Musk said this person had conducted “quite extensive and damaging sabotage” to the company’s operations, including by changing code to an internal product and exporting data to outsiders.
In 2016, after a SpaceX rocket exploded while being fueled up before an engine test, Musk and SpaceX COO and President Gwynne Shotwell also looked into the possibility of sabotage.
Commenting on this news is Bill Evans, Director at One Identity:
“What do the numbers 17.95 and 4.84 have in common? I’ll tell you. Tesla stock has dropped $17.95 today which equates to 4.84% of the company’s value (and it’s only 10:30 AM ET). This is on the heels of Elon Musk’s email extolling the damage being done by an insider with perhaps too much access.
If ever there has been proof of the need for better cybersecurity, this is it. It appears that even Tesla has not completely solved this challenge. To be clear, the challenge as laid out here likely lives in two areas – first, access governance. Access governance is ensuring the right people have access to only the right stuff at the right time. By ensuring those that create code can’t also insert this code into production environments, organizations can limit their risk and exposure. Second is privileged access management (PAM). PAM is making sure that an organization can control, audit and secure those individuals with elevated or admin access.
While it’s impossible to determine exactly what happened at Tesla, smart organizations have already deployed access governance and privileged access management to help mitigate cyber risk.”