Less than half (42 per cent) of Canadian auto parts manufacturers recognize that today’s vehicles are potentially prime targets for cyber threats and attacks, according to a new report by the Automotive Parts Manufacturers’ Association’s (APMA) Institute of Automotive Cybersecurity (apmaIAC) and KPMG in Canada.
The report, Canadian automotive cyber preparedness, found that many OEM suppliers have yet to embrace elements of security, privacy, and cyber security in their operations. Cyber threats also extend to OEMs, and they will need to guard all parts of their operations — including supply chains, hardware and software for facilitating manufacturing equipment, robotics, customer channels, and back-office operations.
“Cyber has many faces in today’s automotive industry and pose significant risks if left unchecked,” said Flavio Volpe, President of APMA. “The reality is that now, more than at any other time in manufacturing, companies must safeguard their products, operations, and systems no matter the type of components, parts, systems, and assemblies they produce.”
The report also indicates that OEMs and their suppliers in Canada need to prepare for domestic and international vehicle cybersecurity-related regulations from areas like Transport Canada’s Vehicle Cyber Guidance and the United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations.
That last regulation from the U.N. requires that companies document how they intend to prevent specific types of incidents, as well as report information on cyberattacks and inform authorities at least once a year on whether their measures have been effective.
“Building a cyber secure culture means keeping security awareness top-of-mind for all individuals in the organization — not just IT,” said KPMG’s John Heaton, Partner, Cybersecurity Services. “Every company — no matter the product — has cyber ‘digital crown jewels’ that must be secured. Companies at every link in the supply chain must identify and protect these and ensure the partners they share data with are taking the same steps.”
The report highlights several key areas of consideration, including embracing a new cyber culture, identifying a cyber leader in the company/organization, understanding your company’s “crown jewels,” looking beyond IT for solutions, and taking action rather than waiting for something to happen.
Source: KPMG in Canada/ APMA’s Institute of Automotive Cybersecurity.
