Connected cars pose cybersecurity risks not all Canada’s auto parts suppliers see, report says
Share
Share
Less than half (42 per cent) of Canadian auto parts manufacturers recognize how today’s vehicles are potential hotbeds for cybersecurity threats, finds a new report by the Automotive Parts Manufacturers’ Association’s (APMA) Institute of Automotive Cybersecurity (apmaIAC) and KPMG in Canada.
The report, Canadian automotive cyber preparedness, finds that many auto parts suppliers have yet to embrace the elements of security, privacy, and cyber safety in their operations because they feel their individual product offering is not technologically advanced.
Yet, today’s vehicles are micro-communities in themselves with vehicle-to-everything technology. Cyber threats also extend to the manufacturers themselves and they need to guard all parts of their operations including supply chain systems, the hardware and software facilitating manufacturing equipment, robotics, customer channels, and back-office operations from attacks.
“Cyber has many faces in today’s automotive industry and pose significant risks if left unchecked,” says Flavio Volpe, president, APMA. “The reality is that now, more than at any other time in manufacturing, companies must safeguard their products, operations, and systems no matter the type of components, parts, systems, and assemblies they produce.”
The report notes automobile original equipment manufacturers (OEMs) and their suppliers in Canada need to prepare for several domestic and international vehicle cybersecurity-related regulations – from Transport Canada’s Vehicle Cyber Guidance to the United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations. The U.N. regulation, for example, will require companies to document how they will prevent specific kinds of incidents, report information on cyberattacks and inform authorities at least once a year on whether their cybersecurity measures have been effective.
As well, the forthcoming IS021434 Road Vehicles Cybersecurity Engineering standard has set cybersecurity risk management requirements for road vehicle systems, components, and interfaces throughout all stages of their development from engineering, production, operation and maintenance to decommissioning, according to the report.
OEMs reported they are holding suppliers at every tier more responsible for protecting their contributions to the supply chain, underscoring the urgency to shift the mindset on cybersecurity.
“Building a cyber secure culture means keeping security awareness top of mind for all individuals in the organization – not just IT,” says KPMG’s John Heaton, partner, cybersecurity services. “Every company – no matter the product – has cyber ‘digital crown jewels’ that must be secured. Companies at every link in the supply chain must identify and protect these and ensure the partners they share data with are taking the same steps.”
The report highlights six key considerations to help the industry close its cybersecurity gaps and embed cyber governance throughout the organization:
Leave a Reply