A Grand Slam Victory!

Jan 18, 2025

3 MIN READ

Joyce Wu (center) and her team in the award ceremony

Recently, Ford China won top honors at the 2024 Connectivity Cyber and Data Security Campaign organized by the Shanghai Communications Administration, taking home the Role Model Enterprise Award and the Best Defense Team Award in the connectivity cyber security practical attack-and-defense drill (connectivity system platform and real car) and becoming one of only three companies to achieve a “grand slam”. Additionally, Joyce Wu, Senior Manager Cyber and Data Safety from Ford's Enterprise Technology team was honored as the 2024 Excellence Individual in this Cyber and Data Security Campaign.

The Connectivity Campaign focuses on fostering critical components and cutting-edge developments in connectivity cyber and data security, rigorously evaluating enterprises on security management systems, technical protection capabilities, emergency response mechanisms, and practical attack-and-defense strategies. This Campaign aims to accelerate higher standards for safety and stability across the connectivity industry.

Upon receiving this task, Ford Data Security & Compliance Committee (DSCC) jointed formed by Data Security & Compliance team and the OGC team acted quickly to break down the tasks and outlined a comprehensive response. Over nine months, the DSCC team actively participated in a series of training sessions and collaborated with multiple teams such as ET, OGC, GA, and EVD to deliver high-quality results on time, earning high praise from the Shanghai Communications Administration and winning three major awards, along with an excellence individual accolade.

To enhance system norms, Ford China established and refined more than 50 connectivity and data security management mechanisms, policies, and hierarchical management systems. Since 2021, the DSCC team has been proactively developing data security and personal information protection policies and frameworks to ensure compliance with China’s laws and regulations.

Regarding connectivity platform security, the team successfully completed cyber security multiple protection rating and filing for the 2024 Ford CCD and the MMOTA, achieving 100% compliance across all evaluations. Moreover, issues identified in risk assessments, such as penetration testing and vulnerability scanning, were promptly addressed and fixed by relevant teams.

For the first time, the EVD team also planned and successfully implemented an emergency drill for the connectivity cloud platform. The drill precisely targeted two key risk points, "application layer attacks" and "data information leaks", simulating real-world scenarios such as an intrusion and information leakage – prompting teams to collaborate closely to enhance their emergency response skills. This not only comprehensively tested the crisis response capabilities of various teams, but also validated the scientific effectiveness, practicality, and execution of the company "Cyber and Data Security Incidents Emergency Response Plan" issued by DSCC early time in 2024.

As for vehicle and application security testing, Ford China actively cooperated with joint ventures to conduct security tests on multiple models of vehicles and OTA systems, establishing a full lifecycle security management mechanism for the FordPass and Lincoln Way Apps to ensure vehicle and application safety.

In data security management, Ford China identified and mitigated three key security risks and protection vulnerabilities during the 2024 data security risk assessment, significantly enhancing its data security protection. For cross-border transfer of data, Ford China completed internal reviews and reported to the Shanghai Communications Administration to ensure safety and compliance.

Notably, during the intensive attack-and-defense drill, Ford China, serving as the defending blue team, delivered exceptional performance in both the connectivity platform and real car tracks.

To better prepare for the drill, information security experts from Ford China’s ET teams quickly established an efficient, collaborative command system during the planning phase. They conducted a comprehensive review of enterprise and product assets, resolved over 100 vulnerabilities, and meticulously developed drill plans while also providing security awareness trainings and conducting emergency plan drills.

During the five-day, 12-hour-a-day drill, the Ford China team faced fierce attacks from red teams. Ford China organized a 95-member emergency response team to stand by 24/7, leveraging its advanced technology platforms to successfully repel multiple attacks. The team blocked over 300 attack IPs and submitted several effective defense reports, demonstrating their strong defensive capabilities and adaptability.

Click to Enlarge

Ford China wins Role Model Enterprise Award and the Best Defense Team Award
Click to Enlarge

Ford China wins Role Model Enterprise Award and the Best Defense Team Award
Click to Enlarge

Ford China wins Role Model Enterprise Award and the Best Defense Team Award

1/2

The vehicle portion of the drills encompassed both real car testing and real car attack-and-defense scenarios. Real car testing involved rigorous inspections of data security and network safety, conducted in accordance with multiple national standards. Real car attack-and-defense simulations also featured intense red-blue confrontations, where over 20 red teams from all walks of life conducted high-intensity online and offline cyber security attacks against the blue team's inspected vehicles.

Ford China's stellar performance in this connectivity campaign not only powerfully demonstrates the company's technical strengths but also underscores its active role in advancing and contributing to the field of connectivity cyber and data security. Looking ahead, Ford China will continue its commitment to the sector by sustaining R&D investment, exploring cutting-edge technology applications, and creating a safer, more secure connectivity environment for users.