The disclosure earlier this week that Tesla CEO Elon Musk reportedly informed all of his employees about a rogue worker conducting “extensive and damaging sabotage” to the company’s operations very much deserves the news coverage it has gotten.
Musk reportedly sent out an internal email describing how an unnamed insider allegedly made unspecified code changes to the company’s manufacturing systems. The news agency Reuters, which viewed a copy of Musk’s email, quotes it as saying: “The full extent of his actions are not yet clear, but what he has admitted to so far is pretty bad . . . His stated motivation is that he wanted a promotion that he did not receive.”
For now the company is investigating the matter, focused on determining if the employee acted alone, or with co-conspirators.
For a cutting-edge company like Tesla, its security practices seem to be pretty lax, especially in light of previous suspicions of sabotage two years hence. In 2016, the company sued a former oil-services executive for impersonating Musk while crafting an email message sent to former Tesla CFO Jason Wheeler. The lawsuit describes how that email was part of an oil-industry effort to undermine the company’s push for energy-efficient transportation.
Fast forward to this week. Based on the limited information available, the alleged saboteur was able to accomplish a series of pretty advanced steps to access and inflict damage on the company jewels. This included:
•Hijacking other employees’ accounts to gain access to sensitive systems and data.
•Modifying production code affecting manufacturing operations.
•Exfiltrating highly sensitive data to external third parties.
Each one of these steps should be sounding alarms in a well-protected environment, as these are the most watched insider activities, and their concentration around a single person would be a huge risk booster.
Apparently known fact that the suspect was upset at being passed over for promotion is a must-have red flag for any insider threat program, and the ongoing massive layoffs should have had the whole security team at the heightened state of alertness for malicious activities.
Whether this employee was a highly skillful hacker to avoid the detection, or Tesla’s cyber defenses were not up to snuff, remains to be seen, but the value of adequate insider threat program at the company whose very survival depends on intellectual property and flawless execution cannot be underestimated.
About the essayist: Igor Baikalov is Chief Scientist at Securonix. Based in Addison, TX, the company is a leading provider of advanced next-generation SIEM (security information and event management) and UEBA (user and entity behavior analytics) solutions.
*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at: https://www.lastwatchdog.com/guest-essay-heres-why-tesla-has-been-sabotaged-twice-in-two-years-lax-network-security/