Mastodawn

Kevin Beaumont Sep 23, 2025

Edit: I broke the thread again by mistake. Prior thread: https://cyberplace.social/@GossiTheDog/115242040984922549

Jaguar Land Rover have extended their car production shutdown for at least another week: https://www.bbc.com/news/articles/c15kpxnn2p2o

There’s a curious and unsourced line at the end of the BBC article: “JLR is currently taking the lead on support for its own supply chain, rather than any state intervention.”

If so, why are suppliers laying off staff and calling for government intervention?

Kevin Beaumont (@[email protected])

Attached: 1 image One awkward element to all of this is the UK Prime Minister launched his growth strategy, with the banner Securing Our Future, at Jaguar Land Rover. It was supposed to be how AI and automation would secure the UK economy. Edit: thread broke, it continues here: https://cyberplace.social/@GossiTheDog/115252536089032550

Cyberplace

Jaguar Land Rover have no cyber insurance https://www.theinsurer.com/cyber-risk/news/exclusive-jaguar-land-rover-failed-to-secure-cyber-insurance-deal-ahead-of-2025-09-23/

Exclusive: Jaguar Land Rover failed to secure cyber insurance deal ahead of incident, sources say

Jaguar Land Rover failed to finalise a cyber placement brokered by Lockton ahead of the incident that halted the British carmaker's production, three senior cyber insurance market sources told The Insurer.

Kevin Beaumont Sep 23, 2025

Peter Kyle and Chris McDonald met JLR’s CEO and senior executives at its Gaydon headquarters to discuss latest situation.
https://www.gov.uk/government/news/ministers-meet-jlr-bosses-and-supply-chain-companies-to-help-secure-future-of-car-industry

Ministers meet JLR bosses and supply chain companies to help secure future of car industry

Peter Kyle and Chris McDonald met JLR’s CEO and senior executives at its Gaydon headquarters to discuss latest situation.

GOV.UK

Kevin Beaumont Sep 24, 2025

Robert Peston, who was the first to report on the government's bailout of banks in the 2008 financial crisis, reports the UK government is considering bailing out JLR's suppliers by effectively becoming the lender of last resort - by buying parts off suppliers, and then reselling them to Jaguar Land Rover.

In effect the UK government will become JLR's supplier's customer.

https://www.itv.com/news/2025-09-24/how-the-government-plans-to-support-jaguar-land-rover-suppliers

Kevin Beaumont Sep 24, 2025

If anybody is wondering, I took a tour of JLR's network border last night - everything is still offline, except for https://wslx.jlrext.com/ (single factor login), some routers running SSH to the internet, NTP and Fortigate firewalls with open ports to internet.

Kevin Beaumont Sep 24, 2025

The BBC reports “Senior government figures are concerned about a pattern of cyber attacks on UK institutions and businesses, such as the British Library, Marks & Spencer, and the Co-op.”

They should be. We’ve got to collectively work together to defuse the ransomware economy - even if that means repositioning security industry incentives.

We’ve also got to be deeply honest about where the challenges are coming from - which is not just Russia, but at home in the UK.

https://www.bbc.com/news/articles/c62nv0xx32go

Jaguar Land Rover: Government mulls financial support for supply chain firms

Fears are growing that some of the carmaker's suppliers could go bust without support.

Kevin Beaumont Sep 25, 2025

The FT has figured out JLR have no insurance.

I'm not sure they'll take the full cost of recovery though - since the government is likely bailing out their key suppliers.

https://www.ft.com/content/c301e78a-38e7-4818-b367-14af85130c61

Client Challenge

Kevin Beaumont Sep 25, 2025

For those who haven't been following JLR in detail, key chain of events:

1) JLR outsource key IT and infosec functions to TCS, approved by 1x director and 2x NEDs on both JLR and TCS boards

2) JLR transfer staff by TUPE to TCS

3) TCS lay off transferred UK staff, including cyber risk and governance and cyber monitoring

4) record profits for a decade

5) got hacked

6) company stops functioning

7) get government to bail out their key suppliers (in progress)

Kevin Beaumont Sep 26, 2025

JLR have some of its IT systems back online. Production is still halted. https://www.bbc.com/news/articles/c0q75q4l87no

I can’t see anything internet facing back online. Looks like they have bits of SAP back for supplier payment of historic orders.

Jaguar Land Rover restarts some IT systems after cyber-attack

The carmaker says it is working through a backlog of payments as its IT systems come back online.

Kevin Beaumont Sep 26, 2025

If you’re wondering how JLR’s parent company, Tata Motors, is getting on - share price is up over the month. Investors don’t really care that a large part of the org shut down as they know the UK taxpayer will prop it up.

Kevin Beaumont Sep 26, 2025

The Chair of the Business and Trade Committee, Liam Byrne MP, has today written to TCS asking probing questions about the attacks on Co-op, Marks and Spencer and Jaguar Land Rover. https://committees.parliament.uk/publications/49627/documents/264574/default/

Kevin Beaumont Sep 26, 2025

Personally I think the UK is going to be one to watch now, as if I was an e-crime threat actor - I’d zero in on the UK.

