teaming simulates real-world attacks to test an organization's defenses, detect potential vulnerabilities and improve security measures. This allows for an early response, preventing significant damage.

But red teaming is not for everyone. It is most beneficial for mature organizations with established baseline security defenses and incident response capabilities. Companies with a robust security infrastructure can use red teaming to test their processes and detections, ensuring they are well-protected against sophisticated attacks.

In a January 2025 episode of “Empowering Tomorrow’s Automotive Software” podcast, ETAS experts, Rene Reuter and Wolfgang Neufeld, took listeners on a journey through the ins and outs of red teaming. The following summarizes some topics included in their discussion – you can hear the full episode here or wherever you listen to podcasts (e.g., Spotify, Apple Podcasts, Amazon Music, iHeart Radio, etc.)

Red Teaming vs. Penetration Testing

While red teaming and penetration testing aim to identify vulnerabilities, they differ in scope and approach. Penetration testing focuses on finding as many vulnerabilities as possible within a defined scope, often with detailed technical information. Red teaming aims to achieve specific objectives, such as stealing sensitive data or compromising systems, using any available vulnerabilities.

Use in the Automotive Industry

With the increasing connectivity of vehicles, red teaming has become essential in the automotive industry. Modern cars are connected to various systems, including mobile applications and back-end servers, making them potential targets for cyberattacks. Red teaming can help identify vulnerabilities in these interconnected systems, ensuring the safety and security of vehicles.

A major threat in the automotive industry is supply chain attacks. By compromising a developer's system, attackers can inject malicious code into the software that eventually lands on an ECU (electronic control unit). This can have severe consequences, potentially compromising entire fleets of vehicles and confirms the need for and importance of red team testing.

Internal vs. External Red Teams

There is an ongoing debate about using internal or external red teams. Internal red teams have the advantage of familiarity with the organization's systems and can conduct continuous testing. However, external red teams bring a fresh perspective and can more effectively simulate real-world attacks especially in social engineering engagements. Both bring something unique and valuable to the table, so in general, using internal and external teams is ideal.