OTTAWA – Canadian auto dealers, whose sales of high-tech vehicles may be hampered by safety concerns linked to hacking and computer viruses, are being assisted by a new university cyber-protection unit allied to parts makers.
The SHIELD Automotive Cybersecurity Centre of Excellence is based at the University of Windsor, just across the Detroit River, and will work with Canada’s Automotive Parts Manufacturing Assn. (APMA), with which it has signed a memorandum of understanding.
The center will distribute knowledge about reducing cyber-vulnerabilities within autos and their components among manufacturers, researchers and motorists – with plans to offer consultation and test services to small and medium-sized Canadian companies.
It will spread information through open-access publications and public webinars. And it will develop training programs for parts and auto-making employees, while ensuring the latest cybersecurity knowledge is added into continuing education courses.
The center’s co-founders and co-directors are Mitra Mirhassani, of the university’s electrical and computer engineering department, and Ikjot Saini, of its computer science school. In a note, they stress that modern vehicles have more than 100 million lines of computer coding and 20 sensors transmitting wireless data, so cyberattack vulnerabilities for increasingly autonomous vehicles are profound.
Unlike other technologies with links to electronic networks such as smartphones and smart appliances, physical accidents can happen if smart automobile systems are compromised through hacking or computer viruses, and these can cause real market damage.
“Cybersecurity is going to be the new safety,” Saini (pictured below, left) tells Wards.
And considering so many partners are involved in making sure navigational automobile systems are not compromised – from parts makers, to assemblers, network operators, to administrators, parking managers and motorists – “The supply chain needs to be built on global trust,” she says. “The objective has to be to reduce the risk,” from components to system architecture.
The center’s work will dovetail with that of the APMA Institute of Automotive Cybersecurity, which was launched in May 2020 by the parts association and Toronto-based cybersecurity company CloudGRC. It aims to help manufacturers by offering cyber-threat and risk assessments, while encouraging the development of new cybersecurity technologies.
A February report from the APMA and accounting network KPMG said building auto-sector cybersecurity capacity was essential within the Canadian auto sector. The sector needs to recruit cybersecurity specialists “to understand and address a company’s digital vulnerabilities,” with boardroom concern being translated into action, and – crucially – investment.
Cybersecurity “has many faces in today's automotive industry and poses significant risks if left unchecked," says Flavio Volpe, APMA president. “Companies must safeguard their products, operations and systems no matter the type of components, parts, systems and assemblies they produce.”
Tom Schnekenburger, University of Windsor data and mobility science project manager, welcomes APMA’s involvement in raising concerns about automotive cybersecurity.
“The APMA has been trying to get the word out,” he says. “If you don’t think about this problem now, the consequences…for the safety of road users could be catastrophic.”
Automated vehicle crashes generate headlines, and their impact can be devastating commercially, he tells Wards.
The issue is certainly of concern to the Canadian government, which released its formal Vehicle Cyber Security Guidance in March 2020. It included technology-neutral and non-prescriptive guidance designed to help manufacturers, dealers and aftermarket services develop, deploy and maintain “cyber-resilient vehicle technologies and reduce the likelihood of cyberattacks against vehicle systems.”
In particular, the guidance told Canadian auto sector companies to identify how they will manage cybersecurity risks; protect vehicles and associated systems with security safeguards; be able to detect, monitor and respond to cybersecurity events; and recover from them safely and quickly.
Importantly, it said federal ministry and regulator Transport Canada would use market approval powers under the Motor Vehicle Safety Act to order manufacturers to act “where a defect in the vehicle’s cyberphysical systems could lead to safety issues.”
And one important development for manufacturers, dealers and parts makers alike, in Canada and elsewhere, is that international cybersecurity standards are coming. The International Organization for Standardization is expected to release ISO21434 on auto cybersecurity in June. And the UN World Forum for the Harmonization of Vehicle Regulations has been developing rules. These should become the standard in European Union, Japan and South Korea and hence influential in Canada and the U.S.
For a small market with a big auto industry such as Canada, cross-border rules on auto cybersecurity and related operations really matter, given the amount of movement between the U.S. and Canada. The question of autonomous “vehicles in Canada – how do they behave in the U.S.A.?” is a critical one for auto sellers, Saini says.