Orgs have shown they will pay, teens getting in and poor MSPs shows poor security practices, the NCA won’t tell the ICO (data regulator) too around what actually happened, and the government will bail out orgs financially and provide IR help while they recover.

It’s all of the wrong messages being broadcast. Strap in.

Kevin Beaumont Sep 26, 2025

If you look at the NCSC UK too, their remit is to help make the UK the safest place to do business..

but if you look at the general output lately, it’s quantum stuff and firewall espionage stuff. They’re good people but it feels too close to GCHQ, and so too far removed from the operational reality on the ground.

Kevin Beaumont Sep 26, 2025

My view - saying the recent incidents should be a wake up call isn’t moving the needle enough in business.

So a lever is, if JLR need bailing out, put the PM on TV to announce it, explain why and the context of attacks on UK institutions, and announce paying all extortion attempts will be outlawed by the end of parliament. It would send shockwaves through business and force real resiliency planning.

Kevin Beaumont Sep 27, 2025

The Times (paywalled) reports JLR plan to restart some production in just over a week - "puts suppliers on notice for production at its Wolverhampton engine works to resume on October 6".

The prior update was production suspended until October 1st, so I imagine that is slipping.

Kevin Beaumont Sep 27

Government to guarantee £1.5bn loan to Jaguar Land Rover directly https://www.bbc.com/news/articles/cgl15ykerlro

Government to guarantee £1.5bn Jaguar Land Rover loan after cyber shutdown

Ministers hope the loan, from a commercial bank and underwritten by the government, will give certainty to suppliers.

Kevin Beaumont Sep 27

There’s a bit on TCS outsourcing of key roles at JLR here. https://www.telegraph.co.uk/business/2025/09/26/suspected-weak-link-in-jaguar-land-rover-ms-hacks/

Kevin Beaumont Sep 29

Jaguar Land Rover has sought £2 billion in emergency funding from global banks as the carmaker tries to ease the financial strain of cyber incident.

The funding is separate from a £1.5 billion loan, provided by a commercial bank and guaranteed by UK Export Finance, that the carmaker will repay over five years.

https://www.bloomberg.com/news/articles/2025-09-29/jaguar-land-rover-seeks-2-billion-emergency-funds-et-says

Kevin Beaumont Sep 29

MPs are now saying Jaguar Land Rover may need more government invention on top of the existing £1.5bn help https://www.bbc.com/news/articles/c62zggj69e0o

Jaguar Land Rover may need more government help, MP says

Liam Byrne spoke after the government announced it was backing a £1.5bn loan to the company, and warned cyber-attacks could become more common.

Kevin Beaumont Sep 29

Kevin Beaumont Sep 29

JLR say "some sections" of their manufacturing will restart in the coming days. Network border all still offline, btw.

Kevin Beaumont Sep 29

Obviously, it's going to be interesting to see the long term implications of all of this.

The next time there's a big ransomware incident in the UK (and there will be, as there's no real plan about how to deal with it), there's going to be calls for government financial intervention (via taxpayers) and NCSC to do incident response etc. Cyber resiliency for board = demand support when IT goes wrong.

Ben Stewart Sep 29

@GossiTheDog Prime example of how to profit off of failure by doing literally nothing.

"How do I fail up?"
"Just wait"

eddy berthier Sep 29

@GossiTheDog too big to care in one headline 😔

@GossiTheDog Galaxy brain move from Tata

Alastair Temple Sep 29

@GossiTheDog at that point we are getting close to nominal value aren't we? They won't but it feels like getting close to emergency nationalisation territory (or at least "healthy chunk of shares with voting rights in exchange for the low interest loans and guarantees").

Dudula the Dud Sep 27

@GossiTheDog why do they get the money when JLR are owned by an Indian company? Especially when you remember they were abandoned by the government when they were owned by the British.

Adrian Sanabria Sep 28

@BackFromTheDud @GossiTheDog probably because they’re one of the largest employers in the UK

@GossiTheDog Oh good, with their profits from last quarter they can pay it off now!

Matt Palmer Sep 27

@GossiTheDog "loan money to JLR to protect the employees of their suppliers" is absolute galaxy brain thinking.

lambtor Sep 26, 2025

@GossiTheDog surely some kind of insurance coverage could be a requirement for these organizations? they don't want to spend on their own infrastructure, they can pay higher premiums.

Matt Palmer Sep 26, 2025

@lambtor insurance can only work if insurers can accurately assess and price risk. In an environment where the hazards are so dynamic, context-dependent, and adaptive to controls, that assessment and pricing is extremely difficult, hence why insurance has not, thus far, been a useful tool in managing information security risks.

Hashbangperl Sep 28

@womble @lambtor @GossiTheDog "too big to fail" is the insurance. Like the old saying about when you borrow enough money its the banks problem, if you employ enough people or have enough peoples pensions invested in you, failure becomes the government's problem, not the board's.

