Background: The Need for (Cyber) Speed
McLaren Automotive is a brand that needs no introduction. Renowned for its high-performance supercars, the company produces some of the most innovative, iconic, and exciting cars ever made, both on and off the racing tracks. For this reason, the company places significant emphasis on automotive cybersecurity.
Bruce McLaren, the company’s legendary founder, once famously said, “Life is measured in achievement, not in years alone.” Following his vision, McLaren’s automotive cybersecurity team set a goal to achieve the highest possible cybersecurity standard for their cars and their Cybersecurity Management System (CSMS), in line with regulatory requirements. With the increasing complexity of connected vehicles and stringent regulations, McLaren sought a solution to ensure comprehensive security and compliance for their automotive software and electronic control units (ECUs).
On the Fast Track to CSMS: McLaren’s Cybersecurity Goals
McLaren’s automotive cybersecurity team identified three primary goals for their cybersecurity operation, necessitating a comprehensive solution:
- Risk Assessment and Analysis: Understanding and managing the risks associated with connected vehicles, including vulnerabilities, to mitigate them quickly.
- Regulatory Compliance: Ensuring McLaren’s vehicles meet legislative standards for cybersecurity, such as ISO 21434, WP.29 R155, and more.
- Engineering Team Training: Upskilling the team to design secure embedded systems.
The McLaren team needed a solution that offered detailed vulnerability information and supported their internal software development processes, requiring comprehensive asset management and vulnerability management capabilities, as well as robust integration with McLaren’s existing toolchain and workflow.
A Winning Team: Choosing Cybellum’s Product Security Platform
McLaren evaluated multiple solutions before choosing Cybellum’s Product Security Platform. A few key factors influenced their decision:
- Customized for the Automotive Industry: A platform tailored specifically for automotive cybersecurity, setting it apart from other enterprise-focused solutions.
- Advanced Vulnerability Management Capabilities: The ability to detect vulnerabilities, prioritize them efficiently, and provide actionable insights.
- Integration with McLaren’s Ecosystem: A solution that fit seamlessly into McLaren’s existing infrastructure, allowing them to maintain control over their software and data.
Collaborating with McLaren Automotive's cybersecurity team is a true masterclass. McLaren is setting new benchmarks in automotive cybersecurity, and with Cybellum's Product Security Platform, I'm confident they'll not only achieve their ambitious goals but also become renowned for both their incredible cars and unmatched cybersecurity.
Eddie Lazebnik, VP Channel Sales, Cybellum
Jump Starting: Deployment & Customization
Cybellum provided a dedicated team of experts to integrate and customize the Product Security Platform for McLaren’s unique IT infrastructure. This process included:
- Discovery: Mapping tools, products, and IT requirements.
- Concept Plan: Forming a solution concept, including deployment architecture.
- Implementation: Ensuring full usage of the system in the context of the intended use cases.
A key focus was ensuring full support for Kubernetes AKS in McLaren’s instance of the Product Security Platform. After a joint discovery session, a high-level deployment architecture was established for accurate and automatic data exchange with AKS.
One of the main goals of this process was to ensure full support for Kubernetes AKS in McLaren’s instance of the Product Security Platform. After a joint discovery session between Cybellum and McLaren Engineers, the following high-level deployment architecture was built to allow for accurate and automatic data exchange with AKS:
Enjoying the Ride: How McLaren Will Use Cybellum’s Solution
McLaren aims to streamline the management of multiple CSMS activities using Cybellum’s platform. Key functionalities include:
- Comprehensive Software Audits & Asset Management: Producing a detailed SBOM for visibility into the software used in McLaren’s products.
- Vulnerability Detection and Management: Detecting known and potential vulnerabilities, including CVEs and CWEs.
- Vulnerability Prioritization: Narrowing down irrelevant vulnerabilities automatically using Cybellum’s VM CoPilot.
- Regulatory Compliance & Evidence Creation: Defining controls and producing compliance-ready reports aligned with UN Regulation No. 155.
- CSMS Risk Management: Tracking cybersecurity KPIs using the platform’s CSMS Cockpit.
- Software Security Strategy: Developing a strategy aligned with ISO 30111.
- Continuous Monitoring: Adapting to new threats and vulnerabilities through regular reviews.
By using Cybellum’s Product Security Platform, McLaren plans to achieve ongoing identification of vulnerabilities relevant to its products and components, based on SBOMs, binary files, and other sources of asset data. The platform’s context-aware detection and prioritization capabilities provide McLaren’s security team with a contextual evaluation of threats and vulnerabilities, enabling them to address the most relevant high-severity threats.
The Road Ahead: McLaren’s Future Cybersecurity Vision
McLaren aims to further automate their cybersecurity processes and integrate Cybellum’s solution with other tools, such as Jira. This will enhance their ability to manage vulnerabilities across numerous ECUs in their vehicles.
The collaboration between McLaren and Cybellum exemplifies a strategic approach to automotive cybersecurity. By leveraging Cybellum’s Product Security Platform, McLaren ensures their vehicles are not only technologically advanced but also secure—providing customers with peace of mind.
About Cybellum
Cybellum is where teams do product security. Automotive OEMs, suppliers, and device manufacturers like Jaguar Land Rover, Supermicro, Danaher, and Faurecia use Cybellum’s Product Security Platform to manage cybersecurity risk and compliance across business units and lifecycle stages. From Asset & SBOM Management to Vulnerability Management and Incident Response, Cybellum helps ensure connected products remain secure and compliant.