The Automotive Parts Manufacturers’ Association and CloudGRC Inc. have launched the APMA Institute of Automotive Cybersecurity in response to companies doing more work from home during the COVID-19 pandemic.
The AMPA, which represents hundreds of autoparts suppliers in Canada, said in a statement that working remotely and from home has increased the risk of cyberattacks.
According to a recent Statistics Canada report, the number of Canadians working remotely has increased to 40 per cent, up from the 10 per cent of the workforce that did so before the novel coronavirus forced provincial governments to encourage people to work from home, if they could, and enact strict social distancing measures.
APMA President Flavio Volpe said getting some in the industry “to talk cybersecurity is like pushing rope in the best of times.” The COVID-19 pandemic has only heightened the risk and highlighted shortcomings.
“If you wait until the torpedo hits your boat to learn to swim, don’t say we didn’t warn you,” he said.
The APMA said that “a comprehensive cyber governance approach is an integral component of ensuring that the supply chain of the Canadian automotive sector is secure and critical data assets protected.”
The new APMA Institute of Automotive Cybersecurity will offer complimentary cyber assessments to Canadian automotive suppliers.
The institutes three main objectives are:
- to enhance the cyber skills of the automotive industry;
- to enhance manufacturing organizations to understand their cyber risk by carrying out threat and risk assessments;
- and to encourage new technologies to secure and protect the future of mobility.
“Manufacturing, smart cities and transportation are all areas that need to address, manage, and mitigate cyber risk during this new era of mobility that is transforming our lives,” the APMA said in its statement.
Building on the APMA CyberKit 1.0, launched in November 2019, the institute will take companies through the various building blocks of cyber governance, such as organization structure, policies and procedures, threat assessments and remediation analysis, cybersecurity awareness, incident response and cyber insurance.