You are currently viewing Deloitte report calls on automotive industry to address growing cybersecurity risk

Deloitte report calls on automotive industry to address growing cybersecurity risk

As cybersecurity incidents involving connected, autonomous, shared and electric vehicles are on the rise, a Deloitte Canada report outlines the risks and outlines a strategy showing industry players how they can meet their responsibilities to ensure an ecosystem of safer mobility

Connected, Autonomous, Shared and Electric (CASE) vehicles open up a whole new world of possibilities for convenient travel and transportation in Canada. But increased connectivity and greater data sharing also brings an increased risk of cybersecurity attacks – a threat that companies in the CASE supply chain must proactively address to protect vehicles and their operators.

This is one of the key messages of a recent Deloitte Canada report titled “Connecting Canada: Securing the Vehicles of the Future”.

“Ensuring that automotive cybersecurity technologies stay well ahead of threat actor tactics will no longer be a choice but an imperative for all companies in the supply chain,” the report states.

Emphasizing that these challenges should not “become a barrier to entry for businesses,” the report details how security measures should be developed and applied as these transportation technologies become more complex and capable of putting private information drivers and control and access to their vehicles in peril.

Mitra Mirhassani, automotive cybersecurity expert, co-director of the SHIELD Automotive Cybersecurity Center of Excellence and associate professor at the University of Windsor, welcomes the results.

“The report actually highlighted many significant issues that currently exist in the automotive sector. [sector]says Mirhassani in an interview with Electric Range Canada.

“When you look at the manufacture of a car, think of it as one big puzzle, with many pieces of software or hardware components from different suppliers… When those pieces [from around the world] are put together, one could cause a small weakness in the functioning of the other or open a new avenue for attacks.

Remote incidents on the rise

The Deloitte report identifies a number of cybersecurity risks for Canadian drivers and fleet operators, ranging from low risks like tampering with car diagnostic data and illegal access to back-end systems, to more serious breaches like GPS surveillance and harassment, and manipulation of acceleration and braking. .

As technology continues to advance in the automotive sector, Deloitte says “physical proximity is no longer necessary for attacks to occur.” In 2021, according to the report, 84% of cyberattacks against vehicles were carried out remotely, and more than 50% of automotive cybersecurity incidents were reported in the past two years.

“It’s important to remember that there are many more cyberattacks that go unreported,” Mirhassani says. “And that’s fine, we shouldn’t announce that we’re under attack…[but] the number of attacks will increase much, much higher.

The Deloitte report echoes Mirhassani’s statement that automotive cyber incidents will continue to rise and cites the reasons as a “fusion of hardware and software components”.

“In many cases, the liability [for these attacks] may be the responsibility of multiple automotive supply chain stakeholders,” the report read.

These stakeholders include government agencies, Tier 1, 2, and 3 vendors, automakers, communications service providers (CSPs), cloud provisioning companies, and intelligent transportation business consumers.

“Strong partnerships, clear delegation of responsibilities, and identification of opportunities to mitigate IT risk will be essential to using the entire ecosystem safely, securely, and with confidence,” says Deloitte.

However, getting stakeholders to take responsibility is easier said than done, says Mirhassani. As a result, she believes it will be a major challenge to ensure that every aspect of a vehicle’s manufacturing process and supply chain is risk-free.

“As a scientist or an engineer, we’re not at the level where we can demand that these safeguards or these protocols be inserted into manufacturing,” Mirhassani says. “We need a closer link with policymakers and regulators with financial and insurance institutions to provide our expertise, and then they need to take that expertise and extend it into something tangible.”

Final Recommendations

Looking to the future, the Deloitte report recommends that all players in the automotive supply chain prioritize “safety by design” to ensure the industry can adapt to the wide range of risks new and emerging cybersecurity solutions without impeding widespread adoption. CASE technology.

The role of regulators and government agencies will be to address cybersecurity standards and their application across the ecosystem.

Currently, the Canadian government is “trying” to integrate global cybersecurity standards into its designs, says Mirhassani, but the problem is that it is not “requiring” that these global standards be implemented (a topic we have covered in more detail in a previous article).

“I feel like we really need to wake up. For example, Europe is ahead of North America in general and we are way behind the United States,” says Mirhassani “It will impact our economy, it will impact our job security and our competitiveness. It’s very easy for [other] countries to say that these programs or these cars coming out of Canada are not safe enough and are just pushing us aside and going to new suppliers.

Deloitte also highlights the importance of integrating cybersecurity measures into fleet asset management and the need for business and technology leaders to consider the risks associated with hyperconnected fleets.

“I’m glad to see that automotive cybersecurity is now taking center stage in vehicle design,” Mirhassani says, but adds that Canada still needs to take cybersecurity more seriously.

“We can’t always rely on what comes from Europe, Asia or the United States,” she says. “We need to develop solutions that are Canadian and for Canadians.

Leave a Reply