Friday, March 20, 2026
Cybersecurity at Volvo: an integrated approach to IT/OT convergence
RESTOREANSWER
Cybersecurity and IT/OT convergence: Volvo's lessons for a safer future
In a world where information technology (IT) and operational technology (OT) are converging, Volvo illustrates the importance of a strategic approach to securing its infrastructure and protecting its industrial operations. On the occasion of Lyon Cyber ExpoBastien Laforêt, head of the Digital Quality and Operations division, shared his vision of best practices, the risks associated with IoT and methods for cultivating cyber resilience within large industrial groups.
The Volvo Group: a global leader facing digital challenges
With 104,000 employees distributed in 18 countriesVolvo is much more than a truck manufacturer. Its French plants, such as those in Bourg-en-Bresse and Vénissieux, play a crucial role, particularly in electromobility. However, this globalization makes the group vulnerable to targeted cyberattacks. Bastien Laforêt points out that the convergence of IT and OT complicates the security of assembly lines, as each plant has its own specific characteristics.
The Target example: an attack that sets a precedent.
To illustrate the risks, the conference detailed the attack that occurred at Target in 2013, hackers exploited a vulnerability at an air conditioning supplier. By penetrating the network, they compromised the payment terminals of 1,900 stores, stealing banking data from 110 million customersThis attack demonstrates that the security of an ecosystem also depends on the vigilance of external partners.
The three pillars of cybersecurity at Volvo
- Security by Design At Volvo, every system, whether old or new, is integrated into a safety strategy from the design stage. Obsolete equipment is isolated in "protective bubbles." The goal is to ensure its operation while minimizing risks.
- A culture of heightened vigilance: Volvo is focusing on fun training methods to raise employee awareness of cybersecurity risks. For factory workers, simplified educational initiatives aim to reinforce good habits, such as avoiding connecting personal devices to industrial systems.
- A governance structure based on three lines of defense:
- Operational : real-time vulnerability monitoring.
- Governance : development of common rules, such as the adoption of NIS2 standards.
- Audit : rigorous control to ensure the application of security protocols.
The challenges of tomorrow: resilience at the heart of the strategy
Cyberattacks are constantly evolving, and Volvo knows it. By working on a complete map of its connected equipment and integrating standards like the standard IEC 62-443The group demonstrates that protection alone is not enough: it is essential to anticipate and react quickly. To achieve this, Volvo combines digital tools, strong collaboration between IT and OT teams, and partnerships with external cybersecurity experts.
Conclusion: protect without slowing down production
At Volvo, cybersecurity is not an option. It is essential for protecting customers, ensuring business continuity, and maintaining partner trust. This conference serves as a reminder that investing in cybersecurity, even for SMEs, is now a strategic imperative.