Rajiv Pandey, Vice President of Expertise at Tata Motors, is obvious about one factor: cybersecurity is now foundational to the corporate’s innovation agenda. With extra clever and linked autos, Tata Motors has gone far past IT safety to undertake an end-to-end safety method at each stage within the lifecycle.

From AI-led menace detection and Zero Belief structure to world compliance and provide chain monitoring, Tata Motors is placing digital belief into layers all through the corporate; not merely as safety, however as a continued weight for strategic progress.

How has your cybersecurity technique developed in recent times, particularly with the growing digitisation and connectivity of contemporary autos?

Our cybersecurity technique has considerably developed to deal with the rising complexity of contemporary, linked autos. We’ve transitioned from typical perimeter defences to a complete, layered method that comes with safe car platforms, Zero Belief rules, and AI-driven threat mitigation.

Our cybersecurity is now embedded throughout the car lifecycle —from design to decommissioning—making certain encrypted communications, safe over-the-air (OTA) updates, and real-time menace detection. We’ve strengthened governance by board-level oversight and cling strictly to world requirements reminiscent of ISO 27001 and India’s DPDP Act.

Cybersecurity is not a back-end operate—it’s central to how we design, construct, and ship autos, with a multi-layered method to securing the linked car ecosystem and digital operations.

As well as, we repeatedly conduct resilience drills and foster collaboration throughout the Tata ecosystem to proactively handle rising threats. As we speak, cybersecurity is not only a safeguard; it’s a strategic pillar that empowers belief, security, and steady innovation.

Related autos course of huge quantities of information—how are you making certain buyer information privateness and integrity throughout your digital ecosystem?

We’ve embedded privacy-by-design throughout each layer of our linked car ecosystem, making certain that information safety is a foundational precept, not an afterthought. Buyer info is safeguarded by sturdy encryption, granular entry controls, and safe, resilient cloud infrastructure.

The complexity and scale of automotive provide chains pose distinctive cybersecurity challenges, significantly when third-party software program and parts are concerned. Vulnerabilities can emerge from various sources, together with open-source code and {hardware} or software program payments of supplies sourced from a number of suppliers.

Our practices align with world information safety requirements and are totally compliant with India’s DPDP Act. To strengthen accountability, governance is anchored on the board stage, and we conduct rigorous audits of third-party companions to uphold information integrity throughout the worth chain.

In the end, our dedication is obvious: to earn and maintain buyer belief by transparency, uncompromising safety, and accountable information stewardship.

What distinctive cybersecurity challenges do automotive producers face relating to securing the availability chain, significantly with third-party software program and parts?

The complexity and scale of automotive provide chains pose distinctive cybersecurity challenges, significantly when third-party software program and parts are concerned. Vulnerabilities can emerge from various sources, together with open-source code and {hardware} or software program payments of supplies sourced from a number of suppliers.

To handle this, a sturdy cybersecurity interface settlement with provide chain companions is crucial. This features a clear understanding of software program upgrades and patches in response to identified vulnerabilities, making certain that the cybersecurity posture stays efficient and updated all through the car’s service life. Regulatory developments such because the upcoming AIS 189 are aligned with this want, and preparations are underway to make sure compliance and readiness throughout the ecosystem.

How are you navigating and complying with various world information safety and cybersecurity laws, particularly with operations spanning a number of nations and areas?

Tata Motors operates with a global-first mindset, aligning cybersecurity and information safety practices with worldwide requirements reminiscent of GDPR, India’s DPDP Act, ISO 21434, and ISO 27001. Techniques are designed to help consent administration, information localisation, and encrypted cross-border information transfers.

Ongoing audits, robust vendor governance, and board-level oversight assist us guarantee proactive compliance with evolving laws. The main focus stays on sustaining buyer belief and enabling operational agility throughout markets.

What position do AI and automation play in your organisation’s menace detection and incident response framework? Are you experimenting with predictive or self-healing safety fashions?

AI and automation are central to Tata Motors’ cybersecurity technique, supporting real-time menace detection, anomaly evaluation, and automatic incident triage. These instruments scale back false positives and enhance response instances.

Predictive and self-healing safety fashions are presently being piloted, significantly inside linked car platforms and manufacturing environments. These fashions forecast vulnerabilities and allow automated containment and remediation.

To make sure accountable deployment, an AI Threat Governance Board has been established at Tata Motors, with quarterly evaluations targeted on AI threat mitigation. The overarching method is designed to stability innovation with belief, adaptability, and operational resilience.

Might you share a real-world instance of a safety improve or initiative that considerably enhanced resilience in your autos or manufacturing methods?

To reinforce resilience in manufacturing methods, Tata Motors has deployed good sensors, digital historical past playing cards, and on-line Statistical Course of Management (SPC) for real-time monitoring of essential parts. These instruments have strengthened early anomaly detection and enabled immediate responses to potential threats.

On the car aspect, a complete improve {of electrical} and digital (E&E) architectures has been carried out throughout the board to make sure a sturdy gateway.

Tata Motors operates with a global-first mindset, aligning cybersecurity and information safety practices with worldwide requirements reminiscent of GDPR, India’s DPDP Act, ISO 21434, and ISO 27001. Techniques are designed to help consent administration, information localization, and encrypted cross-border information transfers.

In parallel, our cybersecurity method has been strengthened by automated operational expertise (OT) asset discovery and preparation for compliance with world requirements reminiscent of UNR 155/156 and ISO 21434. Collectively, these initiatives have considerably superior resilience throughout each car platforms and manufacturing environments.

What key cybersecurity classes would you share with different CISOs, particularly from industries simply starting their linked expertise journeys?

Drawing from Tata Motors’ expertise in navigating the complexities of linked mobility, the next rules have emerged as essential for any organisation embarking on its cybersecurity journey:

• Safe by design: Cybersecurity have to be embedded from the outset, not handled as a post-deployment addition. Integrating safety into each layer is prime to long-term resilience.
• Zero Belief is crucial: Each system and provider must be secured with strict entry controls and encryption.
• Governance issues: Cybersecurity must be handled as a strategic precedence, anchored in board-level oversight and built-in into enterprise-wide threat frameworks.
• Tradition drives resilience: Investing in coaching and consciousness is essential to creating safety a shared accountability throughout groups. A robust safety tradition ensures that safety is not only technical but additionally behavioural.

aanchalg@cybermedia.co.in