As of today the wargames are played in the cyberspace: the attacker (an individual or, more often, an organization) applies his effort to drill the defense countermeasures of the defender.
To have success the attacker has to win just once, the defender must win always.
In the automotive industry the fear to be drilled is continuously increasing at OEM side.
The component/system suppliers must therefore adhere to very high demanding cybersecurity standards to comply with the requested levels of security.
Many Security Information Management Systems (ISMS) standards and rules are then born (European + German, American, Japanese), like ISO27001, ISO21434, TISAX, IEC62443, R155 & 156. And don’ t forget the GDPR.
Though an ISMS can be “corporate”, how big is the effort, in time and cost, to reach such variety of certifications for many plants?
And, this is the question: “is one -or many- certification enough to win the (war)game ?”