AnneH Sep 26, 2025

@GossiTheDog What @ciaranmartin called "low-hanging fruit".

Ollie Whitehouse Sep 26, 2025

@GossiTheDog we have also recently released (last week) a buyers guide for external attack surface management - https://www.ncsc.gov.uk/blog-post/easm-buyers-guide-now-available - d

we also continue to push forward on Share & Defend too etc.

all of which are intended to protect the many and reduce the easy wins.

EASM buyer's guide now available

How to choose an external attack surface management (EASM) tool that’s right for your organisation.

Dr. Christopher Kunz Sep 26, 2025

@GossiTheDog And then there's this, too. Shareholders don't give a damn if your products take down whole airports.

Simon Zerafa Sep 26, 2025

@christopherkunz @GossiTheDog

Probably payes for companies to buy back their shares in a crisis, to prop up the share price.

They see it as a better return on investment than actual cyber security.

Fritz Adalis Sep 26, 2025

@christopherkunz @GossiTheDog
Or stock price isn't rational and people aren't selling off because they don't own stock in airports or JLR.

crabbypup Sep 26, 2025

@christopherkunz @GossiTheDog

RTX is formerly known as Raytheon.

I doubt a few airports getting hacked even registers on the bulletin board of a defense contractor that is selling missiles hand over fist.

Dr. Christopher Kunz Sep 26, 2025

@crabbypup @GossiTheDog They said so themselves in their SEC filing: "No material effect on our business". Still, Collins is 1/3 of RTX total revenue stream, according to their 2024 annual report. So it's not nothing if this part of their corporation goes down the drain.
If I were an airport operator anywhere in the world, I'd look _very closely_ at how Collins handle this.

Peter Bindels Sep 25, 2025

@GossiTheDog so outsource all the liability and then you can just get the government to bail you out when shit does happen, while all the shareholders and directors get paid big bucks for "saving money".

Got it.

Mark Mason Sep 25, 2025

@GossiTheDog bonus culture in action.

@GossiTheDog given the shared ownership I hope the execs involved get charged with fraud along with whatever is appropriate for their obvious neglect of fiduciary duty

Mike Spooner Sep 25, 2025

@GossiTheDog I guess the obvious question is "how many of said suppliers were spun-off from JLR back in the day?"

Steve Scott Sep 25, 2025

@GossiTheDog on the plus side, how many wankpanzers are we keeping off the streets?...

James_inthe_box Sep 24, 2025

@GossiTheDog Ban cryptocurrency, problem practically solved.

Marcus Adams Sep 25, 2025

@james_inthe_box @GossiTheDog Nah they'll just demand gift cards or prepaid debit card numbers or something instead. These businesses are already not dealing in crypto until they get ransomed and malware/hacking is already illegal yet it still takes place.

GavG Sep 24, 2025

@GossiTheDog time to externally regulate software dev?

Beyond PCI and industry specific regulations etc, it's a Wild West 🤠 you can't legally shake your doormat in the street after 8am, but any chum with a magic picture box can roll out a Web app with more security holes than the punch cards it was written on 🤪

Self-regulation continues to fail, sadly, much to the chagrin of proponents like Uncle Bob. I'm surprised that the breached masses aren't marching in demand for it quite frankly 🤔

Msb Sep 25, 2025

@Gavv @GossiTheDog
I think a great approach to this would be for governments to implement purchasing standards and contractual liabilities for suppliers that override software EULA terms.

TheTomas Sep 25, 2025

@GossiTheDog Oh, the true costs are coming to light of the holy trinity of Microsoft Office, Windows, and Active Directory, with the cloud as the catalyst.

Noah Bailey Sep 24, 2025

@GossiTheDog We appreciate your ongoing coverage!

@GossiTheDog Never ceases to amaze me how huge orgs fail primary school level infosec so often

Cali Sep 23, 2025

@GossiTheDog @mastoreaderio unroll

sam Sep 23, 2025

@[email protected] Oh nooooo. Decisions were made at that company…

@GossiTheDog big oof!

Matt Palmer Sep 23, 2025

@GossiTheDog there has never been a more appropriate time to deploy the sad trombone...

gom Sep 23, 2025

@GossiTheDog
Well, the contracts of the insurers are written in a way, that they are not going to pay, if the IT is a screwed up mess.

nandezzz Sep 23, 2025

@GossiTheDog I don’t understand how that’s even possible.. I mean.. I know how it’s possible - you just don’t buy the insurance but I don’t understand how JLR could have a CTO/CIO who thought that was a sensible play! There’s only two of us at my business.. even we have cyberinsurance..

TheTomas Sep 23, 2025

@GossiTheDog *sigh* insurances dont contribute to your BCM. Ja maybe they'll pay later, maybe not..

Alameals Sep 23, 2025

I'm Liverpool based so have neighbours and friends who work there and they are still seeing this as just some time off, I don't think they realise this genuinely could lead to job cuts across all roles, it's going to impact them financially for a long time