APMA’s Institute for Automotive Cybersecurity and KPMG in Canada help suppliers close cybersecurity gaps
At a time when the automotive industry is increasingly focused on connected cars and information services, less than half (42 per cent) of Canadian auto parts manufacturers recognize how today's vehicles are potential hotbeds for cyber security threats, finds a new report by the Automotive Parts Manufacturers' Association's (APMA) Institute of Automotive Cybersecurity (apmaIAC) and KPMG in Canada.
The joint apmaIAC / KPMG report, Canadian automotive cyber preparedness survey, finds that many auto parts suppliers have yet to embrace the elements of security, privacy, and cyber safety in their operations because they feel their individual product offering is not technologically advanced. Yet, today's vehicles are micro-communities in themselves with vehicle-to-everything technology. And, cyber threats also extend to the manufacturers themselves and they need to guard all parts of their operations including supply chain systems, the hardware and software facilitating manufacturing equipment, robotics, customer channels, and back-office operations from attacks.
"Cyber has many faces in today's automotive industry and pose significant risks if left unchecked," says Flavio Volpe, president, APMA. "The reality is that now, more than at any other time in manufacturing, companies must safeguard their products, operations, and systems no matter the type of components, parts, systems, and assemblies they produce."
The report notes automobile original equipment manufacturers (OEMs) and their suppliers in Canada need to prepare for several domestic and international vehicle cybersecurity-related regulations – from Transport Canada's Vehicle Cyber Guidance to the Working Party (WP) 29 United Nations Economic Commission for Europe (UNECE) World Forum for Harmonization of Vehicle Regulations. The U.N. regulation, for example, will require companies to document how they will prevent specific kinds of incidents, report information on cyberattacks and inform authorities at least once a year on whether their cybersecurity measures have been effective.
As well, the forthcoming IS021434 Road Vehicles Cybersecurity Engineering standard has set cybersecurity risk management requirements for road vehicle systems, components, and interfaces throughout all stages of their development from engineering, production, operation and maintenance to decommissioning, the report says.
OEMs are holding suppliers at every tier more responsible for protecting their contributions to the supply chain, underscoring the urgency to shift the mindset on cybersecurity, the report says.
"Building a cyber secure culture means keeping security awareness top of mind for all individuals in the organization – not just IT," says KPMG's John Heaton, partner, cybersecurity services. "Every company – no matter the product - has cyber 'digital crown jewels' that must be secured. Companies at every link in the supply chain must identify and protect these and ensure the partners they share data with are taking the same steps."
Closing the cybersecurity gap
The report highlights six key considerations to help the industry close its cybersecurity gaps and embed cyber governance throughout the organization:
The Automotive Parts Manufacturer's Association (APMA) is Canada's national association representing OEM producers of parts, equipment, tools, supplies, advanced technology, and services for the worldwide automotive industry. The Association was founded in 1952 and its members account for 90% of independent parts production in Canada. In 2018, automotive parts shipments were over $35 Billion, and the industry employment level was over 100,000 people. https://www.apma.ca.
About APMA's Institute of Automotive Cybersecurity
Automotive Parts Manufacturers' Association (APMA) of Canada and Vehiqilla Inc. launched the APMA Institute of Automotive Cybersecurity (apmaIAC). The institute will assist in providing guidance and best practices to Canadian automotive parts manufacturers, helping support the privacy/safety/security culture. The apmaIAC will focus on the following four areas: Governance, Assessments, Education and Technology. https://apmaiac.ca.
About KPMG in Canada
KPMG LLP, a limited liability partnership, is a full-service Audit, Tax and Advisory firm owned and operated by Canadians. For over 150 years, our professionals have provided consulting, accounting, auditing, and tax services to Canadians, inspiring confidence, empowering change, and driving innovation. Guided by our core values of Integrity, Excellence, Courage, Together, For Better, KPMG employs nearly 8,000 people in over 40 locations across Canada, serving private- and public-sector clients. KPMG is consistently ranked one of Canada's top employers and one of the best places to work in the country.
The firm is established under the laws of Ontario and is a member of KPMG's global organization of independent member firms affiliated with KPMG International, a private English company limited by guarantee. Each KPMG firm is a legally distinct and separate entity and describes itself as such. For more information, see home.kpmg/ca.
For media inquiries:
Automotive Parts and Manufacturers' Association of Canada
Caroline Van Hasselt
KPMG in Canada
© 2021 KPMG LLP, an Ontario limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.